Configuring a caching proxy to reduce Patch data network traffic

  • Article ID: 117121
  • Rating:
  • 1 customers rated this article 1.0 out of 6
  • Updated: 01 Jun 2012

This article explains how to configure a caching proxy for Patch data files so that endpoint computers can update their Patch data files from the cache rather than connect directly to the Sophos Management server.

The main reason for doing this is to reduce the amount of Wide Area Network (WAN) traffic to remote sites.  For a comparison of the data traffic reduction that can be achieved with caching see the Technical Information section at the end of this article.

Known to apply to the following Sophos product(s) and version(s)

Enterprise Console 5.1.0

What To Do

The table below provides an overview of the three types of proxy configuration you can employ.  Use the links in the table to jump to detailed information on implementing caching for a particular type of proxy.

Proxy configuration type Summary of required registry changes
Explicit
Each endpoint computer is configured with the name and port number to use.  Alternatively you can use a PAC file.
PrimaryServerUrl contains the Sophos Management server’s URL, and PrimaryProxyServerUrl contains the URL of the caching proxy. This has the advantage of simplicity, but requires that the PrimaryProxyServerUrl is set by on each Patch endpoint (which might not be practical for a large number of endpoints).
Transparent
Also known as an 'intercepting' or 'forced' proxy.  Endpoint computers are not configured to use a specific address and port number.  You will have configured (server-side) to capture network traffic sent on a particular port.
No configuration changes are required on the endpoint. PrimaryServerUrl contains the Sophos management server URL. PrimaryProxyServerUrl is not present.
Reverse
Endpoint computers are replied to directly from the proxy. Used to reduce traffic to web server by intercepting requests and replying with cached information.
PrimaryServerUrl contains the caching proxy URL. PrimaryProxyServerUrl is not present. The caching proxy is configured to relay requests to the Sophos Management server. To enable this configuration you can either change the registry on each endpoint, or change the PatchServerURL on the management server to contain the caching proxy URL and (re)protect the endpoints. If you choose the latter option and manage endpoints at several locations (including the one where the management server is deployed), then DNS for the PrimaryServerUrl at each location needs to resolve to the local caching proxy server. This allows using the same value at all locations and solves the issue of roaming endpoints accessing a proxy over the WAN.

Configure caching with an explicit proxy

  1. Locate the following registry subkey:
    HKLM\SOFTWARE\[Wow6432Node]\Sophos\Patch\Sophos Patch Agent\
  2. On the Edit menu, point to New, and then click String Value.
  3. In the details pane, type PrimaryProxyServerUrl for the new value, and then press ENTER.
  4. Right-click PrimaryProxyServerUrl, and then click Modify.
  5. In the Value data box, type proxyserver.domain.com:3128, and then click OK.
  6. Exit Registry Editor

Note: This String value needs to contain the fully qualified domain name of the explicit proxy, appended by the port number. Alternatively, a URL to a PAC file can be entered.

Configure caching with a reverse proxy

  1. Locate the following registry subkey:
    HKLM\SOFTWARE\[Wow6432Node]\Sophos\Patch\Sophos Patch Agent\
  2. Right-click PrimaryServerUrl, and then click Modify.
  3. In the Value data box, type proxyserver.domain.com:80, and then click OK.
  4. Exit Registry Editor

Note: This String value needs to contain the fully qualified domain name of the reverse proxy, appended by the port number.

Configure caching with a transparent proxy

No changes are required.

 

Technical Information

The tables below show a comparison of data transferred between the endpoint computer (with the Sophos Patch Agent installed) and the Sophos Patch server.

Comparison of data transfer - initial installation

The table below shows a comparison of network traffic volume between Enterprise Console v5.0 and v5.1 for the initial installation of the Sophos Patch Agent to the endpoint computer and download/upload from the Sophos Patch server.

Data transferred Description Direction Size estimate
 One endpoint  100 endpoints  100 endpoints
 No cache  SECv5.0/5.1 (no cache)  SECv5.1 (Cached)
Registration Agent unique identification (one off) (cannot be cached). Upload 0.5 KB 50 KB 50 KB
Compressed list of required PLS files List of PLS files required (can be cached 15 minutes). Download 77 KB 7.7 MB 3 MB
Assessment files (PLS files) x ~1100 Patch data files from Lumension. Specific to the platform. For Windows XP there are typically around 1200 files to be downloaded initially (can be cached for a long time). Download 15 MB 1.5 GB 15 MB
Compressed list of other required files List of other files required (can be cached 15 minutes). Download 0.3 KB 30 KB 12 KB
Mcescan.cab A Microsoft file needed for assessments (can be cached for a long time). Download 30 MB 3 GB 30 MB
Licence file Needed for assessments, but negligible in size (can be cached for a long time). Download 8 KB 0.8 MB 8 KB 
Compressed results On completion sends back an assessment report (cannot be cached). Upload 4 KB 0.4 MB 0.4 MB
Total
Download 45 MB 4.5 GB 48 MB
Upload 4.5 KB 0.5 MB 0.5 MB

Comparison of data transfer - 1 month

The table below shows a comparison of network traffic volume between Enterprise Console v5.0 and v5.1 for a typical month.

Data transferred Description Direction Size estimate
 One endpoint  100 endpoints  100 endpoints
 No cache  SECv5.0/5.1 (no cache)  SECv5.1 (Cached)
Mcescan.cab x 3 This file is updated between 2 – 4 times per month. Average of 3 taken. Download 90 MB 9 GB 90 MB
Assessment files (PLS files) x 120 Typically around 120 new PLS files are needed each month. Each file is on average around 13 KB in size. This gives a total size of 1560 KB, or around 1.5 MB. Download 1.5 MB 150 MB 1.5 MB
List of files These total 77.3 KB and are requested for each assessment. For a typical daily assessment that totals 2319 KB in 30 days, or around 2 MB Download 2 MB 200 MB 80 MB
Assessment results 4KB for each assessment totals to 120KB in 30 days Upload 120 KB 12 MB 12 MB
Total
Download 94 MB 9 GB 171 MB
Upload 120 KB 12 MB 12 MB

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments