Norman Enterprise Security: Caching Proxy 2.7 User Guidedownload01.norman.no/enterprise_security_suite/02_220M_Caching… · Caching Proxy on server-class computers that are permanently

User GuideNorman Enterprise Security

Caching Proxy 2.7

Norman Enterprise Security: Caching Proxy

- 2 -

- 3 -

Notices

Version InformationNorman Enterprise Security: Caching Proxy User Guide - Norman Enterprise Security: Caching Proxy Version 2.7 -Published: August 2012Document Number: 02_220_2.7_122351426

Copyright Information

Lumension8660 East Hartford Drive, Suite 300Scottsdale, AZ 85255

Copyright© 1999-2012 Lumension Security, Inc.; all rights reserved. Covered by one or more of U.S. PatentNos. 6,990,660, 7,278,158, 7,487,495, 7,823,147, 7,870,606, and/or 7,894,514; other patents pending. Thismanual, as well as the software described in it, is furnished under license. No part of this manual may be reproduced,stored in a retrieval system, or transmitted in any form – electronic, mechanical, recording, or otherwise – except aspermitted by such license.

LIMITATION OF LIABILITY/DISCLAIMER OF WARRANTY: LUMENSION SECURITY, INC.(LUMENSION) MAKES NO REPRESENTATIONS OR WARRANTIES WITH REGARD TO THE ACCURACYOR COMPLETENESS OF THE INFORMATION PROVIDED IN THIS MANUAL. LUMENSION RESERVESTHE RIGHT TO MAKE CHANGES TO THE INFORMATION DESCRIBED IN THIS MANUAL AT ANY TIMEWITHOUT NOTICE AND WITHOUT OBLIGATION TO NOTIFY ANY PERSON OF SUCH CHANGES. THEINFORMATION PROVIDED IN THIS MANUAL IS PROVIDED “AS IS” AND WITHOUT WARRANTY OFANY KIND, INCLUDING WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULARPURPOSE. THE INFORMATION PROVIDED IN THIS MANUAL IS NOT GUARANTEED OR WARRANTEDTO PRODUCE ANY PARTICULAR RESULT, AND THE ADVICE AND STRATEGIES CONTAINED MAYNOT BE SUITABLE FOR EVERY ORGANIZATION. NO WARRANTY MAY BE CREATED OR EXTENDEDWITH RESPECT TO THIS MANUAL BY SALES REPRESENTATIVES OR WRITTEN SALES MATERIALS.LUMENSION SHALL NOT BE LIABLE TO ANY PERSON WHATSOEVER FOR ANY LOSS OF PROFIT ORDATA OR ANY OTHER DAMAGES ARISING FROM THE USE OF THIS MANUAL, INCLUDING BUT NOTLIMITED TO DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES.


- 4 -

Trademark Information

Lumension®, Lumension® Endpoint Management and Security Suite, Lumension® Endpoint ManagementPlatform, Lumension® Patch and Remediation, Lumension® Enterprise Reporting, Lumension® SecurityConfiguration Management, Lumension® Content Wizard, Lumension® Risk Manager, Lumension® AntiVirus,Lumension® Wake on LAN, Lumension® Power Management, Lumension® Remote Management, Lumension®

Scan™, Lumension® Security Configuration Management, Lumension® Application Control, Lumension®

Device Control, Lumension® Endpoint Security, Lumension® Intelligent Whitelisting, PatchLink®, PatchLink®

Update™, their associated logos, and all other Lumension trademarks and trade names used here are the property ofLumension Security, Inc. or its affiliates in the U.S. and other countries.

Norman®, Norman SandBox®, Norman Virus Control®, the Norman product and service names, their associatedlogos, and all other Norman trademarks and trade names used here are the property of Norman ASA in the U.S.,the European Union, and other countries.

RSA Secured® is a registered trademark of RSA Security Inc.

Apache is a trademark of the Apache Software Foundation.

In addition, any other companies' names, trade names, trademarks, and products mentioned in this document maybe either registered trademarks or trademarks of their respective owners.

