[squid-users] Centralized Squid - design and implementation
alberto
alberto.furia at gmail.com
Sun Nov 16 15:54:32 UTC 2014
Hello everyone,
first of all thanks to the community of squid for such a great job.
I'm writing because I have to revise the current implementation of squid in
my company so I would like to share with you some design ideas and possibly
have some suggestions from you.
The group I work for has six offices/branches in six different italian
cities and the networking infrastructure is based on a "hub and spoke"
paradgima (ie https://www.checkpoint.com/products/vpn-1_power/images/vpn
-1_pro_oneclick_star.gif) where every branch, the spoke, is part of the
main datacenter, the hub.
Now the cache/forward proxy runs - for each branch - inside the branch
office on a pair of squid nodes balanced by wpad/javascript on ip address
base (even ip/odd ip).
For obvious reasons of maintenance and for other technical reasons we
intend to move the proxy navigation centralizing it to the datacenter hub
on a couple (how many?!) of squid nodes.
I have some questions that I would like to share with you:
1. I would like to leave the solution we are using now (wpad balancing). In
a situation like the one I have described, centralized squid serving the
spokes/branches, which is the best solution for clustering/HA? If one of
the centralized nodes had to "die" I would like client machines not to
remain "hanging" but to continue working on an active node without
disruption. A hierarchy of proxy would be the solution?
2. Bearing in mind that all users will be AD authenticated, which url
filtering/blacklist solution do you suggest?
In the past I have worked a lot with squidguard and dansguardian but now
they don't seem to be the state of the art anymore.
I've been thinking about two different solutions:
2a. To use the native acl squid with the squidblacklist.org lists (
http://www.squidblacklist.org/)
2b. To use urlfilterdb (http://www.urlfilterdb.com/products/overview.html)
3. Which GNU/Linux distro do you suggest me? I was thinking about Debian
Jessie (just frozen) or CentOS7.
Thank you to everyone for reading so far.
Regards,
a.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141116/7022189e/attachment.html>
More information about the squid-users
mailing list