terreActive AG
Kasinostrasse 30
5001 Aarau

Tel +41 62 834 00 55
Fax +41 62 823 93 56
info@terreactive.ch
www.terreactive.ch

tacRP


Description
Web-based applications are increasingly being used to exchange confidential information between the user's browser and the web server. This has made using powerful encryption technology based on public keys (HTTP over SSL/TLS, better known as HTTPS) an absolute must. This is the basis of the trust that customers or business partners have put in your application. There is, however, one major drawback: by using encryption, firewalls and NIDS (network intrusion detection systems) are deprived of their ability to examine the data stream and to protect servers and applications from malicious attacks. Encryption blinds the security systems, exposing servers to greater risk – and that destroys any added value from using an NIDS.

Customer Benefit
A reverse proxy elegantly solves this problem while combining both benefits: the external user is provided with strong encryption, and incoming data traffic can still be monitored and controlled. Users communicate via the secure channel with the tacRP, which decrypts the data stream and sends it – now uncoded – to the "right" application server. Typically, the reverse proxy is located in a security zone other than the application server, for instance in a less secure DMZ. When interacting with the actual server, the reverse proxy acts like a client. It receives the responses from the actual server and, after encryption, returns them to the client. Naturally, the entire process is completely transparent to the user: unlike a conventional ("forward") web proxy, users need not make any configuration changes for this setup to work.

Scope of Services
Performance Gain
tacRP can effortlessly handle several extremely busy servers. Their work load is less because tacRP handles CPU-heavy operations such as SSL encryption or data stream compression. Should your website not yet support data compression, we can offer this added value without putting an additional load on your servers. This will result in significantly higher speeds for users.

More Security
tacRP offers a powerful security architecture to protect your web servers. It reduces the number of systems exposed to direct internet data traffic by centralising web queries at a point where there are strict content and protocol filters. This enables web administrators to focus on managing content, while tacRP manages SSL certificates, controls user access and uniformly logs for all the different web resources.

Load Balancing
tacRP can distribute the load to several downstream servers, allowing you to scale your internet site cost-effectively and to be prepared for future requirements.

State-Of-The-Art Technology
Regularly updating web servers connected directly to the internet – a necessary part of dealing with software errors and security alerts - is a formidable task. Depending on the requirements of your application, updating is either prohibitive or requires extensive prior testing and QA measures. tacRP does not have any such requirements. It is built around the flagship project of the open source community, the Apache Web Server, which can be kept up-to-date and thus secure without affecting your application at all.

Flexibility
Alongside the additional separation of the internet and application server, tacRP also creates numerous new opportunities for configuring your application that are easy to use and entirely transparent to users. For example:

  • Put a test environment on a different server and let tacRP route certain requests to it, based for example on the internet address or user identity.
  • Change the internal setup of your application and let tacRP make the necessary modifications to your URL without them being visible to the user.
  • The flexible architecture of tacRP can be easily tailored to your requirements.
Investment Protection
Direct encrypted communication with your web server bypasses your firewalls and NIDS and thus renders them virtually useless. Employing tacRP, however, protects your investments in a sophisticated security infrastructure.

Additional Benefit
If requested, tacRP can take on additional tasks and create additional value. This might include compressing the return data stream, handling redirects – so as to make changes in the application without the user noticing – or using customised rules to filter incoming queries, which provides additional protection for servers and applications.