Table of Contents

- 5 -

Table of Contents

Preface: About This Document.................................................................................................................................. 7Typographical Conventions..........................................................................................................................................................7Contacting Norman...................................................................................................................................................................... 8

Chapter 1: About Norman Caching Proxy.............................................................................................................11System Requirements................................................................................................................................................................. 12Viewing PatchLink Distribution Point Endpoints..................................................................................................................... 12

Chapter 2: Norman Caching Proxy Installation....................................................................................................15Norman Caching Proxy New Installation Workflow................................................................................................................ 15Norman Caching Proxy Upgrade Workflow............................................................................................................................. 16Deploying the Norman Caching Proxy Full Installation Software Installer............................................................................. 16Deploying the Norman Caching Proxy Upgrade Vulnerability................................................................................................ 22Installing Norman Caching Proxy Manually.............................................................................................................................27Post-Installation Configuration.................................................................................................................................................. 31

Post-Installation Workflow.................................................................................................................................................. 31Endpoint Configuration........................................................................................................................................................32Adding/Editing FastPath Servers.........................................................................................................................................33Verifying Norman Caching Proxy Server Connectivity..................................................................................................... 36Verifying Norman Caching Proxy Endpoint Connectivity................................................................................................. 36Changing the Listener Port..................................................................................................................................................36Changing the Cache Directory............................................................................................................................................ 37Change the Cache Directory Size....................................................................................................................................... 38


- 6 -

- 7 -

Preface

About This Document

This User Guide is a resource written for all users of Norman Enterprise Security: Caching Proxy 2.7. Thisdocument defines the concepts and procedures for installing, configuring, implementing, and using NormanEnterprise Security: Caching Proxy 2.7.

Tip: Norman documentation is updated on a regular basis. To acquire the latest version of this or any otherpublished document, please refer to the Norman User Manuals page at http://www.norman.com/support/user_manuals/.

Typographical Conventions

The following conventions are used throughout this documentation to help you identify various informationtypes.

Table 1: Typographical Conventions

Convention Usage

bold Buttons, menu items, window and screen objects.

bold italics Wizard names, window names, and page names.

italics New terms, options, and variables.

MONOSPACE UPPERCASE Keyboard keys.

BOLD UPPERCASE SQL Commands.

monospace File names, path names, programs, executables, command syntax, andproperty names.

http://www.norman.com/support/user_manuals/




- 8 -

Contacting Norman

Headquarters

Norman ASAP.O. Box 43N-1324 Lysaker, NorwayTel: +47 67 10 97 00Fax: +47 67 58 99 40E-mail: [email protected] (To be used if you want to contact Norman HQ)Web: www.norman.com

Denmark

Norman Data Defense Systems A/SBlangstedgårdsvej 1, DK-5220 Odense SØTel: +45 7025 3508Fax: +45 6590 5102Email: [email protected]: www.norman.com/dk

Spain

Norman Data Defense SystemsCamino Cerro de los Gamos 1, Edif.128224 Pozuelo de Alarcón MADRIDTel: +34 917 90 11 31Fax: +34 917 90 11 12Email: [email protected]: www.norman.com/es

France

Norman France8 Rue de Berri, F-75008 ParisTel: +33142999509Fax: +33142999501Email: [email protected]: www.norman.com/fr

Sweden

Norman Data Defense Systems ABNorrköping Science Park, S-602 86 NorrköpingTel: +46 11 230 330Fax: +46 11 230 349Email: [email protected]: www.norman.com/se

Germany

Norman Data Defense Systems GmbHZentrale, Gladbecker Str. 3, D-40472 DüsseldorfTel: +49 0211 586 99-0Fax: +49 0211 586 99-150Email: [email protected]: www.norman.com/de

Switzerland

Norman Data Defense Systems AGMünchensteinerstrasse 43, CH-4052 BaselTel: +41 61 317 25 25Fax: +41 61 317 25 26Email: [email protected]: www.norman.com/ch

mailto:[email protected]

http://www.norman.com


http://www.norman.com/dk


http://www.norman.com/es


http://www.norman.com/fr


http://www.norman.com/se


http://www.norman.com/de


http://www.norman.com/ch

Preface

- 9 -

Italy

Norman Data Defense SystemsMilano San Felice, Strada 2, Torre 120096 Pioltello (MI)Tel: +39 02 7030 5479Fax: +39 02 7030 5480Email:[email protected]: www.norman.com/it

United Kingdom

Norman Data Defense Systems (UK) LtdCBXII, West Wing, 382-390 Midsummer BoulevardCentral Milton Keynes, MK9 2RGTel: +44 1908 847413Fax: +44 870 1202901Email:[email protected]: www.norman.com/en-uk

Netherlands

Norman SHARK B.V.Postbus 159, 2130 AD HoofddorpTel: +31 23 78 90 222Fax: +31 23 56 13 165Email: [email protected]: www.norman.com/nl

United States

Norman Data Defense Systems Inc.9302 Lee Highway, Suite 950A,Fairfax, Virginia 22031Tel: +1 703 267-6109Fax: +1 703 934-6368Email: [email protected]: www.norman.com/en-us

Norway

Norman ASA(Headquarter and sales Norway / Hovedkontor og salg Norge)Visit: Strandveien 37, LysakerMail: PO Box 43, N-1324 LysakerTel: +47 67 10 97 00Fax: +47 67 58 99 40Email: [email protected]: www.norman.com/no

For additional contact information, please visit the Norman offices page at http://www.norman.com/about_norman/contact/information/offices/.

