|
|
Once the Cache Engines are installed and functioning properly, there is little you need to do to manage them. The Cache Engine is transparent to your users: they cannot tell the difference between a page returned from a Cache Engine as opposed to the Internet. Users also do not need to configure their browsers to be aware of the Cache Engines, nor do they have to change the addresses used to connect to the desired web site.
Thus, your main management task for the Cache Engine is to monitor the Cache Engine's performance. Once you connect to the Cache Engine's management interface (as described in "Overview of Cache Engine Management" in Chapter 1), you can monitor the Cache Engines within the cache farm, and adjust various settings until you are satisfied with how the Cache Engine is affecting your network.
This chapter covers these topics:
You can create up to 50 accounts for connecting to the Cache Engine management interface. Each account can be identified as read-only or read-write. Thus, you can permit certain people to have access to monitor the Cache Engines, while limiting the number of people who have the authority to change Cache Engine parameters.
The admin user account comes predefined on the system, and you cannot delete it.
User accounts can be either read-write or read-only.
Users with read-write authority can use all the capabilities of the management interface.
Users with read-only authority can:
You must have read-write access in order to create user accounts. To create a user account for the Cache Engine:
Step 1 Click Accounts. You create a user account using the controls in the Create New User group.
Step 2 Enter the name of the user. The name can contain spaces. For example, John Doe.
Step 3 Enter the password for the user, and enter the password again in the Confirm field. The password is case sensitive and can be up to 20 characters, including spaces and any printable characters.
Step 4 Click Read/Write, if you want the user to be able to change Cache Engine operating parameters. Click Read Only if you only want the user to be able to view Cache Engine status and parameters.
Step 5 Click Create. The Cache Engine sends a message to all the Cache Engines in the cache farm, so that every engine has consistent information about user accounts. If the user account does not show up immediately in the list in the Edit User group, click the Refresh button on the browser.
You must have read-write access in order to change user accounts and passwords. To change a user's account:
Step 1 Click Accounts. The Edit User group shows a list of current user accounts.
Step 2 Click the user account name in the Edit User list that you want to change. You are presented a form that contains the account information for the user.
Step 3 To change the user's password, enter the new password in the New Password field, and reenter it in the Confirm New field. The password is case sensitive and can be up to 20 characters, including spaces and any printable characters.
Step 4 If you want to change the type of access the user is allowed, click Read/Write or Read Only, as desired.
Step 5 When you are satisfied with the new account information, click Edit. The Cache Engine sends a message to all the engines in the cache farm, so that every engine has consistent information about user accounts.
You can change your own password even if you only have read-only access to the Cache Engine. To change your password:
Step 1 Click Accounts.
Step 2 In the Change Your Password group, enter your old password, new password, and confirm your new password. The password is case sensitive and can be up to 20 characters, including spaces and any printable characters.
Step 3 Click Change. The Cache Engine displays a message indicating that your password has changed, and the browser presents a dialog informing you that your authorization failed. This is because your old password is no longer valid.
Step 4 Click OK on the browser's authorization failure message, and log in to the Cache Engine again.
You must have read-write access in order to delete user accounts. To delete a user's account:
Step 1 Click Accounts. The Edit User group shows a list of current user accounts.
Step 2 Click the user account name in the Edit User list that you want to delete. You are presented a form that contains the account information for the user.
Step 3 Click Delete This Account. The Cache Engine sends a message to all the engines in the cache farm, so that every engine has consistent information about user accounts. If the user account is not deleted immediately in the list in the Edit User group, click the Refresh button on the browser.
You can change the admin password through the management interface, if you know the current admin password. However, if you forget the admin password, you must reboot the Cache Engine and proceed as if you were changing the basic configuration. See "Updating the Basic Configuration" for more information.
When prompted for the admin password, enter a new password.
