1

Hello all,

We currently are running a number of virtualized servers using vmware (three esxi hosts and fiber channel storage). There has been some talk around here about migrating all our servers to the cloud. This sounds fine and good for application and database servers, but what about vritual servers that act more like network equipment, like virtualized firewalls and proxy servers?

We have such a virtualized proxy server in our environment (a home-rolled linux based squid proxy), and clients go through this server when connecting to the internet.

From what I understand cloud service providers charge for data downloaded from servers, which means that for a cloud-based home-rolled proxy server the more stuff users download from the internet the more money they’ll charge? Is having a cloud-based linux proxy server a bad idea? Are there any real world cases of people rolling their own proxy servers in the cloud?

By the way, I’ve enjoyed a number of benefits from our current setup. Of course, with a virtual proxy there are no drawbacks associated with a physical proxy (e.g. hardware failure), and because the proxy server is really just a linux server it is really handy to log into the server directly and do linux-y stuff, like grep log files, do a tcpdump, etc. I even made a nifty plugin for our monitoring server that audits the proxy logs.

So to sum up, I’m wondering if it is NOT recommended to roll your own linux proxy server in the cloud, and if so, what the alternatives are? If possible I’d like to continue doing things I’m doing with our current proxy server, especially the log auditing part. (BTW, the currently the monitoring server establishes an SSH connection with the proxy server, downloads the proxy file, then analyzes it locally.)

@abiodunfasasi8330 @proxycomputershelpdesk0598

8 Spice ups
2

In my time, proxy servers and firewalls sit between a ‘client’ and the servers typically on the Internet. It makes no sense to put those hosts in the cloud. Doing so would mean all internet traffic going through Azure and incurring network bandwidth charges. And, arguably, you’d still need a local firewall to protect your Internet Feed.

You might want to add additional firewalls in the cloud to protect the servers there - but Network Security Groups should be more than adequate to protect them.

2 Spice ups
3

Thank you for your reply.

I had a feeling that continuing our current setup with a virtualzied proxy server would not be possible in the cloud. The current sentiment is that all our locally housed virtual machines will be migrated to the cloud. Does this mean that most practical thing to do for our proxy server would be to de-virtualize it (i.e. get a physical proxy)? I have no experience with physical proxies. What are the options for monitoring and archiving the proxy logs?

4

What is the actual purpose of the proxy server at present?

If it were me, I’d keep the existing proxy for any on-prem clients then look at what to do for the servers you shiift to the cloud.

1 Spice up
5

The purpose of the proxy is to keep a historical log of client, etc. internet connections and to restrict the internet access of certain subnets (i.e. internet filtering). I have a monitoring script that logs into the proxy server at regular intervals and analyzes the logs for anything fishy.

The problem is that the support for the virtualization hardware/software that the proxy is running on is ending soon, and the hardware/licensing cost to replace our current hardware/software is too high (namely due to the ridiculous licensing fees for the Oracle database). Our server room is also in a flood zone, but that’s a different story.

So unfortunately, I do not think that we can keep our proxy in its current form (doing so would require rebuilding it in the cloud, which you say would incur high bandwidth charges). Maybe the only options are to get a physical proxy or try some cloud based proxy solution (both of which are areas I don’t know much about).