Norman Technical Support

For a list of contact information for Norman Support, please visit the Contact support page at http://contact-support.norman.com/


http://www.norman.com/it


http://www.norman.com/en-uk


http://www.norman.com/nl


http://www.norman.com/en-us


http://www.norman.com/no

http://www.norman.com/about_norman/contact/information/offices/

http://www.norman.com/about_norman/contact/information/offices/

http://contact-support.norman.com/

http://contact-support.norman.com/


- 10 -

- 11 -

Chapter

1About Norman Caching Proxy

In this chapter:

• System Requirements

• Viewing PatchLink Distribution PointEndpoints

Norman Caching Proxy provides you with a quick and easy wayto add remote content caching capabilities to any computer withinyour network. Patches, module activation downloads, agent upgradedownloads, and antivirus definition downloads can all be cached onCaching Proxy.

Using agent policy sets, you can designate endpoint groups to contacta Caching Proxy before they contact the Norman Enterprise Securityserver. If the content that the agent requires is not cached on theCaching Proxy, the agent will contact the Norman Enterprise Securityserver to acquire the content. If the content does reside on the CachingProxy, the content will be deployed to the endpoint by the CachingProxy. By employing one or more remote installations of CachingProxy you can reduce the amount of bandwidth required to deploycontent to your managed endpoints.

After contacting the Norman Enterprise Security server, the agentagain contacts the Caching Proxy and the content retrieved by theagent is cached on the Caching Proxy. In cases where cached contentresides on the Caching Proxy, then the content is served by theCaching Proxy to the agent.

While it is possible to install the Caching Proxy on any computermeeting the minimum standards, it is recommended that you installCaching Proxy on server-class computers that are permanentlyconnected to your network. This is due to the volume of traffic thecomputer will experience, and the fact that the Caching Proxy acts asthe gateway between each client and your Norman Enterprise Security.

Caching Proxy is an adaptation of Squid Web Cache, an open-source,file caching proxy. Full documentation, including all supportedconfiguration options, configuration examples, and instructions on


- 12 -

how to secure your Caching Proxy installation and configure log filesis available at http://www.squid-cache.org.

Note: Caching Proxy replaces a legacy application called PatchLinkDistribution Point (PDP) that provided similar functionality. Youshould replace any PDP installations with the latest version of NormanCaching Proxy.

System RequirementsThe following minimum system requirements must be met in order to use Norman Caching Proxy.

Minimum hardware requirements:

• 1 GB of RAM• 10 GB of available disk space• A LAN connection

Supported operating systems:

• Microsoft Windows 2000 Professional and Server• Microsoft Windows XP Professional• Microsoft Windows Server 2003• Microsoft Windows Server 2008• Microsoft Windows Server 2008 R2

Note: While Norman Caching Proxy is supported on desktop-class operating systems (Windows XP, forexample), please consider the volume of traffic that will be connecting to Caching Proxy before electing to installon a desktop-class operating system. The connection limits and scalability issues inherent in these operatingsystems may not be ideal for high traffic environments.

Viewing PatchLink Distribution Point EndpointsYou can view the number of endpoints that have the legacy PatchLink Distribution Point (PDP) applicationinstalled on them. After identifying these endpoints, you should upgrade these endpoints to Norman CachingProxy.

This task is completed using the Norman Enterprise Security user interface. For more information, see NormanEnterprise Security: Patch and Remediation User Guide (http://www.norman.com/support/user_manuals/).

1. Log in to your Norman Enterprise Security server.

Step Result: The Home page displays.

2. Select Review > Vulnerabilities > All.

Step Result: The Vulnerabilities page displays.

http://www.squid-cache.org




About Norman Caching Proxy

- 13 -

3. Type Norman Caching Proxy in the Name or CVE-ID field.

4. Set the following display filters to All:

• Content type• Applicability• State• Detection status

5. Click Update View.

Step Result: The Vulnerabilities page refreshes and displays the results for Norman Caching Proxy.

