LiveZilla Live Help

You are here

In-Cloud Security for multi-location Enterprises

SafeSquid has a unique Multi Proxy, or Master-Slave, configuration. If your enterprise requires multiple proxies across its global networks, you can enjoy the convenience of SafeSquid's unique Master-Slave deployment architecture. You just have to set policies on the Master & all the slaves will automatically synchronize themselves, to your policies on the master. You can even create unique policies for any of the slave proxies. Master-Slave configuration can be used in both, a single Gateway scenario to forward all request to the Master server; or in a distributed scenario, with independent Internet connections.

Master-Slave in Single Gateway scenario

Master-Slave in distributed network scenario

Config synchronization allows a 'slave' proxy to match it's configuration to a 'master' proxy, and to update it's configuration automatically when it detects changes made to the master.

Using config synchronization in Safesquid is surprisingly easy.

A Master server can be set up in the normal way you would set up a stand alone server, and the only additional step that needs to be taken is - to ensure every slave proxy is covered by an access rule, which allows it to access the Web interface.

Now, for every slave proxy, while installing SafeSquid, just mention the IP:PORT or FQDN:PORT of the Master server, in the "MASTER =" parameter (option 16/28 in version 4.1.1). This automatically configures the server to 'pull' configuration parameters from the Master server. The synchronization interval can be specified in the SYNCTIME parameter. If this parameter is not modified, or if left blank, SafeSquid selects the default SYNCTIME of 60 seconds

You can also edit the startup.conf (found in /opt/safesquid/safesquid/init.d/ directory) file of an exiting server, and modify the MASTER and SYNCTIME parameter.

There are some additional command line options which you may need to use, they are:

-H - specify the proxy's own hostname, instead of using the one in the configuration file... reason should be obvious, you don't want every proxy having the same hostname, especially when using CARP.
-I - the interval, in seconds, between synchronization attemps with the master.
-L - specify the interface and port to listen for connections on, this is used in addition to the configuration gathered from the master.
-S - a comma-seperated list of section names which are synchronized, when used other sections won't be synchronized.
-E - a comma-seperated list of section names which aren't synchrnozed, when used other sections will be synchronized.

When using config synchronization, you may also specify a configuration file in the command line which is loaded before config synchronization is performed. This is useful if you wish to exclude some sections from being synchronized and load them from a file instead.

The 'Proxy host' option in Profile entries can be used to have separate configuration options for specific slaves.