Crystal Enterprise and Proxy Servers

It is not the intention at this stage in the book to investigate how Crystal Enterprise can be configured to work with proxy servers in any great detail. This is covered in some depth in the Administrators guide that accompanies Crystal Enterprise. However, some sample Socks configurations will be shown and there will be a brief discussion as to how Crystal Enterprise would operate effectively with each configuration.

Socks settings for each of the Crystal Enterprise servers are defined using the Crystal Configuration Manager (through the Connection tab).

SocksThe WC and WCS

Figure 26.9 illustrates the operation of Socks between the WC and the WCS.

Figure 26.9. Socks configurationWC to WCS.

Given this scenario, the Socks setting through the Crystal Configuration Manager should be the following:

Access control rules on the Socks server should be set to something similar to that shown in Table 26.5.

Table 26.5. Socks Configuration (WC to WCS)

Source

Destination

Port

Action

WC

WCS

6401 -requestport

Accept

Otherwise

  

Reject

There are a couple of points worth noting:

Firewall Configuration: SocksWCS and CMS

Figure 26.10 illustrates the operation of Socks between the WCS and the CMS.

Figure 26.10. Socks configurationWCS to CMS.

In this instance, the Socks setting at Crystal Configuration manager should be the following:

Access control rules on the Socks server should be set to something similar to that shown in Table 26.6.

Table 26.6. Socks Configuration (WCS to CMS)

Source

Destination

Port

Action

WCS

CMS

6400 -requestport

Accept

WCS

Other Enterprise Servers

Default ports -requestports

Accept

Otherwise

  

Reject

Please note that when WCS makes the initial connection to CMS on port 6400, it will pass the host name to the Socks server. Thus, the Socks server must resolve the CMS hostname.

SocksMultiple Crystal Enterprise Servers

Figure 26.11 illustrates the operation of Socks between multiple servers in the Crystal Enterprise environment.

Figure 26.11. Socks configurationmultiple servers.

When multiple Socks servers are deployed in the network, the Crystal Enterprise Socks setup can facilitate the traversal of them. However, due care and attention should be taken in how the Socks servers are placed and traversed. In general, the Crystal Enterprise servers see these Socks servers as a chain, and the setup in the Crystal Console Manager should specify how to traverse them from the outermost to the innermost link.

In this instance, the Socks setting at Crystal Configuration Manager should be the following:

Access control rules on the Socks server should be set to something similar to that shown in Table 26.7.

Table 26.7. Socks Configuration (Multiple Servers)

Source

Destination

Port

Action

WC

WCS

6401 -requestport

Accept

WCS

CMS

6400

Accept

WCS

Other Enterprise Servers

default ports -requestports

Accept

Otherwise

  

Reject

The point to note is that in the IOR for the CMS, the Socks server chain B-A is embedded. However, because the WCS has been configured with a local Socks server B, the program will do a comparison of these two Socks server lists and deduce that WCS only needs to go through A to reach the CMS.

Категории