Figure 1: Vulnerabilities Page

6. Click Norman Caching Proxy 2.7 for Windows (Detect Only).

Step Result: The Vulnerability Details page displays.

7. Click the Patched tab.

Step Result: The Patched tab displays, showing the endpoints that have PDP installed on them.

Figure 2: Patched Tab

After Completing This Task:

Upgrade the legacy PDP application to the latest version of Norman Caching Proxy using the NormanCaching Proxy full install vulnerability deployment or the Norman Caching Proxy manual install vulnerabilitydeployment. For more information, see Deploying the Norman Caching Proxy Full Installation Software Installeron page 16 or Deploying the Norman Caching Proxy Upgrade Vulnerability on page 22.


- 14 -

- 15 -

Chapter

2Norman Caching Proxy Installation

In this chapter:

• Norman Caching Proxy NewInstallation Workflow

• Norman Caching Proxy UpgradeWorkflow

• Deploying the Norman CachingProxy Full Installation SoftwareInstaller

• Deploying the Norman CachingProxy Upgrade Vulnerability

• Installing Norman Caching ProxyManually

• Post-Installation Configuration

You can install Norman Caching Proxy in a variety of ways,depending on whether you are performing a new installation orupgrading from an older installation of PatchLink Distribution Point.

New installations are performed using a deployment from theNorman Enterprise Security server. However, you can opt to have theinstallation performed automatically after the deployment completesor you can perform the installation manually once the installer isdeployed to the Caching Proxy computer.

Norman Caching Proxy New Installation WorkflowComplete the following workflow steps to install Caching Proxy.

Deploy the Caching Proxy installer to the endpoint that you want to installCaching Proxy on. For more information, see Deploying the Norman CachingProxy Full Installation Software Installer on page 16.

If you opted to deploy the Caching Proxy installer without installing CachingProxy, manually install Caching Proxy on the endpoint. For more information,see Installing Norman Caching Proxy Manually on page 27.


- 16 -

Norman Caching Proxy Upgrade WorkflowComplete the following workflow steps to upgrade your legacy PatchLink Distribution Point to Caching Proxy.

Deploy the Caching Proxy upgrade installer to the endpoint that you want to upgrade. Formore information, see Deploying the Norman Caching Proxy Upgrade Vulnerability on page22.

Run the Caching Proxy upgrade installer to the endpoint that you want to upgrade. Formore information, see Installing Norman Caching Proxy Manually on page 27.

Deploying the Norman Caching Proxy Full Installation SoftwareInstaller

You can deploy a software installer from your Norman Enterprise Security server that installs Norman CachingProxy on the selected endpoints.

Important: To review complete documentation about deployments and the Deployment Wizard, see NormanEnterprise Security: Patch and Remediation User Guide (http://www.norman.com/support/user_manuals/).


2. Select Review > Software > Software Installers.

Step Result: The Software Installers page displays.

Figure 3: Software Installers Page





Norman Caching Proxy Installation

- 17 -




Step Result: The Software Installers page refreshes and displays the results for Norman Caching Proxy.

6. Select the check box that corresponds to the Norman Caching Proxy 2.7 for Windows (Full Install) (SeeNotes) software installer.

7. Click Deploy.

Step Result: The Introduction page of the deployment wizard displays.

Note: This page may not display if the Do not display this page in the future check boxwas selected previously.

8. Click Next.

Step Result: The Available Endpoints/Groups page displays.

Figure 4: Available Endpoints/Groups Page


- 18 -

9. If you want to deploy the package to specific endpoints, perform the following steps:

a) From the Available Endpoint list, select the Endpoint OS Name required.

Step Result: The list of endpoints within that operating system display.

b) Select an endpoint (or endpoints) from the list.

Step Result: The endpoint(s) are highlighted.

10. If you want to deploy the package to groups, perform the following steps:

a) Expand the Available Groups directory tree.b) Select the group or groups requiring the deployment.

Selecting a parent group also selects its child hierarchy. If you do not want to deploy to a parent's childgroup hierarchy, cancel the deployment for the desired groups by clearing the applicable check boxes.

11. Click Next.

Step Result: The Available Packages page displays.

Figure 5: Available Packages

Note: No action is required on this page.


- 19 -

12. Click Next.

Step Result: The Licenses page displays.

Figure 6: Licenses Page

13. Select the I ACCEPT the terms and conditions of this end user license agreement option.

14. Click Next.

Step Result: The Deployment Information page displays.

Figure 7: Deployment Information Page

15. [Optional] Modify the deployment information as needed.


