![Page 1: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/1.jpg)
Server Setup and Configuration
Babu Ram Dawadi
1
![Page 2: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/2.jpg)
Servers• Minimum Server Required for
Intranet/Internet Operation– DNS server– DHCP server– Proxy Server– Web Server – Authentication Server (RADIUS)– Database Server – Mail Server – More…..
2
![Page 3: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/3.jpg)
DNS Server
• See the slides provided on Distributed System Classes– BIND/DJBDNS concepts and configuration– Requirement of DNS server based on network
size– Benefits and drawbacks
3
![Page 4: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/4.jpg)
DHCP Server
• DHCP Operation Concepts and Configuration DOC
4
![Page 5: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/5.jpg)
What is Squid Proxy Server?
• A caching proxy for– HTTP, HTTPS (tunnel only)– FTP– Gopher– WAIS (Wide area information server, requires
additional software)– WHOIS (Squid version 2 only)
• Supports transparent proxying
• Supports proxy hierarchies (ICP protocol)5
![Page 6: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/6.jpg)
Other proxies
• Free-ware– Apache 1.2+ proxy support
• Commercial– Netscape Proxy
– Microsoft Proxy Server
– NetAppliance’s NetCache (shares some code history with Squid in the distant past)
– CacheFlow (http://www.cacheflow.com/)
– Cisco Cache Engine
6
![Page 7: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/7.jpg)
What is a proxy?
• Firewall device; internal users communicate with the proxy, which in turn talks to the big bad Internet– Gate private address space (RFC 1918) into publicly
routable address space
• Allows one to implement policy– Restrict who can access the Internet
– Restrict what sites users can access
– Provides detailed logs of user activity
7
![Page 8: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/8.jpg)
What is a caching proxy?
• Stores a local copy of objects fetched– Subsequent accesses by other users in the
organization are served from the local cache, rather than the origin server
– Reduces network bandwidth– Users experience faster web access
8
![Page 9: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/9.jpg)
Benefits of Caching
9
Benefits: Eliminate the need (in many cases) to:•Send request to origin server (reducing delay, and link use)•Send full response from origin server (reducing link use)Consequences:•Reduced delay•Directly benefits end-user.•May benefit service providers (ISPs or web servers) by making their service more popular to end-users.•Reduced traffic•Reduces load on network links•Reduces load on server•Mask unavailability of origin server e.g. when working offline, or during faults
![Page 10: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/10.jpg)
How proxies work (configuration)
• User configures web browser to use proxy instead of connecting directly to origin servers
– Manual configuration for older PC based browsers, and many UNIX browsers (e.g., Lynx)
– Proxy auto-configuration file for Netscape 2.x+ or Internet Explorer 4.x+
• Far more flexible caching policy
• Simplifies user configuration, help desk support, etc.
10
![Page 11: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/11.jpg)
How proxies work (user request)
• User requests a page:
• Browser forwards request to proxy
• Proxy optionally verifies user’s identity and checks policy for right to access
• Assuming right is granted, fetches page and returns it to user
11
![Page 12: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/12.jpg)
Proxy– The Forward Proxy
• Forward Proxy– Proxy the outgoing requests, for the reason of
• Bandwidth saving
• Performance
• Central control
– When objects requested are• In cache, return the cached objects
• Otherwise, proxy server requests object from origin server, then cache it and return to client Request
Reply
Request
Reply
(using cached result)
Request
Replyclient
client
ProxyServer
OriginalServer
12
![Page 13: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/13.jpg)
Proxy– The Reverse Proxy
• Reverse Proxy– Proxy the incoming requests, for the reason of
• Reducing Server Load (by caching)
• Load Balance
• Fault Tolerant
– Reverse proxy acts as the original server, accept incoming requests, reply corresponding result. SEAMLESS for clients!
Request
Replyclient
client
ReverseProxyServer
Server1RequestReply
Server1
InternetInternet
13
![Page 14: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/14.jpg)
Squid’s page fetch algorithm• Check cache for existing copy of object (lookup
based on MD5 hash of URL)
• If it exists in cache– Check object’s expire time; if expired, fall back to origin
server
– Check object’s refresh rule; if expired, perform an If-Modified-Since against origin server
– If object still considered fresh, return cached object to requester
14
![Page 15: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/15.jpg)
Lifecycle of an object
15
Last-modified: When the object was last modifiedat the origin server.•< Date of client’s copy => OK to use copy•Date – Last-modified suggests frequency of changeDate: When the object was sent by the origin server=>•last time known to be fresh.•+ Age = Reference for checking for expiryExpires: Server’s prediction of when copies shouldbe replaced.Age: How long the object has spent in caches
![Page 16: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/16.jpg)
Squid’s page fetch algorithm
• If object is not in cache, expired, or otherwise invalidated– Fetch object from origin server– If 500 error from origin server, and expired
object available, returns expired object– Test object for cacheability; if cacheable, store
local copy
16
![Page 17: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/17.jpg)
Installing Squid (overview)
• Get distribution from http://squid.nlanr.net/• Run configure script with desired compile-time
options• Run make; make install• Edit squid.conf file• Run Squid -z to initialize cache directory structure• Start Squid daemon• Test• Migrate users over to proxy
17
![Page 18: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/18.jpg)
squid.conf runtime settings
• Default squid.conf file is heavily commented! Read it!
