Exinda Network Orchestrator
4 Settings
|
500
How Edge Cache Works
Edge Cache enables single-sided caching of Internet-based content, including web objects, videos and software
updates. Edge Cache requires only one Exinda appliance.
When web objects are downloaded from the Internet or across WAN links, Edge Cache stores them at the edge of the
network. When subsequent requests come for the same material, the content is quickly delivered from Edge Cache,
without the need to download the data again over the WAN. The result is the ability to experience LAN speeds of WAN
objects, and provide users with a better network experience.
Edge Cache also supports HTTPS sites allowing the appliance to be a forward proxy and decrypt content for caching.
This is important as more and more applications and services are moving to the cloud. These SaaS-based applications are
typically delivered over HTTPS and so to be effective, Edge Cache must support caching this HTTPS traffic.
Edge Cache also offers cache statistics, which provide insight into the amount of repetitive data being off-loaded from
the WAN link, how cacheable the network data is, and how frequently the cache is being accessed.
Caching Internet-based Content
To cache web traffic, a client-side Exinda appliance is put in line with the traffic. When a network user visits a URL with
cacheable content, Edge Cache first determines if the content is available in its cache. If not, Edge Cache retrieves the
content from the URL. Upon retrieving the content, it is stored in the cache with its expiry date as specified on the
source website. This assumes that the content is cacheable and falls within the Edge Cache setting parameters, such as
size of object and whether or not the URL is blacklisted. The next time a network user visits the same URL, Edge Cache
determines that the content is available in the cache and that the content is not stale by looking at the object expiry
date. The content is then served to the client from the cache, rather than retrieving from the URL over the WAN.
Edge Cache uses a least recently used (LRU) algorithm for expiring cached data to make room for new objects. This
means the most popular and most used content is stored the longest. You also have the ability to manually clear the
entire cache if desired.
Edge Cache operates as a transparent proxy since it is running on an inline device. As a result, your browsers do not
need to be configured with an explicit proxy configuration.
Caching Encrypted Internet-based Content
VERSION INFO
As of version 7.0.2, Edge Cache can cache HTTPS content, as well as HTTP content.
When the network user visits an HTTPS URL, if HTTPS caching is not enabled, Edge Cache is unable to determine what is
being requested because the traffic is encrypted, including the URL being requested. Even if it could cache the
encrypted data, the next request for the same HTTPS URL would not contain the same cached data because the
encryption pattern would be different. By enabling HTTPS caching, Edge Cache is able to act as a forward proxy, and
retrieve the content from the server, decrypt it, and provide it to the client over an encrypted communication channel.
Later requests can then be served from the cache.
To support this feature, you need to upload a trusted certificate to the appliance, which is then used by Edge Cache to
sign all dynamically generated site certificates. All client devices must trust this certificate as a signing authority.
To cache encrypted web traffic, the client tries to communicate with the HTTPS web server. The Exinda appliance
intercepts, keeping the communication open with the client. Then Edge Cache tries to establish a conversation with the
server. Upon receiving the certificate details from the server, Edge Cache extracts the certificate details, constructs a new
certificate and signs it using the signing certificate that was loaded and specified in the Edge Cache settings. Edge
Cache then presents this new certificate to the client. The client trusts this certificate because the details match its HTTPS
URL request as the client has previously been told to trust anything signed by this signing certificate (see below). The
communication negotiation between the client and Edge Cache is now complete. The client then requests the specific
Summary of Contents for EXNV-10063
Page 369: ...Exinda Network Orchestrator 4 Settings 369 ...
Page 411: ...Exinda Network Orchestrator 4 Settings 411 Screenshot 168 P2P OverflowVirtualCircuit ...
Page 420: ...Exinda Network Orchestrator 4 Settings 420 Screenshot 175 Students OverflowVirtualCircuit ...