- 20 -

16. Click Next.

Step Result: The Package Deployment Order and Behavior page displays.

Figure 8: Package Deployment Order and Behavior Page

17. [Optional] To change the default listener port from 25253 to another available port:

a) Click the Edit icon.

Step Result: The Package Deployment Behavior Options page displays.

Figure 9: Package Deployment Behavior Options Page


- 21 -

b) Type LISTENPORT=port number in the Optional Flags field.

Example: For example, LISTENPORT=25254.

Important: The Caching Proxy port cannot be in use by another application or service. Verify that thisport is not blocked by a firewall.

c) Click Next.

18. [Optional] To deploy the Caching Proxy installer without installing Caching Proxy:




b) Type -PLD0 in the Optional Flags field.

Note: The -PLD0 optional flag indicates that the installer will be deployed to the selected endpoint but itwill not run.

c) Click Next.

19. Click Finish

Result: The deployment of the Norman Caching Proxy installer occurs at the scheduled time. If you used theoptional -PLD0 flag, the installer resides in C:\Windows\Temp. If you did not use the optional flag,Caching Proxy is installed on the endpoint when the deployment is finished.


- 22 -

Deploying the Norman Caching Proxy Upgrade VulnerabilityEndpoints that have an older version of Norman Caching Proxy (called Patchlink Distribution Point) can upgradethe Patchlink Distribution Point software by deploying an upgrade installer of Norman Caching Proxy and thenrunning the installer on the endpoint.

Important: To review complete documentation about deployments and the Deployment Wizard, see NormanEnterprise Security: Patch and Remediation User Guide (http://www.norman.com/support/user_manuals/).


2. Select Review > Software > Software Installers.

Step Result: The Software Installers page displays.

Figure 11: Software Installers Page





Step Result: The Software Installers page refreshes and displays the results for Norman Caching Proxy.

6. Select the check box that corresponds to the Norman Caching Proxy 2.7 for Windows (Update) (ManualInstall) (See Notes) software installer.





- 23 -

7. Click Deploy.

Step Result: The Introduction page of the deployment wizard displays.

Note: This page may not display if the Do not display this page in the future check boxwas selected previously.

8. Click Next.

Step Result: The Available Endpoints/Groups page displays.

Figure 12: Available Endpoints/Groups Page

9. [Optional] To deploy the package to endpoints, perform the following steps.

a) From the Available Endpoint list, select the Endpoint OS Name required.

Step Result: The list of endpoints within that operating system display.

b) Select an endpoint (or endpoints) from the list.

Step Result: The endpoint(s) are highlighted.

10. [Optional] To deploy the package to groups, perform the following steps.

a) Expand the Available Groups directory tree.b) Select the group or groups requiring the deployment.

Selecting a parent group also selects its child hierarchy. If you do not want to deploy to a parent's childgroup hierarchy, cancel the deployment for the desired groups by clearing the applicable check boxes.


- 24 -

11. Click Next.

Step Result: The Available Packages page displays.

Figure 13: Available Packages

Note: No action is required on this page.

12. Click Next.

Step Result: The Licenses page displays.

Figure 14: Licenses Page

13. Select the I ACCEPT the terms and conditions of this end user license agreement option.


- 25 -

14. Click Next.

Step Result: The Deployment Information page displays.

Figure 15: Deployment Information Page

15. [Optional] Modify the deployment information as needed.

16. Click Next.

Step Result: The Package Deployment Order and Behavior page displays.

Figure 16: Package Deployment Order and Behavior Page


- 26 -

17. [Optional] To change the default listener port from 25253 to another available port:




b) Type LISTENPORT=port number in the Optional Flags field.

Example: For example, LISTENPORT=25254.

Important: The Caching Proxy port cannot be in use by another application or service. Verify that thisport is not blocked by a firewall.

c) Click Next.

18. Click Finish

Result: The deployment of the Norman Caching Proxy installer occurs at the scheduled time. The NormanCaching Proxy installer resides on the endpoint in C:\Windows\Temp.


Log in to the endpoint and manually install the Norman Caching Proxy. For more information, see InstallingNorman Caching Proxy Manually on page 27.


- 27 -

Installing Norman Caching Proxy ManuallyInstalling Norman Caching Proxy on a computer enables the computer to remotely cache packages from aNorman Enterprise Security.

Prerequisites:

• Verify that your computer meets the minimum system requirements. For more information, see SystemRequirements on page 12.

