Rarely do these terms get thrown around, until deep into the discussion of the solution with the customer. There is a difference, however, and you should know it. Reverse Proxies broker connections coming from the internet, to your app servers. Forward Proxies filter connections going out to the internet, from clients sitting behind the firewall. Reverse Proxies take origin connections from the internet and connect them to one server or a server farm, meaning multiple inbound connections from the internet are pooled into one or more connections to the server(s). This is known as TCP Multiplexing, and is often used with Load Balancing techniques to optimize and accelerate application delivery. Reverse Proxies measure load based on the incoming and outgoing connection ratio, the higher the ratio the better the performance. Reverse Proxies are built for Application Delivery, and have been put into the industry classification of Application Delivery Controller (ADC), or Application Delivery Network (ADN).
A key component of Reverse Proxies is the ability to perform TCP Multiplexing. What this means is the incoming connections are terminated, pooled and new connections are established on the back-end using fewer number of server connections resulting in a TCP Multiplexing Ratio. A typical TCP Mux ratio is 10:1 – ten incoming connections to 1 back-end connection. Another benefit of this is that the connections on the back-end to the servers are kept open even when the incoming connections terminate so that they can be re-used when new incoming connections come in – reducing the time to establish server connections hence improving performance.
- Application Delivery including:
- Load Balancing (TCP Multiplexing)
- SSL Offload/Acceleration (SSL Multiplexing)
- Content Switching/Redirection
- Application Firewall
- Server Obfuscation
- Single Sign On
Citrix offers the Reverse Proxy in the from of the NetScaler.
Forward Proxies take origin connections from the intranet from clients and connect them to servers out on the internet. Foward Proxies are not used for Application Delivery; however, they are used to filter client connections from visiting harmful websites and for compliance reporting.
- Content Filtering
- eMail security
- Compliance Reporting