Smart proxies: What is it and why do I need it?
Smart proxies are network nodes, which take over certain tasks in other networks for the orcharhino. In the simplest case, hosts get their content directly from orcharhino and use it as DNS and DHCP server.
Smart proxies basically act as a remote office of an orcharhino in another network. A smart proxy is required if hosts that are not accessible from the orcharhinos network are to be managed, provisioned, patched or configured.
There are two different modes of operation of smart proxies: A smart proxy with Pulp, where the smart proxy mirrors the content of the orcharhinos and a smart proxy with Squid, where the smart proxy acts as a caching and forwarding proxy.
Detailed descriptions of the two modes of operation can be found in our documentation.
Two basic usage scenarios can be derived from the Smart Proxy with pulp and the Smart Proxy with Squid:
- A Smart Proxy with pulp can be used to save bandwidth between two data centers. Only the Smart Proxy receives content (software packages, errata or puppet modules) from orcharhino, stores it and then forwards it to a variety of hosts. This way not every host has to request packets from orcharhino at different locations.
This is accompanied by performance gains: The provisioning of hosts can be carried out faster due to the geographical proximity of the Smart Proxy to the host. This is especially important when latency between sites, clouds, and/or data centers plays a central role. It is possible, for example, that the orcharhino in a data center in San Francisco provides hosts in a data center in Los Angeles. By using a Smart Proxy at the second location in Los Angeles, the network load can be reduced and expensive Internet traffic avoided, as the Smart Proxy takes over the supply of the hosts in the own network. Ultimately, costs can be reduced as a result. Faster deployments mean that infrastructures are completed more efficiently and can, therefore, be deployed more quickly.
- By using a Smart Proxy with Squid (and optionally Pulp), individual hosts in isolated networks do not need to be activated individually. This has the advantage of a clean separation and thus massively simplifies firewall rules. So only relevant ports for the communication of the orcharhino to the Smart Proxy have to be enabled. The Smart Proxy takes over the communication and supply of the hosts with content from orcharhino. This is accompanied by a security gain through network foreclosure. At the same time, in the Smart Proxy scenario with Squid, storage space can also be saved, since packets only have to be held on the orcharhino, but not on the Smart Proxy itself. This is interesting, for example, if several networks are located in the same data center.
A Smart Proxy can also be used to connect existing infrastructure components to the orcharhino. This includes Puppetmaster as well as DNS and DHCP servers.
All in all, the adequate use of a Smart Proxy brings many advantages. These can be divided into three superordinate categories: Performance gains, security gains and cost savings. Through a clever architecture including the trade-off between bandwidth and storage space, real benefits can be achieved from technical necessities. Your ATIX Consultant will gladly assist you. We would be pleased to explain this together with you in a personal meeting.
This post is also available in: German