Start Your Engines
Web Acceleration with SuperLumin on Novell Open Enterprise Server
Written by Ken Baker
Authentication and Access Control
One of the features that BorderManager customers most wanted to see in SuperLumin Nemesis, and which SuperLumin delivers, is the client trust feature. Client trust essentially provides eDirectory single sign-on. If users have already authenticated to eDirectory, SuperLumin Nemesis automatically recognizes those authentications and then automatically authenticates them in the background to the proxy service so users are not bothered with authentication prompts. While this was called client trust in BorderManager, it is simply referred to as SuperLumin single sign-on in SuperLumin Nemesis.
Beyond SuperLumin single sign-on for eDirectory environments, SuperLumin Nemesis provides a variety of other authentication options that can leverage your NTLM single sign-on, LDAP or RADIUS authentication infrastructure. It also supports external authentication from third-party Web-based authentication services.
SuperLumin delivers another frequently requested BorderManager feature called ACL Check, known simply as Access Control in SuperLumin Nemesis. It provides rule-based access controls that allow you to permit or block access to specific Internet sites. Using the SuperLumin browser-based management GUI, you can customize your own access control strategy by blocking content for all users, specific groups or individual users. You can block destinations by URL, a single IP address, an IP address range or an IP subnet. You can also create broad rules using wildcards to block or grant access to certain pages on a Web site.
(See Figure 2.)
In addition to blocking specific sites at a granular level with access controls, SuperLumin Nemesis has a set of APIs that provide hooks for third-party content filtering providers. Currently, ContentKeeper has an off-box and on-box content filtering solution that integrates with SuperLumin. A number of other filtering providers have plans to take advantage of this capability as well.
Beyond single sign-on and ACL controls, BorderManager customers also wanted firewall capabilities. You can use SuperLumin Nemesis as a firewall solution in much the same way that you may have used BorderManager. As with BorderManager, SuperLumin Nemesis provides stateful packet inspection and packet filtering at the port, IP and IP Range levels, but it’s much easier to set up in SuperLumin. For example, adding static or dynamic network address translation (NAT) is as simple as clicking a button. (See Figure 3.)
Social and Video Acceleration
While SuperLumin Nemesis delivers (and enhances) the services on Linux that BorderManager customers have long wanted, it also goes beyond BorderManager by delivering functionality such as social and video cache.
If you use a proxy service other than SuperLumin, you’ll find that you typically don’t experience any Web acceleration when you re-visit pages on social media sites such as YouTube or Facebook. This lack of acceleration occurs because most social media sites distribute their workload among multiple servers in order to handle heavy traffic volumes. When you watch a video on YouTube, your proxy server will cache the video locally with the idea that if you want to watch it again you’ll be able to download and view it much faster. However, when you click to watch the video again, YouTube most likely will serve up the video from a different server—preventing your proxy server from recognizing the video as the same content and requiring a completely new download over the Web. As a result, you could end up with several copies of the same video clip eating up network bandwidth and storage space in your local cache without giving you any added performance benefit.
By contrast, the social media and video cache features in SuperLumin Nemesis can recognize that the video or other social media content that you re-visit is actually the same content even though it happens to be coming from another server. As a result, rather than downloading it again, it will serve up the social content from its local cache. Not only does this significantly enhance the user experience, but it can free up considerable bandwidth, especially in university and college settings where it’s not uncommon to find 30-50 percent of network bandwidth being consumed by students visiting social media sites. (See Figure 4.)
In terms of video caching, SuperLumin also provides “hole filling,” which allows the proxy service to cache those portions of a video that a user actually watches. For example, users often skip ahead or jump back when watching long videos. Most proxy servers don’t handle this type of jumping back and forth, but SuperLumin will cache the portions of the video actually watched, allowing for better viewing performance of those video segments. This also allows for higher resolution viewing from services like Microsoft Silverlight that 1) use an adaptive protocol to determine available user bandwidth, and 2) can recognize that the video is being served up faster by the cache, resulting in a higher resolution.
SuperLumin Nemesis also enhances the performance of live video. For example, if your organization is hosting a live Web broadcast of your CEO to all employees, instead of requiring your branch office users to fetch the live stream from your originating server, SuperLumin Nemesis can take advantage of the typical two- to five-second delay in downloading the video to fetch the data, cache it at the branch office’s local proxy server and then send it locally to all the branch office users. So, instead of having 50 to 100 downloads of the same stream come across the WAN to individual users, it can come across in a single stream to the branch office, then split into multiple streams as needed when it arrives at the local proxy server.
The social media and video cache features in SuperLumin Nemesis can recognize that the video or other social media content you re-visit is actually the same content even though it happens to be coming from another server.
Wait No Longer, Look No Further
Whether you’ve been waiting for a BorderManager replacement before making the move from NetWare to Linux, or you have simply been on the lookout for a full-featured, best-in-class proxy and caching server, you need look no further than SuperLumin Nemesis. And from now until the end of March 2011, if you buy a three-year maintenance contract for SuperLumin Nemesis, the license for the product is free. For more information about SuperLumin Nemesis, the relationship between Novell and SuperLumin, and the promotion, visit www.superlumin.com/border.php..