Download 3.8 MB - Juniper Networks
Transcript
Connection Binding and Microsoft's NTLM Authentication Protocol The DX appliance improves application server capacity by multiplexing requests over a few persistent connections to the server farm to conserve the target servers' resources. In some environments, it is necessary to bind a connection from the user to the target server instead of allowing user requests to use an arbitrary connection to the target server. Multiplexing of connections may potentially allow an authenticated connection to be used by non-authorized users, violating the security policy. Environments that use the NT Lan Manager protocol (NTLM) for authentication to Microsoft Proxy Servers require connection binding. NTLM is a proprietary protocol that authenticates connections rather than users or requests. Therefore, multiplexing connections to the target server must be disabled to avoid violating the NTLM authentication scheme. Configuring Connection Binding The connection binding feature provides the option of binding a connection from a single client to a target server. Connection binding is off by default, and can be enabled on a cluster-by-cluster basis. 1. To enable client to target server connection binding: dx% set cluster <name> connbind enabled In addition, you should configure the following for optimum performance. 2. Enable client IP-based client “stickiness” (refer to “Setting up the DX Appliance for “Sticky” Traffic” on page 155 for additional information). 3. Ensure that the web server keeps connections alive by setting a long connection time. The suggested value is five minutes or more. 4. To disable the following factory-set server settings: a. Disable the addition of an HTTP warning header by typing: dx% set server factory h w disabled b. Disable adding or appending to the HTTP Via header by typing: dx% set server factory h v disabled c. Close the connection to the target server when a 304 response is received by typing: dx% set server factory h tc3 disabled Connection Binding and Microsoft's NTLM Authentication Protocol 89
Related documents
Command Line Reference for DXOS
PDF Version
il catalogo Lamincio in formato PDF
ADTRAN IPR-S1000 User's Manual
Bigloo - Sophia Antipolis
ACS v 3.2.1-3 Release Notes
IBM Tealeaf CX Passive Capture Application: PCA Manual
Avaya B179 User's Manual
Brocade E1MG-SX-OM network switch
Citrix Systems Switch 4.2 User's Manual
Release Notes - Appliance
Alteon Firewall 5100 Series 2.2.5 User's Guide and