• For new installations only, deploy the Norman Caching Proxy installer using the -PLD0 optional behaviorflag. For more information, see Deploying the Norman Caching Proxy Full Installation Software Installer onpage 16. For upgrades, when the upgrade installer is automatically deployed, but not installed.

• Verify that you have a user account with administrator privileges on the computer that you are installingNorman Caching Proxy on.

1. Log in to the computer that you are installing Norman Caching Proxy on.

2. Navigate to C:\Windows\Temp.

3. Open the NormanCachingProxy.msi installer file.

Step Result: The Welcome dialog displays.

Figure 18: Welcome Dialog


- 28 -

4. Click Next.

Step Result: The License Agreement dialog displays.

Figure 19: License Agreement Dialog

5. Select the I accept the terms of in the license agreement option.

6. Click Next.

Step Result: The Destination Folder dialog displays.

Figure 20: Destination Folder Dialog

7. [Optional] Change the installation location for Caching Proxy or the Caching Proxy cache directory.

a) Click Change.b) Define the file path using either the Look in lists or the Folder name field.c) Click OK.


- 29 -

8. Click Next.

Step Result: If you do not have enough storage space in the storage directory a confirmation dialog displaysasking you to confirm the cache storage directory.

9. [Optional] If the default storage directory does not have enough recommended disk space, you can change thecache storage location.

The cache storage location is the location where patches and other content items are downloaded. Normanrecommends allocating at least 10 GB of storage space to content.

Note: To bypass this dialog and keep the selected cache storage location, click No.

a) Click Yes.b) Click Change.c) Define the file path using either the Look in lists or the Folder name field.d) Click OK.

Step Result: The Content Storage Location field reflects your changes.

10. Click Next.

Step Result: The Squid Configuration dialog displays.

Figure 21: Squid Configuration Dialog


- 30 -

11. Enter the port on which the Caching Proxy listens for contact with agents in the Norman Caching ProxyListener Port (Default 25253) field.

Important:

For new installations, the default listener port is 25253. If port 25253 is in use, enter another port number thatis not in use. Verify that the Caching Proxy listener port is not being blocked by a firewall.

For upgrade installations, the installer will use port 80 by default. This is the port that was used by PatchLinkDistribution Point. You can change this port to 25253 or any other port that is not already in use, but youmust edit your FastPath server configuration to reflect the port change if you do not use port 80. For moreinformation, see Adding/Editing FastPath Servers on page 33.

12. Click Next.

Step Result: The Ready to Install the Program dialog displays.

Figure 22: Ready to Install the Program Dialog


- 31 -

13. Click Install.

Step Result: The Caching Proxy installation begins. When the installation is complete, the InstallShieldWizard Completed dialog displays.

Figure 23: InstallShield Wizard Completed Dialog

14. Click Finish.

Result: Norman Caching Proxy is installed.


Configure endpoint groups to contact the Caching Proxy, if necessary. For more information, see EndpointConfiguration on page 32.

Post-Installation ConfigurationAfter installing a new instance of Norman Caching Proxy or upgrading from PatchLink Distribution Point toCaching Proxy, you can configure your endpoints to connect to Caching Proxy and begin caching content on theCaching Proxy.

The Caching Proxy installation includes a configuration file named Squid.conf. You can modify many aspectsof the Caching Proxy installation - the listener port and cache directory location and size, for example - byediting the configuration file.

Post-Installation WorkflowComplete the following workflow steps to install Caching Proxy, configure endpoints to connect to the CachingProxy, and begin caching content.


- 32 -

Create a policy containing a FastPath server entry pointing to the CachingProxy. For more information, see Adding/Editing FastPath Servers on page33.

Important: Endpoints will not begin connecting to the Caching Proxy untilthe Agent on the endpoint has received the policy containing the FastPathserver details. After establishing the policy containing FastPath server details,wait until the communication interval between the Agent and the NormanEnterprise Security server has passed to ensure that the policy is downloadedand applied to the endpoint before executing the deployment in the next step.

Deploy content to a small subset of the custom endpoint group. Whenthe deployment is complete, the content is cached on the Caching Proxy.For more information, see "Working with Deployments and Tasks" in theNorman Enterprise Security: Patch and Remediation User Guide (http://www.norman.com/support/user_manuals/).

Tip: Deploy the content you want to cache for each unique operating systemin use on your network. If you do not populate the Caching Proxy with thecontent you want to deploy for each operating system in use on your network,then content will subsequently be deployed from the Norman EnterpriseSecurity server, which may result in network performance issues as theCaching Proxy is bypassed.

