[Sussex] Reverse proxy servers and HTTPS
Mark Harrison
Mark at ascentium.co.uk
Sat Mar 15 10:07:01 UTC 2003
Thanks to those who helped. I thought it was worth giving a quick update:
The Apache reverse proxy went live yesterday, and is being tested by a few of
the client's staff over the weekend. Assuming that no-one breaks it, it'll go
out to about 100 users next week for more extensive trials, and ultimately about
40,000 by the end of the year. The client, BTW, is the Head Office of one of the
UK's 50 largest companies.
There is still a concern about the use of OpenSource, and I did have to answer
the question "Why is it free?" to the IT Controller responsible for that
particular application.
Given that they're an all-Microsoft shop, they still have valid concerns around
supportability, and thus we've agreed a 2-phase process. We're not running it on
Linux, but on their standard platform - Win2K Advanced Server on "HP Proliant"
rackmount servers.
- Phase 1: Their main intranet site stays with a Microsoft Reverse Proxy,
because they understand how to manage/support that. Their secondary Intranet
site (a new requirement for making live on the Internet) goes live with an
Apache reverse proxy.
- Phase 2: Subject to Apache working, we move to the two reverse proxies both
running Apache, both proxying BOTH sites, and being load-balanced to give them
resilience.
Fortunately, the client's techy staff were very interested in trialling it, and
started chipping in with answers to the "why is it free" question (which, while
they were actually bogus answers, demonstrated that OpenSource is catching on
among techies, even those who DON'T understand it.)
Even more fortunately, the IT Director (the controller's boss) has a very simple
attitude - he doesn't care about the open vs. closed source debate. However, he
has a business problem (making a particular app available securely to some
recently-acquired overseas subsidiaries), and was open to "the most effective
solution from a total cost of ownership perspective".
Regards,
Mark
----- Original Message -----
From: <mph at ascentium.co.uk>
To: <sussex at mailman.lug.org.uk>
Sent: Tuesday, March 11, 2003 4:31 PM
Subject: [Sussex] Reverse proxy servers and HTTPS
> The good news:
>
> I've just persuaded a client to move away from Microsoft Proxy Servers to
> Apache for their reverse proxy requirements.
>
> The not-quite-so-good news:
>
> They still want to run it on Win2k, which is fair enough, since they have lots
> of Microsoft-experienced people around, are not going to get rid of supporting
> Windows, and the cost (INCLUDING SUPPORT) of 31 MS servers is LESS than the
> cost of 30 MS Servers plus 1 Linux server :-)
>
> The oh-dear-what-have-I-got-myself-into news:
>
> About 30 minutes AFTER I had set up Apache and demonstrated their requirement,
> a different team popped up and said "we need a reverse proxy as well - can
this
> do it"? I said "Yes". They said, "How do we deal with HTTPS and Certificates"?
>
> I said "I'll find out" :-)
>
> Any ideas? Dummy URLS that give what I need???
>
> M.
>
> _______________________________________________
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/sussex
More information about the Sussex
mailing list