Crystal Enterprise and Proxy Servers
It is not the intention at this stage in the book to investigate how Crystal Enterprise can be configured to work with proxy servers in any great detail. This is covered in some depth in the Administrators guide that accompanies Crystal Enterprise. However, some sample Socks configurations will be shown and there will be a brief discussion as to how Crystal Enterprise would operate effectively with each configuration.
Socks settings for each of the Crystal Enterprise servers are defined using the Crystal Configuration Manager (through the Connection tab).
SocksThe WC and WCS
Figure 26.9 illustrates the operation of Socks between the WC and the WCS.
Figure 26.9. Socks configurationWC to WCS.
Given this scenario, the Socks setting through the Crystal Configuration Manager should be the following:
- On WC, specify the Socks server at the WCS Configuration tab.
- On CMS, specify the Socks server at the Connection tab.
Access control rules on the Socks server should be set to something similar to that shown in Table 26.5.
Source | Destination | Port | Action |
---|---|---|---|
WC | WCS | 6401 -requestport | Accept |
Otherwise | Reject |
There are a couple of points worth noting:
- Although the WC connects to WCS, the Socks server information is set up on CMS rather than on WCS. This is because the WCS will obtain the Socks setting from CMS.
- The initialization from WC to WCS port 6401 uses the host name for the WCS in the Socks request. Therefore, the Socks server must be able to resolve the host name for WCS. For example, if the WC and WCS use NetBIOS names and the Socks server is a Unix box that doesn support NetBIOS names, it is necessary to ensure the Socks server can resolve the same name as specified by the WC; that is, by using a local hosts file.
Firewall Configuration: SocksWCS and CMS
Figure 26.10 illustrates the operation of Socks between the WCS and the CMS.
Figure 26.10. Socks configurationWCS to CMS.
In this instance, the Socks setting at Crystal Configuration manager should be the following:
- On WCS, specify the Socks server at the CMS Configuration tab.
- On CMS, specify the Socks server at the Connection tab.
Access control rules on the Socks server should be set to something similar to that shown in Table 26.6.
Source | Destination | Port | Action |
---|---|---|---|
WCS | CMS | 6400 -requestport | Accept |
WCS | Other Enterprise Servers | Default ports -requestports | Accept |
Otherwise | Reject |
Please note that when WCS makes the initial connection to CMS on port 6400, it will pass the host name to the Socks server. Thus, the Socks server must resolve the CMS hostname.
SocksMultiple Crystal Enterprise Servers
Figure 26.11 illustrates the operation of Socks between multiple servers in the Crystal Enterprise environment.
Figure 26.11. Socks configurationmultiple servers.
When multiple Socks servers are deployed in the network, the Crystal Enterprise Socks setup can facilitate the traversal of them. However, due care and attention should be taken in how the Socks servers are placed and traversed. In general, the Crystal Enterprise servers see these Socks servers as a chain, and the setup in the Crystal Console Manager should specify how to traverse them from the outermost to the innermost link.
In this instance, the Socks setting at Crystal Configuration Manager should be the following:
- On WC, specify the Socks server B at the WCS Configuration tab
- On WCS, specify the Socks server A at the CMS Configuration tab
- On WCS, specify the Socks server B at the Connection tab
- On CMS, specify the Socks server B followed by A at the Connection tab
Access control rules on the Socks server should be set to something similar to that shown in Table 26.7.
Source | Destination | Port | Action |
---|---|---|---|
WC | WCS | 6401 -requestport | Accept |
WCS | CMS | 6400 | Accept |
WCS | Other Enterprise Servers | default ports -requestports | Accept |
Otherwise | Reject |
The point to note is that in the IOR for the CMS, the Socks server chain B-A is embedded. However, because the WCS has been configured with a local Socks server B, the program will do a comparison of these two Socks server lists and deduce that WCS only needs to go through A to reach the CMS.
Категории