Deploy the same content to the rest of the custom endpoint group. Now thatthe content resides on the Caching Proxy, the endpoints will receive thecontent from the Caching Proxy.

Endpoint ConfigurationAfter installing Caching Proxy, you must configure the agent residing on your endpoints to contact the CachingProxy.

Norman Caching Proxy does not automatically cache content from the Norman Enterprise Security server. Tocache content on the Caching Proxy, you must successfully complete a deployment to endpoints configured touse the Caching Proxy. During this initial deployment process, the content is cached on the Caching Proxy. Insubsequent deployments of the same content, endpoints configured to use the Caching Proxy will receive thecontent cached on the Caching Proxy.

To configure endpoints to use Caching Proxy, perform the following tasks:

1. Create a custom endpoint group and assign the endpoints that you want to connect to the Norman EnterpriseSecurity server to the group.

For more information, see "Creating a Group" in the Norman Enterprise Security: Patch and RemediationUser Guide (http://www.norman.com/support/user_manuals/).

2. Configure an agent policy set for the group to use a FastPath server (the Caching Proxy).








- 33 -

For more information, see Adding/Editing FastPath Servers on page 33.

Important: Endpoints will not begin connecting to the Caching Proxy until the Agent on the endpoint hasreceived the policy containing the FastPath server details. After establishing the policy containing Fast Pathserver details, wait until the communication interval between the Agent and the Norman Enterprise Securityserver has passed to ensure that the policy is downloaded and applied to the endpoint before executing thedeployment in the next step.

3. Deploy content to a small subset of the custom endpoint group. When the deployment is complete, thecontent is cached on the Caching Proxy.

For more information, see "Working with Deployments and Tasks" in the Norman Enterprise Security: Patchand Remediation User Guide (http://www.norman.com/support/user_manuals/).

Tip: Deploy the content you want to cache for each unique operating system in use on your network. If youdo not populate the Caching Proxy with the content you want to deploy for each operating system in use onyour network, then content will subsequently be deployed from the Norman Enterprise Security server, whichmay result in network performance issues as the Caching Proxy is bypassed.

Note: If you upgraded from PatchLink Distribution Point to Caching Proxy, the content that you cachedon the PatchLink Distribution point is removed during the upgrade process. On the initial deploymentof previously cached content, endpoints configured to use Caching Proxy will receive the content fromthe Norman Enterprise Security server while the content is cached on the Caching Proxy. In subsequentdeployments, endpoints will receive the newly cached content from Caching Proxy.

4. Deploy the same content to the rest of the custom endpoint group. Now that the content resides on theCaching Proxy, the endpoints will receive the content from the Caching Proxy.

Adding/Editing FastPath ServersDefining FastPath servers optimize communication routes between the endpoints and the Norman EnterpriseSecurity servers and Norman Caching Proxy installations that provide content to the endpoints. You can add anunlimited number of servers or Caching Proxy installations.

Based on the endpoint's location on your network, endpoints that have an agent policy set assigned to themcontaining FastPath server information will connect to the closest available Caching Proxy. If the requiredcontent does not reside on the Caching Proxy, the endpoint will connect to the closest available NormanEnterprise Security server, if alternate Norman Enterprise Security servers have been included in the FastPathserver configuration.

You can add or edit FastPath servers from the Add/Modify FastPath Server dialog when creating or editingagent policy sets.


2. Select Manage > Agent Policy Sets.





- 34 -

3. Perform one of the following procedures based on your context.

Context Procedure

If you are creating an agentpolicy set:

Click Create.

If you are editing an agentpolicy set:

Click the edit icon associated with the policy set containing the logginglevel setting you want to edit.

Step Result: Either the Create Agent Policy Set or the Edit a Policy Set dialog opens.

4. Verify that the Use HTTP for file download option is set to True. If necessary, change the setting fromFalse to True.

Note: True is the default setting for the Use HTTP for file download option. It ensures that Caching Proxywill receive and cache module activation downloads, agent upgrade downloads, and antivirus definitiondownloads in addition to patch content.

5. Under FastPath Servers perform one of the following procedures based on context.

Context Procedure

If defining FastPath servers forthe first time:

Click the Define button adjacent to the Servers field.

If modifying FastPath serversthat have already been defined:

Click the Modify button adjacent to the Servers field.

Step Result: The Edit FastPath Servers dialog opens.

6. Based on action you want to perform, complete the applicable step.

Action Step

If you are adding a newFastPath server:

Click Add.