To monitor the Cache Engine's performance, click the Status button. This displays the status of each Cache Engine in the farm, including this information:
To read the event log, click Logs. The Cache Engine displays the event log with some controls you can use to filter log messages. The messages are coded according to type, as shown in Table 3-1.
To limit the number of messages displayed, type the number of messages you want to see in the Number of Events field and click Refresh. (There is no difference between the Refresh buttons at the top and bottom of the Display Events group.)
To filter out specific types of messages, uncheck the box next to the type of message you do not want to see. Click Refresh to apply the filter to the event log listing.
You can have the Cache Engine send event log messages to a system using the SYSLOG facility. This allows you to maintain permanent records of the event messages, if you require such records.
If you do not know how to set up the SYSLOG facility on a system that can run it, consult the documentation that came with your system. Typically, UNIX machines have SYSLOG availability. The following procedure assumes you already have SYSLOG set up and functioning, and that you know how to use SYSLOG.
To send event log messages to a system running the SYSLOG facility:
Step 1 Click Logs. The Export Logs group at the bottom of the page controls which messages are sent to SYSLOG.
Step 2 Enter the fully-qualified host name of the SYSLOG host in the SYSLOG Host field. For example, log.domain.com.
Step 3 In the table below the SYSLOG host name, check Enable for each type of Cache Engine message you want sent to SYSLOG:
Enabling or disabling SYSLOG logging has no affect on the Cache Engine's local logging of system events, although URL tracking is only done if you enable it for SYSLOG.
Step 4 For each type of message you are sending to SYSLOG, choose the appropriate level and facility combination that you want used for the message. The level and facility are defined in the SYSLOG system, and are not related to the type of message generated by the Cache Engine. The combination you choose depends on how you have set up your SYSLOG system, and how you want to track these messages. See your SYSLOG documentation for more information about SYSLOG level and facility.
Step 5 Click Start in the Export Logs group. The Cache Engine sends a message to all the engines in the cache farm, so that every engine logs messages consistently.
You can prevent users from accessing specific URLs by creating a list of restricted URLs. This allows you to prevent access to sites you find objectionable.
You can also prevent users from accessing various types of objects. For example, you can prevent users from downloading Java applets by blocking Java in the MIME list.
You can restrict access to URLs in one of two ways:
1. By creating a list of sites that your users will be allowed to view. In this way, you are denying your users access to all of the Internet except for the sites you deem useful.
2. By creating a list of sites that your users are not allowed to view. In this way, you are allowing your users access to all of the Internet except for the sites you deem objectionable.
Each method has its good and bad points. You might want to choose whichever method requires the least amount of typing on your part. But, because new Internet sites are constantly being added, maintaining these lists can be a big job.
If you enable blocking, you can selectively block user access based on RADIUS accounts. See "Selectively Blocking URLs Based on RADIUS Accounts" for more information.
To restrict your users' access to only those sites you want them to visit:
Step 1 Create a list of fully-qualified host names that you want your users to be able to access using a text editor. The file must be a plain-text file (no formatting), and be named goodurl.lst. The file must contain a list of fully-qualified host names, one per line; for example:
www.cisco.com
www.domain.com
www.goodsite.com
You can have blank lines in the file, but you cannot add comments.
The cache farm blocks access to any URL not listed in this file.
Step 2 From the Cache Engine console, determine which directory contains the currently active software version by entering the UpgradeShow command:
UpgradeShow
This command displays the currently active software version, and shows the directory name where the files reside in brackets. You must copy your blocking lists to this directory.
Step 3 Connect to any Cache Engine in the cache farm using FTP. For example:
ftp cache2.domain.com
Step 4 Log in using the same user name and password you would use to connect to the Cache Engine's management interface. The account you use must have read-write authority.
Step 5 Change directories to the directory determined in Step 2 by using the cd command. For example, if you are currently in /ata0/, and the directory containing the active software version is /ata0/1_1_1.dir, enter:
cd "1_1_1.dir"
Step 6 Put the file onto the Cache Engine:
put goodurl.lst
Step 7 Exit the FTP session.