• Must set– cache_dir (one per disk)– cache_peer (one per peer) if participating in a
hierarchy– cache_mem (8-16M preferred, even for large
caches)– acl rules (default rules mostly work, but must
reflect your address space) 18
![Page 19: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/19.jpg)
squid.conf runtime settings
• Recommendations– ipcache_size, fqdncache_size to 4096
– log_fqdn off (use Apache’s logresolve offline)
– Increase dns_children, redirect_children, authenticate_children based on usage statistics (see cachemgr.cgi front-end)
19
![Page 20: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/20.jpg)
squid.conf ACL example
• acl manager proto cache_object
• acl localhost src 127.0.0.1/32
• acl managerhost src 204.248.51.34/32
• acl managerhost src 204.248.51.39/32
• acl managerhost src 204.248.51.40/32
• acl cawtech src 204.248.51.0/24
• acl cawtech-internal src 172.16.0.0/16
• acl all src 0.0.0.0/0.0.0.0
20
![Page 21: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/21.jpg)
squid.conf ACL example
• acl SSL_ports port 443 563
• acl gopher_ports port 70
• acl wais_ports port 210
• acl whois_ports port 43
• acl www_ports port 80 81
• acl ftp_ports port 21
• acl Safe_ports port 1025-65535
• acl CONNECT method CONNECT
• acl FTP proto FTP
• acl HTTP proto HTTP
• acl WAIS proto WAIS
• acl GOPHER proto GOPHER
• acl WHOIS proto WHOIS
21
![Page 22: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/22.jpg)
squid.conf ACL example
• http_access deny manager !localhost !managerhost
• http_access deny CONNECT !SSL_ports
• http_access deny HTTP !www_ports !Safe_ports
• http_access deny FTP !ftp_ports !Safe_ports
• http_access deny GOPHER !gopher_ports !Safe_ports
• http_access deny WAIS !wais_ports !Safe_ports
• http_access deny WHOIS !whois_ports !Safe_ports
• http_access allow localhost
• http_access allow cawtech
• http_access allow cawtech-internal
• http_access deny all
22
![Page 23: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/23.jpg)
Managing Squid
• the Calamaris.pl logfile analysis script, available at http://calamaris.cord.de/
• Use modified MRTG with Squid’s SNMP support
• SQUID-GRPAH
23
![Page 24: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/24.jpg)
Content Distribution Networks (CDN)
Business Model: A content provider such as www.cnn.com or Yahoo pays a CDN company (such as Akamai) to get its content to the requesting users with short delays.
A CDN provides a mechanism for Replicating content on multiple servers in the
InternetProviding clients with a means to determine the
servers that can deliver the content fastest.
![Page 25: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/25.jpg)
Terminology• Content: Any publicly accessible combination of text,
images, applets, frames, MP3, video, flash, virtual reality objects, etc.
• Content Provider: Any individual, organization, or company that has content that it wishes to make available to users.
• Origin Server: Content provider’s server , where the content is first uploaded.
• Surrogate Server (sometimes called edge server): Content distributor’s server, where the replicated content is kept.
![Page 26: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/26.jpg)
Players
Content Provider
H/W and S/W Vendor
Content Distributor
Hosting Provider
Yahoo, MSNBC, CNNCBC
Cisco, Oracle-Sun
Akamai,
Bell
Sells se
rvers
Send content
Install
servers
![Page 27: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/27.jpg)
CDN Distribution
• Content providers are CDN customers
Content replication• CDN company installs thousands
of servers throughout Internet
– In large datacenters
– Or, close to users
• CDN replicates customers’ content
• When provider updates content, CDN updates servers
origin server
in North America
CDN distribution node
CDN server
in S. America CDN server
in Europe
CDN server
in Asia
27
![Page 28: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/28.jpg)
CDN: Functional Components
Distribution Service Redirection Service
Accounting and Billing system
![Page 29: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/29.jpg)
CDN:Distribution Service
The content provider determines which of its objects it wants the CDN to distribute.