- 35 -

Action Step

If you are editing an existingFastPath server settings:

Click the Edit icon

Step Result: The Add/Modify FastPath Server dialog opens.

Figure 24: Add FastPath/Modify Server Dialog

7. Add or edit a FastPath server.

Type the applicable information in the following fields, or edit them as needed.

Field Description

URL The URL of the FastPath server, preceded by http://.

Port The port number that the FastPath server will use to communicate withNorman Enterprise Security.

8. If using a FastPath server that requires authentication, select the Authenticated check box and type theapplicable information in the following fields.

Field Description

User Name A user name that authenticates with the FastPath server.

Password The password associated with the user name.

Confirm Password The password retyped.

9. Click OK.

Step Result: The Add/Modify Fastpath Server dialog closes.

10. Click OK to close the Edit FastPath Servers dialog.


- 36 -

11. Finish any desired edits in the Edit A Policy Set dialog and click Save.

Note: FastPath servers added will not be saved until you click Save in the Create/Edit A Policy Set dialog.

Result: Your edits are saved. Your edits take effect the next time Norman Enterprise Security and theapplicable agents communicate.

Verifying Norman Caching Proxy Server ConnectivityAfter completing a deployment using Caching Proxy, you can verify that Caching Proxy is receiving contentfrom the Norman Enterprise Security. As deployments complete through Caching Proxy, the size of the cachefolder increases in size.

1. Log in to the computer running Caching Proxy.

2. Navigate to C:\Program Files\Norman\CachingProxy\var\.

3. Right-click on the cache folder.

4. Click Properties.

Step Result: The Properties dialog displays, showing the size of the cache folder. As endpoints receivenew content through the Caching Proxy, the size of this folder increases.

Verifying Norman Caching Proxy Endpoint ConnectivityAfter completing a deployment using Caching Proxy, you can verify that endpoints are connecting to theCaching Proxy.

Tip: For a complete explanation of how to read the Norman Caching Proxy access logs, see http://wiki.squid-cache.org/SquidFaq/SquidLogs.

1. Log in to the computer running Caching Proxy.

2. Navigate to C:\Program Files\Norman\CachingProxy\var\logs\.

3. Open access.log.

Step Result: The log file displays, showing endpoint connectivity data.

Changing the Listener PortBy modifying the Caching Proxy configuration file, you can change the Caching Proxy listener port. Changes tothe configuration file require that you stop and restart the Caching Proxy service.

Complete documentation of the available configuration settings for Caching Proxy can be found at the SquidCache web site. Please visit http://www.squid-cache.org/Versions/v2/2.7/cfgman/ for more information.

1. Log in to the computer that Caching Proxy is installed on.

2. Navigate to C:\Program Files\Norman\CachingProxy\etc\.

3. Open squid.conf in a text editor.

http://wiki.squid-cache.org/SquidFaq/SquidLogs

http://wiki.squid-cache.org/SquidFaq/SquidLogs

http://www.squid-cache.org/Versions/v2/2.7/cfgman/


- 37 -

4. Locate the http_port configuration parameter.

5. Overwrite the value of the http_port parameter with port number that you want to use.

6. Save the squid.conf configuration file.

7. Open the Windows Command Prompt window.

8. Type net stop CachingProxy.

Step Result: The Caching Proxy service stops. When completed, a message displays stating TheCachingProxy service was stopped successfully.

9. Type net start CachingProxy.

Step Result: The Caching Proxy service starts. When completed, a message displays stating TheCachingProxy service was started successfully.

Result: The Caching Proxy listener port is changed.

Changing the Cache DirectoryBy modifying the Caching Proxy, you can change the Caching Proxy cache directory. Changes to theconfiguration file require that you stop and restart the Caching Proxy service.





4. Locate the cache_dir configuration parameter.

5. Overwrite the file path contained in the cache_dir parameter with the file path to the cache directory that youwant to use.







Result: The Caching Proxy cache directory is changed.



- 38 -

Change the Cache Directory SizeBy modifying the Caching Proxy, you can change the size of the Caching Proxy cache directory. Changes to theconfiguration file require that you stop and restart the Caching Proxy service.





4. Locate the cache_dir configuration parameter.

5. Overwrite the first integer value of the cache_dir parameter with the size (in megabytes) that you want toallocate to the cache directory.







Result: The size of the Caching Proxy cache directory is changed.


Documents

Norman Enterprise Security: Caching Proxy 2.7 User Guidedownload01.norman.no/enterprise_security_suite/02_220M_Caching… · Caching Proxy on server-class computers that are permanently