Step 8 Connect to the Cache Engine's management interface and log in.
Step 9 Click Filters. The URL Blocking group controls which URLs are allowed or disallowed.
Step 10 Click Good Sites Only.
Step 11 Click Update in the URL Blocking group. The Cache Engine distributes the list of sites to be blocked to the other Cache Engines in the cache farm, and disallows user access to all unlisted sites.
To restrict your users from accessing specific URLs:
Step 1 Create a list of URLs that you want to block using a text editor. The file must be a plain-text file (no formatting), and be named badurl.lst. The file must contain a list of complete URLs, one per line; for example:
http://www.badsite.com
http://www.blockit.com
http://www.objectionable.com
The cache farm will block access to these URLs and to any URL under the listed one. For example, if you list http://www.badsite.com, your users cannot see http://www.badsite.com/subdir either.
Step 2 From the Cache Engine console, determine which directory contains the currently active software version by entering the UpgradeShow command:
UpgradeShow
This command displays the currently active software version, and shows the directory name where the files reside in brackets. You must copy your blocking lists to this directory.
Step 3 Connect to any Cache Engine in the cache farm using FTP. For example:
ftp cache2.domain.com
Step 4 Log in using the same user name and password you would use to connect to the Cache Engine's management interface. The account you use must have read-write authority.
Step 5 Change directories to the directory determined in Step 2 by using the cd command. For example, if you are currently in /ata0/, and the directory containing the active software version is /ata0/1_1_1.dir, enter:
cd "1_1_1.dir"
Step 6 Put the file onto the Cache Engine:
put badurl.lst
Step 7 Exit the FTP session.
Step 8 Connect to the Cache Engine's management interface and log in.
Step 9 Click Filters. The URL Blocking group controls which URLs are allowed or disallowed.
Step 10 Click Block Bad Sites.
Step 11 Click Update in the URL Blocking group. The Cache Engine distributes the list of sites to be blocked to the other Cache Engines in the cache farm, and disallows user access to those sites.
To restrict your users' access to specific MIME types:
Step 1 Click Filters. The MIME Blocking group controls user access to the various MIME types.
Step 2 Click Edit under Block Bad MIME Types. The Edit List applet opens a separate window containing a list of possible MIME types, and a list of those being blocked.
Step 3 Click the MIME types you want blocked in the list of MIME types. You can select more than one at a time by clicking each one you want. Deselect a selected item by clicking it.
Step 4 Click the > button to move the selected types to the blocked list. If you mistakenly add a type you do not want blocked, select it in the blocked list and click the < button. You can move all listed MIME types from one list to the other using the >>> and <<< buttons.
If you want to block a MIME type not listed, enter the MIME type in the edit box below the list of MIME types and click the Block button. You cannot delete entries you add, but you can move them to the unblocked list by selecting them and clicking the < button.
Step 5 Click Update to save your changes to disk.
Step 6 Click Done to close the Edit window.
Step 7 Click Block Bad MIME Types in the MIME Blocking group.
Step 8 Click Update in the MIME Blocking group. The Cache Engine distributes the new list of blocked MIME types to the cache farm, and disallows user access to data of those types.
To turn off URL or MIME blocking, if you have already enabled it:
Step 1 Click Filters.
Step 2 To turn off URL blocking, click No Blocking in the URL Blocking group, then click Update. URL blocking is turned off on all Cache Engines in the cache farm.
Step 3 To turn off MIME blocking, click No Blocking in the MIME Blocking group, then click Update. MIME blocking is turned off on all Cache Engines in the cache farm.
If you use RADIUS servers to manage user authentication, you can identify the RADIUS servers to the Cache Engines, and the engines will require the user to enter their RADIUS user name and password in order to access any page on the web. Users are asked to log in on their first request for a web page, and they remain authenticated unless they are inactive for more than 20 minutes (at which time they must again log in to use the web).
