Difference between revisions of "Implementing SafeSquid on Cloud"

From Secure Web Gateway
Line 111: Line 111:
[[File:Slide55Cloud.PNG|left]]
[[File:Slide55Cloud.PNG|left]]
[[File:Slide56Cloud.PNG|left]]
[[File:Slide56Cloud.PNG|left]]
[[File:Slide57Cloud.png|left]]
[[File:Slide57Cloud.PNG|left]]
[[File:Slide58Cloud.png|left]]
[[File:Slide58Cloud.png|left]]
[[File:Slide59Cloud.png|left]]
[[File:Slide59Cloud.png|left]]

Revision as of 15:35, 23 December 2022

Background

The SafeSquid proxy server is a native x86_64 Linux network service application.

The software is distributed as a “tar-ball”

package. It can thus be deployed on an appropriate Linux based host platform.

Efficient performance installation and configuration of a few other co-resident system applications and libraries.

The SafeSquid proxy server and the other applications co-resident on the host platform can generate lots of files.

This can endanger the proxy service if the disk runs out of space.

It is therefore advisable to create appropriate disk partitions for application safety and long-term reliability.

A standard installation of SafeSquid SWG proxy server is initiated using SafeSquid’s custom ISO also known as SafeSquid Appliance Builder (SAB) which is based on ubuntu 18.04 LTS.

SAB is customized to provide automatic setup of all the necessary files and services, besides optimum disk-partitioning.

The SAB installer automatically fetches the tar-ball and deploys SafeSquid towards the end of its execution.

Installing on a Cloud PaaS such as Azure

You cannot setup SafeSquid using SAB on a PaaS such as Azure that does not allow upload of custom ISO file.

The SafeSquid tar-ball fetched by the SAB can however be manually downloaded and installed virtual guests created on such PaaS.

Some of the important functions carried out by the SAB installer must however be done manually, making this option not quite optimal.

Most importantly, implementing the optimum disk partitioning recipe can be most frustrating for a first-timer.

Function of partitioning recipe is lost in tar-ball installation.

Storing log files, user cache, database file and other SafeSquid files in shared block device as root directory, where Linux operating system and Linux kernel files reside, can lead to reduction in overall performance, cause OS failure and data corruption when disk is utilized 100%.

Users without custom SafeSquid partition witness issues where they lose log files generate by SafeSquid, Main reason for losing log files are monit’s control file for managing disk utilization.

Monit is a supervision tool which uses control file to perform automatic maintenance and such a control file is used for maintaining disk utilization, it removes old files from /var/log/safesquid and /var/db/safesquid when disk utilized is more than 80%.

Losing log data can lead to setbacks in troubleshooting process.

To avoid such issue, SafeSquid creates custom partitions using LVM, which helps isolate files in logical volumes.

Option for scalability is also lost, additional storage cannot be appended to existing block device.

Example: When using ext4 partition, disk size for / or root directory cannot be extended when OS is booted from block device.

Resizing block device requires downtime, which leads to decrement in production hours.

Example:  To add additional storage space to directory /var/log/safesquid you’ll will need to power off your server, add additional storage disk, power back on the server, create filesystem, mount your block device and relocate current log files to the new partition or block device.

To overcome such drawbacks, you can use cloud-init to deploy SafeSquid instance with custom partitions in Microsoft Azure.

Below are steps following which you can install SafeSquid via cloud-init

Deploying SafeSquid in Microsoft Azure.

Access your Microsoft Azure dashboard at https://portal.azure.com/#home

Slide1cloud.jpg
Slide2cloud.png
Slide3cloud.png
Slide4cloud.png
Slide5cloud.png
Slide6cloud.png
Slide7Cloud.png
Slide8Cloud.png
Slide9Cloud.png
Slide10Cloud.png
Slide11Cloud.png
Slide12Cloud.png
Slide13Cloud.png
Slide14Cloud.png
Slide15Cloud.png
Slide16Cloud.png
Slide17Cloud.png
Slide18Cloud.png
Slide19Cloud.png
Slide20Cloud.png
Slide21Cloud.png
Slide22Cloud.png
Slide23Cloud.png
Slide24Cloud.png
Slide25Cloud.png
Slide26Cloud.png
Slide27Cloud.png
Slide28Cloud.png
Slide29Cloud.png
Slide30Cloud.png
Slide31Cloud.png
Slide32Cloud.png
Slide33Cloud.png
Slide34Cloud.png
Slide35Cloud.png
Slide36Cloud.png
Slide37Cloud.png
Slide38Cloud.png
Slide39Cloud.png
Slide40Cloud.png
Slide41Cloud.png
Slide42Cloud.png
Slide43Cloud.png
Slide44Cloud.png
Slide45Cloud.png
Slide46Cloud.png
Slide47Cloud.png
Slide48Cloud.png
File:Slide49Cloud.PNG
Slide50Cloud.PNG
Slide51Cloud.PNG
Slide52Cloud.PNG
Slide53Cloud.PNG
Slide54Cloud.PNG
Slide55Cloud.PNG
Slide56Cloud.PNG
Slide57Cloud.PNG
Slide58Cloud.png
Slide59Cloud.png
Slide60Cloud.png
Slide61Cloud.PNG
Slide62Cloud.PNG
Slide63Cloud.PNG
Slide64Cloud.PNG
Slide65Cloud.PNG
Slide66Cloud.PNG
Slide67Cloud.PNG
Slide68Cloud.PNG
Slide69Cloud.PNG
Slide70Cloud.PNG
Slide71Cloud.PNG
Slide72Cloud.PNG
Slide73Cloud.PNG
Slide74Cloud.PNG
Slide75Cloud.PNG
File:Slide76Cloud.PNG

Validation

Access SafeSquid Web interface http://safesquid.cfg/

SafeSquidsCloud-init.yaml

Below are some sections which can be updated for personalization of your SafeSquid proxy server.

#Create Logical Volume,

Default values for the logical volume is set to minimum disk space required for each partition.

Note: the given values for the disk sizes are in megabytes.

Update the (--size, “512”) part of the command with the required disk size as per your requirements.

For example: Update the size of /var/lib/safesquid from 1GB to 3 GB

Updated

- [ lvcreate, --size, '1024', --name, /dev/azure-vg/var+lib+safesquid, azure-vg ]

     to

- [ lvcreate, --size, '3072', --name, /dev/azure-vg/var+lib+safesquid, azure-vg ]

Minimum disk space required to create disk partition is a minimum of 16GB.

When using disk with storage capacity more the 250GB, refer to the recommended maximum disk space.

Recommended maximum disk space required for SafeSquid partition are

4096 - /opt/safesquid

4096 - /usr/local/safesquid

8192 - /var/lib/safesquid

8192 - /var/www/safesquid

Allotting space more than recommended maximum disk for the mentioned partitions may not be optimal.

Directories /var/db/safesquid, /var/cache/safesquid and /var/log/safesquid, does not have maximum disk size.

You can set maximum disk size for each partition as required

Sections with ##Do not modify, should not be updated, unless you are aware of the components you are modifying.

Retrieved from "https://docs.safesquid.com/index.php?title=Implementing_SafeSquid_on_Cloud&oldid=2535"