The content provider tags and then pushes this content to a CDN node, which in turn replicates and pushes the content to all its CDN servers.
![Page 30: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/30.jpg)
CDN: Redirection• When a browser in a user’s host is
instructed to retrieve a specific object (specified using a URL), how does the browser determine whether it should retrieve the object from the origin server or from one of the CDN servers?
• an example, suppose the hostname of the content provider is www.cnn.com
![Page 31: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/31.jpg)
How Akamai Works
End-user
cnn.com (content provider) DNS root server
1 2
Nearby Akamai
cluster
GET index.html
31
http://a.73.g.akamai.net/7/23/cnn.com/af/cnn.com/foo.jpg
HTTP
Akamai
clusterAkamai global
DNS server
Akamai regional
DNS server
![Page 32: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/32.jpg)
CDN: Redirection• Users get an html document from
www.cnn.com; this could be index.html
• The file index.html uses a modified URL for content that has been replicated.
• Example: If the jpeg files are what has been replicated then <img src=“http://cnn.com/af/foo.jpg>
may be modified as follows:
<img src=http://a73.g.akamai.net/7/23/cnn.com/af/foo.jpg>
• The browser needs to resolve a73.g.akamai.net hostname for replicated content.
![Page 33: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/33.jpg)
Caching and Content Distribution(CDN)
33
![Page 34: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/34.jpg)
CDN
34
![Page 35: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/35.jpg)
CDN
35
![Page 36: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/36.jpg)
CDN
36
![Page 37: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/37.jpg)
CDN: RedirectionWhat does this mean?
<img src=http://a73.g.akamai.net/7/23/cnn.com/af/foo.jpg>
host part: a73.g.akamai.netAkamai control part: /7/23Content URL: /af/foo.jpg
![Page 38: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/38.jpg)
CDN: Redirection
DNS is configured so that all queries about g.akamai.net that arrive at a DNS server are sent to an authoritative DNS server for g.akamai.net.
This is referred to as a Akamai DNS server (authoritative DNS server)
![Page 39: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/39.jpg)
How Akamai Works
End-user
cnn.com (content provider) DNS root server
1 2
Nearby Akamai
cluster
DNS lookup
cache.cnn.comAkamai
cluster3
4 ALIAS:
g.akamai.net
Akamai global
DNS server
Akamai regional
DNS server
![Page 40: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/40.jpg)
CDN: Redirection
When the Akamai DNS server receives the query, it extracts the IP address of the requesting browser.
.
![Page 41: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/41.jpg)
PP
How Akamai Works
End-user
cnn.com (content provider) DNS root server
1 2
Akamai global
DNS server
Akamai regional
DNS server
Nearby Akamai
cluster
Akamai
cluster3
4 6
5
ALIAS
a73.g.akamai.net
DNS lookup
g.akamai.net
![Page 42: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/42.jpg)
CDN: Redirection
Based on the IP address and information that it has about the Internet (called a map), the IP address of an Akamai regional server is returned to the requesting browser based on policy
e.g., select the server that is the fewest hops away.
The regional server may choose a surrogate server for content retrieval
![Page 43: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/43.jpg)
HTTPHTTP
How Akamai Works
End-user
cnn.com (content provider) DNS root server
1 2
Akamai global
DNS server
Akamai regional
DNS server
Nearby Akamai
cluster
Akamai
cluster3
4 6
5
8
7
DNS a73.g.akamai.net
Address
1.2.3.4
![Page 44: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/44.jpg)
HTTPHTTP
How Akamai Works
End-user
cnn.com (content provider) DNS root server
1 2
Akamai global
DNS server
Akamai regional
DNS server
Nearby Akamai
cluster
Akamai
cluster3
4 6
5
8
7
9
GET /foo.jpgHost: cache.cnn.com
![Page 45: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/45.jpg)
HTTPHTTP
How Akamai Works
End-user
cnn.com (content provider) DNS root server
1 2
Akamai global
DNS server
Akamai regional
DNS server
Nearby Akamai
cluster
Akamai
cluster3
4 6
5
8
7
9
GET /foo.jpgHost: cache.cnn.com
1211
GET foo.jpg
![Page 46: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/46.jpg)
CDN RedirectionThe Akamai DNS server IP address is now
in the cache of the local DNS server.
This implies that it is not always necessary to go to the root DNS server.