By using RADIUS, the Cache Engine can associate a user name with an IP address. If you enable URL tracking (see "Sending Event Log Messages to a System Log"), the engine includes the user name in the tracking message.
Also, you can selectively enable URL blocking based on RADIUS accounts.
To set up and enable RADIUS authentication:
Step 1 Click Filters. The RADIUS group controls RADIUS authentication.
Step 2 Enter the host name or IP address of the RADIUS servers in the Host fields. The RADIUS servers are checked from top to bottom, so enter your most reliable server in the topmost position in the table.
Step 3 For each server, enter the port number in the Port field. The normal port is 1646 (the UDP port).
Step 4 For each server, enter the RADIUS secret that the server expects to receive from the client. You must also update the RADIUS server's client list to include the IP address of each Cache Engine and the expected secret. The secret is a character string (see the documentation for your RADIUS server for any limitations on this character string).
Step 5 Check Enable for each RADIUS server you want the cache farm to use. If you do not check any servers, the cache farm does not use RADIUS authentication. The Cache Engine sends a message to all the engines in the cache farm, so that every engine uses the same set of RADIUS servers.
You can use RADIUS accounts to determine for whom you enable or disable URL blocking. For example, you can distinguish between child and adult accounts, and enable blocking for child accounts but not for adult accounts.
To block URLs for an account, set the RADIUS Service-Type to Framed-User and the Filter-ID to "Yes-Web-Blocking."
To not block URLs for an account, set the RADIUS Service-Type to Framed-User and the Filter-ID to "No-Web-Blocking."
You also must enable URL blocking on the Cache Engine as described in "Creating a List of Restricted URLs and MIME Types."
See your RADIUS documentation for information on setting the parameters for the accounts.
If you get a repeating series of critical event messages for a Cache Engine, and the problem appears to be specific to the operation of the machine, you can try resolving the problem by rebooting the machine.
To reboot a Cache Engine:
Step 1 Click Nerd Knobs.
Step 2 In the Heart Monitor group, click Reboot for each Cache Engine you want to reboot.
Step 3 Click Do It in the Heart Monitor group.
If you want to reboot more than one Cache Engine, including the engine you are logged into, from the web-based management interface, you must reboot the engine you are logged into after you reboot the other machines. Follow these steps:
Step 1 From the management interface, click Nerd Knobs.
Step 2 In the Heart Monitor group, click Reboot for each engine you want to reboot, but do not click Reboot for the engine you are logged into.
Step 3 Click Do It in the Heart Monitor group.
Step 4 When the other engines have rebooted, click Reboot for the engine you are logged into.
Step 5 Click Do It in the Heart Monitor group.
A Cache Engine manages its storage, deleting files when they reach their time limit or when storage has been filled. Because the Cache Engine automatically deletes old data from its cache, you should only flush the cache if you are performing debugging or other diagnostic tasks and you want to start with a clean machine.
If you want to delete all data from storage (flush the cache) so that you can perform a troubleshooting task:
Step 1 Click Nerd Knobs.
Step 2 In the Heart Monitor group, click Flush for each Cache Engine whose storage you want to clear.
Step 3 Click Do It in the Heart Monitor group.
You can change some aspects of how the Cache Engine uses Cache Farm Convergence (CFC) messages to communicate with other machines in the cache farm. These messages are used for coordinating web page storage and retrieval between the engines when an engine is added to the farm. If an engine does not have a requested object, it queries the other engines in the farm to determine if any other engine has the object.
To change the local CFC latency:
Step 1 Click Nerd Knobs. The Local CFC Latency group controls the use of Cache Farm Convergence messages.
Step 2 In the Wait for Response (milliseconds) field, enter the number of milliseconds the Cache Engine should wait for a response from other engines in the farm when it sends out a message. The default is 10.
Step 3 In the Maximum Number of Attempts field, enter the total number of failed attempts the Cache Engine should allow before it no longer tries to communicate with the other caches using CFC messages. The default is 200.
