Firewall Wizards mailing list archives
RE: NT Authentication
From: Amirmadhi Foorood <Foorood.Amirmadhi () Columbia net>
Date: Thu, 8 Oct 1998 15:34:10 -0500
Hi, I do not know if there is any scalable, NT-Domain aware, Proxy product out there other than MSProxy or not. I have worked with both Netscape and Microsoft Proxy. If you need performance, stick Netscape Proxy. If you need NT domain feature functionality you better stay with MSProxy. There are interesting futures in MS Proxy such as "Intelligent Dynamic Caching" which is great, and also other usual NT applications "memory leakage" problem. Scalability in MSProxy 2.0 is bases on the Array configuration . But in this type of design, MSProxy would not work with other add-on product that provide internet site control and filtering. This feature seems to have become very attractive in upper management's eyes in large corporations. Assuming average Internet access per proxy-user (I can not find any numerical normalization for it), at least excluding the video streaming, The rule of thumb for scalability figure that I can suggest to you per a typical NT system ( NT 4.0, Pentium Pro 200 MHz, 128 MB Memory, SCSI Disk ) running MSProxy 2.0 is the following. 2000 proxy user for which there are 50-70 concurrent user proxy connections. This provide good connectivity (assuming T1). Above 70 concurrent user connections, performance will be degrading and you need to baby-sit the MSProxy. Let me know if you need more specific information on this. Foorood Amirmadhi Columbia Information Systems mailto:foorood.amirmadhi () columbia net
-----Original Message----- From: Steve () po i-way co uk [SMTP:Steve () po i-way co uk] Sent: Wednesday, October 07, 1998 6:31 AM To: firewall-wizards () nfr net Subject: NT Authentication Hi, I have been asked a few times recently to specify a proxy which can get Authentication from an NT domain. This seems to be sites which are using DHCP. I often like to specify a FW which has an internal proxy where the site admin team can control the insides clients Internet access. This means they can make all the changes for individual users and don't have to go near the FW. In the past I have used Wingate and IP's but more and more sites seem to want this authentication to come from an NT domain ala M$ Proxy server I guess. Being no genius on NT I wondered if anyone has any other product suggestions, alternative ways of doing this etc. Any actual experiences with Microsofts proxy would be good too - I think we all know how dubious the security is, the management possibilities seem useful though. TIA S --
Current thread:
- NT Authentication Steve (Oct 07)
- Re: NT Authentication Joseph S. D. Yao (Oct 07)
- RE: NT Authentication Joe Ippolito (Oct 09)
- <Possible follow-ups>
- RE: NT Authentication Noller, Gregory (Oct 09)
- Re: NT Authentication Vin McLellan (Oct 09)
- RE: NT Authentication Amirmadhi Foorood (Oct 09)
- RE: NT Authentication Amirmadhi Foorood (Oct 13)
- RE: NT Authentication Stout, Bill (Oct 13)
- Re: NT Authentication Joseph S. D. Yao (Oct 07)