LiveZilla Live Help

You are here

Getting Started

Updated Documentation

Are you looking for the updated documentation for the latest SafeSquid SWG?
Please access the latest documentation at http://docs.safesquid.com

SafeSquid is an RFC 2616 compliant HTTP/1.1 proxy server. You can setup a SafeSquid based Secure Web Gateway to securely distribute Internet to a large number of users. SafeSquid is available to you as an installable software, and runs like a native service on Microsoft® Windows and Linux. Scalability is one big factor that must have attracted you to use SafeSquid. So if you intend setup a cluster farm of SafeSquid Proxy Services, you may want to read more about the Master-Slave configuration, so that you do not have to individually configure each SafeSquid instance, individually.

SafeSquid is SMP-aware so if you need to serve a large number of users, you should use hardware with multiple CPU cores, and ability to use more RAM efficiently.

While the installable packages for both these platforms are different for obvious reasons, the configuration and operation is quite identical. So you can choose platform of your choice, to host SafeSquid Proxy Service. Yes, the advantages of deploying SafeSquid on Linux are overall higher because the Linux operating system is better suited for servers. But then if you are more comfortable with Microsoft® Windows, you can happily deploy on Windows. Migration from either of the platforms to the other is not very difficult, really!

System Requirements

Hardware

Minimally you will require 2GB of RAM and 2 CPU cores. However depending upon the number of users you intend to serve as a thumb rule provision 10MB of RAM per concurrent user and 1 CPU core per 100 users. So a typical quad-core, 8GB RAM system should nicely serve about 500 concurrent users. Currently SafeSquid for Windows is available only as a 32-bit application, so it may not use over 3GB of RAM, however the provisioning of 8GB will ensure resource availability for the operating system’s other functions like DNS, Directory Services, etc.

Using a system with multiple NICs for a secure web gateway is generally a good idea. You could then setup one NIC to communicate with your user network, while the other faces the ISP. Not only this creates an isolation layer between the two networks, your NICs will also perform better.

Windows

Choose any Microsoft® Server platform. If you want your users to enjoy non-interactive SSO based authentication, make sure the server is already a member of your Windows Network Domain.

Linux

SafeSquid SWG for Linux is available only as a 64-bit application. It therefore makes sense to use a 64-bit Linux distribution. You can choose any standard Linux distribution like Ubuntu, SuSe, RedHat, etc. Refer to this list of software and packages that make up the laundry list for system preparation.

Download

You can Download the latest release -

Alternatively you may choose to use SafeSquid Appliance Builder (SAB) that is a customized re-distribution of 64-bit Ubuntu Server.

Get Activation Key

At the end of the installation process you will be required to provide a Product Activation Key. So if don’t already have one, get it now by registering (which is free) and then access your Product Management Dashboard from here.

Installation

The installation process of SafeSquid on either Windows or Linux is quite fast, and should not take more than a few minutes. The entire process is quite interactive with verbose guidance. Check out the installation videos here.

You can also refer to these installation guides for Windows and Linux.

SAB undertakes this process, without your intervention.

Advisories for Standard Installations

SafeSquid® has a very low Total Cost of Ownership, and a very good ROI. In the long term most users prefer to extract more out of the fixed costs, by increasing the derived results. It is therefore recommended to use Hardware that can be scaled for RAM / CPU / NICs.

  • Choose H/W that can scale for RAM / CPU. This will avail you to accommodate more users, over a period of time.
  • Use Hard Disks with good seek / read / write speed. It will reduce latency in case you plan to utilize sizably voluminous content disk-caches.
  • If you expect a large traffic to be handled, it would be a good idea to use a GigaBit NIC. To increase security, or to cater to multiple networks, it would be advisable to use 2 NICs or more.
  • System Configurations that have easily accessible Hardware drivers for Linux are absolutely preferable. This will be also useful, if you plan to increase redundancy by using Clusters.
  • You will surely want to use variety of Log Analyzers (both open and closed open source) available. Use Linux Distributions that have a good support for Web Servers, Perl, PHP, Caching Name Servers, etc.
  • SafeSquid servers shouldn't be requiring x-windows, so basic hardening should be enough.
  • Antivirus will be required to scan content being transported via SafeSquid. Choose vendor that offers ICAP based solution because ClamAV is free. If you prefer to be secured by a commercial vendor go for it.
  • If you have a Microsoft Network, then sooner or later you will want authentication to work from ADS. If you are a large network you'll alternatively want user authentication done from LDAP or RADIUS, or something else, that's available.
  • RPMS are available for most of the software mentioned above, but quite a few are served as raw source codes, and must be compiled on your server. So it's always a good idea to install GCC & G++ on your SafeSquid Server.

Product Activation

Before you can start serving your users, you will have to upload the SafeSquid Product Activation Key. This is quite simple. Read this.

Once you have supplied SafeSquid with the Product Activation Key, it automatically validates presence of essential security components like signatures for virus scanner, url categorization database, SSL certificates, etc. It also automatically updates and makes them available for your use. Refer to this Product Activation guide.

Creating Policies

Most of your real work will be in this area. SafeSquid is popularly chosen because of its ability to very granularly enforce your Internet Access Policies on the Gateway. These policies and other security policies can be configured via SafeSquid’s WebUI.

Refer to SafeSquid documentation for creation of granular policies - Here

Microsoft AD Integration

Integrating SafeSquid on Windows, is really nothing. If you have installed SafeSquid on a Windows Server that is already a member of your Microsoft Network Domain, then to enable SSO based validation of users’ credentials, refer to this.

You must additionally configure the LDAP Section, to ensure application of policies based on a user’s group membership. You may then want to read this.

SAB undertakes this process, without your intervention.

SSL Certificates

If you intend to enforce policies that require HTTPS inspection, you will have to first setup the Trusted Root Certificates, and install them into the browsers of all your users. Refer to this guide.