Thanks for everyone's input thus far. I guess that I'll have to give you guys more (better) information so you can see exactly what we will need Squid to handle for us. At that point you can /point & /laugh and tell us "the better ways" and then after that see how we can do what we do "today" to meet our current needs and then how to move towards a more ideal setup. Since we need to control user access policies, we have to authenticate them against AD and/or LDAP, so I don't see how you could ever get around that (but I'm sure you'll let me know) =D
Thanks and I'll try and send some better information along. ------- Original Message ------- >From : Kinkie[mailto:REMOVED] Sent : 3/13/2009 11:14:42 AM To : sq...@removed Cc : squid-users@squid-cache.org Subject : RE: Re: [squid-users] New to Squid On Fri, Mar 13, 2009 at 2:43 PM, sq...@removed <sq...@removed> wrote: > Good afternoon, > > Our company is currently investigating the use of Squid as our Proxy solution > (Secure Web Gateway?). I was curious if anyone out there has successfully > installed and > managed a Production Squid environment > that would be about the complexity and size of the following (and I'd like > some information on it): > > 1) 3,000 concurrent users > 2) Three sites > Primary Site: 100 Mb/sec Internet Connection > Secondary Site: 30 Mb/sec Internet Connection [This is used for a DR scenario > only] > Tertiary Site: 45 Mb/sec Internet Connection [This is used for a DR scenario > only] > 3) We are a Windows 2000/2003 Domain. It's a single forest with two (2) Child > Domains. There is a firewall between the two (2) child domains. > 4) We need HA Pairs at each site, but because we have VMWare ESX 3.5 > implemented at each site we are throwing around the idea of using 3-4 > virtuals (or however many you > guys would recommend) and using our DR strategy for VM's to V2V to boxes to > the other two (2) sites. > > Your input, comments, and questions would be greatly appreciated, thanks! Those numbers are not really THAT MUCH demanding (there are environments easily 10 times bigger). Making AD work in a firewalled environment is not really that easy (nor secure), but I'd assume that that side of things has already been covered. In general I'd advise AGAINST going virtual for the kind of loads squid performs, but I have no hard numbers to back this claim up. Also, if you can control your users' browsers' configuration (which would seem to be the case), having a proxy-pac-based HA solution is not hard. -- /kinkie