Step 4 Click Adjust in the Local CFC Latency group. The Cache Engine sends a message to all the engines in the cache farm, so that every engine uses the same settings for these parameters.
If a web server is running HTTP 1.1, it can assign to each object parameters that control how that object gets cached. If a web server is running HTTP 1.0, however, it cannot assign caching parameters to its objects.
Because HTTP 1.0 objects have only limited caching parameters, the Cache Engine determines how long to keep these objects in its storage by using a freshness factor. This factor is multiplied against the age of the object to determine how long the Cache Engine should allow the object to reside in its storage.
To change the factors the Cache Engine uses to determine how long to keep HTTP 1.0 objects in storage:
Step 1 Click Nerd Knobs. The Freshness Factor group controls the caching of HTTP 1.0 objects.
Step 2 In the Age Multiplier for Text Documents field, enter a value between 0.0 and 0.5. The default is 0.1. This number is multiplied by the age of the document to determine an amount of time that the document should be kept. However, text documents cannot stay in the cache for longer than 24 hours. Text documents are normal HTML pages.
Step 3 In the Age Multiplier for Other MIME Types field, enter a value between 0.0 and 0.7. The default is 0.3. This number is multiplied by the age of the document to determine an amount of time that the document should be kept. However, other MIME-type documents cannot stay in the cache for longer than a week. Other MIME types include graphics, programs, Acrobat documents, and so forth.
Step 4 Check On or Off for Cookie Caching. If you disable cookie caching, any web page that uses a cookie is not cached. This ensures that the customized data on the page is fresh, if the cache settings for the page are not set correctly. When cookie caching is off, the graphics on affected text pages are still cached (unless prevented by MIME blocking). If you keep cookie caching on, pages with cookies are cached according to their HTTP headers.
Step 5 Click Adjust in the Freshness Factor group. The Cache Engine sends a message to all the engines in the cache farm, so that every engine uses the same freshness factors.
To set the date and time for the Cache Engine:
Step 1 Click Nerd Knobs. The Set Time group controls the date and time for the system.
Step 2 In GMT Time, enter the current local time as measured in Greenwich Mean Time (GMT). You must use GMT because the HTTP protocol uses GMT for the timestamps on HTTP objects (web pages, graphics, and so forth).
Enter the time in hh:mm:ss format, where hh is hours, mm is minutes, and ss is seconds. For example, 20:35:15 is 8:35 PM plus 15 seconds.
Step 3 In GMT Date, enter the current local date as measured in GMT.
Use the mm/dd/yyyy format, where mm is the month, dd is the day, and yyyy is the four digit year. For example, 05/09/1997 is May 5, 1997. You must enter the month as the first value.
Step 4 Click Set in the Set Time group. The date and time only apply to the specific machine you are logged into.
To change the network setup for a Cache Engine, which includes the IP addresses the Cache Engine uses, the Cache Engine's name, and the name of the cache farm containing the engine:
Step 1 Click Nerd Knobs. The Network Setup group controls the IP addresses and names used by the Cache Engine.
Step 2 Change the Cache Engine IP address, Cache Engine netmask (subnet mask), default gateway, and host router (home router) to reflect the correct addresses.
Step 3 Change the Cache Engine name and Cache Farm name to reflect the desired name of the Cache Engine and cache farm. The names can be up to 20 characters, including spaces and any printable characters.
Step 4 Click Set in the Network Setup group. The changes only apply to the specific machine you are logged into.
To change the DNS servers the Cache Engine can use to resolve host names to IP addresses:
Step 1 Click Nerd Knobs. The DNS group controls domain name resolution for the Cache Engine.
Step 2 Enter the domain name for the network in the Default Domain Name field. For example:
domain.com
Step 3 Enter the IP addresses of the DNS servers in the Host 1 through Host 8 fields, one per field. Host 1 is the primary DNS server, and any other servers you enter are used as secondary servers.