The TTL associated with the IP address of an Akamai server(surrogate) is relatively small.This is done for performance reasons.
Akamai content distribution servers are caches
![Page 47: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/47.jpg)
CDN RedirectionWhat if content is not there?
If the request content is not found then the surrogate will ask other surrogates within a specified region for information.
If requested information is still not found
or is stale, then a request is made to the original web site.
![Page 48: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/48.jpg)
CDN SelectionThe tricky issue is selecting which local content
server to use for a particular requestWant to spread load evenlyWant minimal impact if server is added or removed.
In Akamai, each surrogate server sends measurement results to the Network Operations Communications Center (NOCC).Measurement results include number of active TCP
connections, HTTP request arrival rate, bandwidth availability, etc
This information is used by the Akamai DNS server.
![Page 49: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/49.jpg)
Accounting MechanismAccounting mechanisms collect and track
information related to request routing, distribution and delivery.
Information is gathered in real time and put into log files for each CDN component.
This gets sent to the Network Operations
Communications Center (NOCC).
![Page 50: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/50.jpg)
Full Site Delivery vs. Partial Site Delivery
Full Site Delivery : All the contents are delivered by the CDN (including HTML, images, and other objects).
Partial Site delivery: Only images, streaming media and other bandwidth intensive objects delivered by the CDN.
![Page 51: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/51.jpg)
Current Akamai Customers
![Page 52: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/52.jpg)
52
Web Server: Click Here
![Page 53: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/53.jpg)
53
RADIUS
![Page 54: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/54.jpg)
54
RADIUS Overview• RADIUS: remote authentication dial-in user
service
• Designed to centralize the authentication process for large distributed networks
• Originally intended for dial-up networks
• Can be used for VPN servers, switches, and wireless access points
• Two mandatory server roles:– RADIUS client– RADIUS server
![Page 55: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/55.jpg)
55
![Page 56: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/56.jpg)
56
RADIUS Overview (continued)
• The RADIUS client accepts authentication information from users or devices and forwards the information to a RADIUS server
• The RADIUS server accepts authentication information from a RADIUS client
![Page 57: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/57.jpg)
57
Radius Overview (continued)
![Page 58: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/58.jpg)
58
Radius Overview (continued)
![Page 59: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/59.jpg)
59
Outsourcing Dial-up Requirements
• A user dials into ISP, ISP forwards request to RADIUS proxy, RADIUS proxy forwards request to RADIUS server, RADIUS server passes information to domain controller for authentication
![Page 60: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/60.jpg)
60
Outsourcing Dial-up Requirements (continued)
![Page 61: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/61.jpg)
61
What is AAA ?
• Authentication
• Authorization
• Accounting
![Page 62: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/62.jpg)
62
Authentication
• Verify a person’s or machine’s declared identity.
• Mechanisms: passwords, Public Key Infrastructure (PKI).
• Key aspect is Trust relationships between servers.
![Page 63: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/63.jpg)
63
Authorization
• Rules or templates on what a authenticated user can do on a system.
• Dial up user requests can be one link or multiple.
![Page 64: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/64.jpg)
64
Accounting
• Measures and tracks resources a user accesses.
• Include time, amount of data, session statistics, resource utilization etc.
• Logs sent and analyzed for billing, security servers.
![Page 65: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/65.jpg)
65
Properties
• Client/server model
• UDP based
• Hop by hop security
• Stateless
• Uses MD5 for password hiding.
• PAP/CHAP via PPP
![Page 66: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/66.jpg)
66
Authentication methods
• PAP: Password Authentication Protocol (MD5/XOR).
• CHAP: Challenge Handshake Authentication protocol
• PAP is preferred sometimes in cases where authorization must travel outside the realm of control
![Page 67: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/67.jpg)
67
![Page 68: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/68.jpg)
68
The CHAP 3-way handshake
![Page 69: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/69.jpg)
69
Using RADIUS and CHAP
![Page 70: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/70.jpg)
70
![Page 71: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/71.jpg)
71
Ports
• Authentication: udp/1812
• Accounting: udp/1813
![Page 72: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/72.jpg)
72
Implementations
• Livingston
• GNU
• FreeRADIUS
• Cistron
• Radiator
• Alepo
• Juniper: Steel Belt.
![Page 73: Server Setup and Configuration Babu Ram Dawadi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062500/5697c0101a28abf838ccae4a/html5/thumbnails/73.jpg)
73
Databases
• Oracle • Informix • Sybase • mSQL • MySQL • Microsoft SQL including versions 6.5, 7 and 2000 • ODBC • Interbase • SAP • PostgreSQL • SQLite