Dr.Web Proxy Server |
The anti-virus network may consist of one or several Dr.Web Proxy Servers. The main function of a Proxy Server is to establish a connection between Dr.Web Server and Dr.Web Agents in cases when it is impossible to set up direct access (e.g. if Dr.Web Server and Dr.Web Agents are located in separate networks which do not have packet routing between them). The Proxy server allows using any computer included in an anti-virus network for the following purposes: •As update relay center to reduce the network load on Dr.Web Server and on connection between Dr.Web Server and the Proxy server, as well as to reduce the time required for protected stations to get updates by using the caching function. •As a distribution center of virus events coming from protected stations to Dr.Web Server, which also reduces network load and allows keeping up with cases when, for example, a group of stations is located in a network segment, which is isolated from the segment Dr.Web Server is in. General Functions A proxy server performs the following functions: 1.Network listening and receipt of connections according to the specified protocol and port. 2.Protocol translation (supported protocols: TCP/IP). 3.Data transmission between Dr.Web Server and Dr.Web Agents according to the Proxy Server settings. 4.Caching of Agent and anti-virus package updates, which are translated by Dr.Web Server. In case of using cache of the Proxy Server to translate updates, following are provided: •reducing of network traffic, •reducing of Agent updates receiving time. 5.Supporting the traffic encryption between Dr.Web Servers and the Agents.
The general diagram of the anti-virus network when a Proxy Server is used is illustrated in the figure below.
Diagram of the anti-virus network when a proxy server is used Principle of Operation When a proxy server is used, the following operations are performed: 1.If the address of Dr.Web Server is not specified on the Agent, the Agent sends a multicast request according to the protocol of the network. 2.If the Proxy Server is set up to translate connections (the discovery="yes" parameter), a message about the availability of an operating Proxy Server is sent to the Agent. 3.The Agent sets the received Proxy Server parameters for Dr.Web Server. Further intercommunication is performed transparently for the Agent. 4.The Proxy Server listens specified ports for incoming connections via given protocols according to the configuration file. 5.For each incoming connection from the Agent (or Dr.Web Server) the Proxy Server establishes a connection with Dr.Web Server (or Agent). The forwarding algorithm for the list of Dr.Web Servers 1.Proxy Server loads to RAM the list of Dr.Web Servers from the drwcsd-proxy.conf configuration file (see the document, p. Appendix G4). 2.Dr.Web Agent connects to the Proxy Server. 3.Proxy Server forwards Dr.Web Agent traffic to the first Dr.Web Server from Dr.Web Servers list loaded in the RAM. 4.Proxy Server rotate the list in the RAM and moves Dr.Web Server from the first position to the end of list.
5.When the next Agent connects to the Proxy Server, procedure is repeated from the step 2. 6.If Dr.Web Server disconnects from the anti-virus network (e.g. it gets offline or due to denial of service), the Agent connects to the Proxy Server again, and the procedure is repeated from step 2.
Traffic Encryption and Compression Proxy Server supports traffic compression. Transferred data is processed regardless of whether traffic is compressed or not. Proxy Server supports traffic encryption. To support the encryption, the Proxy Server must connect to Dr.Web Server (see , p. Connecting the Proxy Server to the Dr.Web Server) and sign its certificate by certificate and private key of Dr.Web Server. The traffic encryption between Dr.Web Server and the Proxy Server is performed using the Dr.Web Server certificate; the traffic encryption between the Agents and the Proxy Server is performed using the Proxy Server certificate that is signed by the Dr.Web Server certificate and private key. Proxy Server supports traffic caching. Products are cached by revisions. Each revision stores in separate directory. Directories with all next revisions contain hard links on existing files from old revisions and originals for changed files. Thus, files for each version are stored on a hard drive in a single exemplar, all directories for next revisions contain only links on unchanged files. According to the settings specified in the configuration file, the following actions are performed if the caching is enabled: •Outdated revisions are periodically deleted. By default—once per hour. •Only latest revisions are stored. All other, earlier revisions are considered outdated and are deleted. By default 3 last revisions are stored. •Unused memory mapped files are periodically unloaded. By default—each 10 minutes. Settings The Proxy Server does not have a GUI. You can configure it in one of the following ways: 1.Remotely via the Control Center if the Proxy Server is connected to Dr.Web Server (see Remote Configuration of the Proxy Server). 2.Locally via the configuration file. The format of the configuration file is described in the document, p. Appendix G4.
Starting and Stopping To start and stop the Proxy Server under Windows OS, open , then double-click drwcsd-proxy and select a necessary action in the opened window. To start and stop the Proxy Server under a UNIX-based OS, use the start and stop commands with scripts created during installation of the Proxy Server (see the , p. Installing Proxy Server). To start the Proxy-server under both Windows OS and UNIX system-based OS, you can run the drwcsd-proxy executable file with corresponding switches (see the document, p. H5. Proxy Server). |