Step 4 Click Set in the DNS group. The Cache Engine sends a message to all the engines in the cache farm, so that every engine uses the same DNS servers.
To change the routing information for a Cache Engine:
Step 1 Click Nerd Knobs. The Routing group controls the use of the Routing Information Protocol for the Cache Engine.
Step 2 Click On or Off for RIP, to indicate whether you want to use the Routing Information Protocol.
Step 3 If you use RIP, you can click Edit to view the routing table that was returned by RIP. You can also add static routes to this table. Do not make changes to the routing table unless you are certain you need to add a static route: normally, you do not need to do this. To add a static route:
(a) Click Edit. The routing table is displayed.
(b) In the Destination Net field, enter the address of the target system using one of these formats: xxx.xxx.xxx.0 or xxx.xxx.xxx for a network, where xxx is a valid octet value for IP addresses; or, the full IP address for a specific machine.
In the NetMask column, the calculated netmask for the remote system or network is displayed.
(c) In the Next Hop field, enter the IP address of the router to which packets should be routed.
(d) Click Add.
(e) To delete a route from the table, click Delete on the line containing the undesired route.
(f) When you are finished with the routing table, click Done.
Step 4 When you are finished changing the routing information, click Set in the Routing group.
To update the basic configuration:
Step 1 From the Cache Engine console, enter the reboot command. For example,
reboot
Step 2 After the system shows introductory banners and other messages, it shows the current configuration, and a message to press any key if you want to override the basic configuration. You have 10 seconds to press a key. Press a key before this time elapses.
Step 3 As you are prompted for each parameter, either press Enter to accept the current value, or type a new value and press Enter. If you mistakenly press Enter, you can back up to the previous parameter by entering a hyphen (-).
Step 4 When asked if the basic configuration is acceptable, enter y if it is, n if you made a typing error. If you enter n, you are shown the prompts for each parameter again. If you enter y, the Cache Engine continues booting.
If you already have a cache set up for web traffic, and it acts as an HTTP proxy, you can configure the Cache Engine to act as an HTTP proxy cache. This allows you to begin using the Cache Engine without forcing you to reconfigure your users' browsers, giving you a convenient migration path from a proxy cache system to the Cache Engine. The Cache Engine takes the place of the existing cache.
We recommend that you do not use the Cache Engine as an HTTP cache proxy, because this eliminates the benefit of having a transparent caching solution. Only use the Cache Engine as a proxy if you are replacing an existing cache proxy, and you want a convenient and quick installation. The Cache Engine can function both as a proxy cache and as a normal member of a cache farm simultaneously.
If you are already using a proxy cache, to use the Cache Engine as an HTTP cache proxy, simply remove the existing proxy and replace it with the Cache Engine. Use the same IP address and host name for the Cache Engine as you used for the proxy cache. Recommend to your users that they change their browser configuration to eliminate the HTTP proxy. As you deploy new workstations, ensure that the browsers on the new systems do not specify an HTTP proxy.
If you are not already using a proxy cache, to use the Cache Engine as a proxy cache, you must set the browser's HTTP proxy to point to the Cache Engine, using port 80. If you are not using the default port 80, you must adjust the engine's proxy configuration:
Step 1 Click Nerd Knobs. The Proxy group controls the settings for using the Cache Engine as a proxy cache.
Step 2 Enter the port number in the Incoming Proxy Port field. The engine listens for traffic on this port. Configure the users' browsers to use this port for the HTTP proxy.
Step 3 If you have an existing proxy cache that will remain available after you install the Cache Engine, you can have the engine check the proxy cache for requested web objects. Enter the IP address of the proxy cache in the Outgoing Proxy Address field, and the port number the proxy cache is listening to in the associated Port field.
Step 4 Click Set in the Proxy group. The changes only apply to the specific machine you are logged into.
Posted: Tue Dec 17 21:26:01 PST 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.