Troy Technologies USA
MCSE
STUDY GUIDE
Proxy Server 2.0
Exam 70-88
Congratulations!!
You have purchased one of the Troy Technologies USA MCSE Study
Guides.
This study guide consists of a selection of questions and answers very, very
similar to the ones you will find on the official MCSE exam. All you need to
do is study and memorize the following questions and answers.....and you
will be ready to take the exam. Remember, we guarantee it!
Average study time is 10 to 12 hours. Then you are ready.
GOOD LUCK!
Guarantee
Should you use this study guide and still fail the appropriate MCSE exam,
then send your original of the official score notice, along with your mailing
address to:
Troy Technologies USA
11134 Hunter Oaks
San Antonio, TX 78233
We will gladly refund the full cost of this study guide. However, you are not
going to need this guarantee if you follow the above instructions.
Ó Copyright 1998 Troy Technologies USA. All Rights Reserved.
Further Suggested Reading for Microsoft Certified System Engineer

• Exam Cram, MCSE Windows 2000 Network: Exam 70-216 (Exam Cram) by
Hank Carbeck, et al. Paperback (September 28, 2000)
• MCSE Windows 2000 Accelerated Study Guide (Exam 70-240) (Book/CD-ROM
package) by Tom Shinder (Editor), et al. Hardcover (October 6, 2000)
• MCSE 2000 JumpStart: Computer and Network Basics

with which to connect to the Internet. This adapter may be another network card or it may be an ISDN
adapter. The Proxy Server is the only computer in the network attached to both internal and external
networks.
Microsoft Proxy Server consists of 3 different services: Web Proxy, WinSock Proxy, and SOCKS Proxy.
Web Proxy Service
The Web Proxy service runs as a service on a Windows NT Server. It runs as an extension to IIS 3.0 or
higher. You must have IIS installed on your NT server in order for the Web Proxy service to run. Clients
contact the Web Proxy service and it contacts other Web servers on behalf of the client and then relays the
information back.
The Web Proxy service supports Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP) for
computers on the local LAN.
Caching
The Web Proxy service maintains a local copy of HTTP and FTP objects on a local hard disk. This is
called caching. Not all objects are cached. Some objects change frequently, even each time they are
accessed, so caching them is a waste of processing time. Some objects have a security context and are not
cached for security reasons. The Proxy Server performs two types of caching: Passive caching and Active
caching.
Passive Caching
Passive caching is the method used most. It is also know as on-demand caching because it is available on
demand when the client makes the request.
In a network that does not have a Proxy Server, the client contacts the Web server on the Internet. The
Web server responds to the request and sends the requested objects directly back to the client. Proxy
Server sits in the middle of this process. The Proxy client contacts Proxy Server with the request. Proxy
Server goes to the Internet with the request and retrieves the requested object. It caches that object. If you,
or any other client, requests the object again, Proxy Server gets the object from the local cache rather than
from the Web server on the Internet.
In order to ensure that the cached information is still current, several techniques are used. One technique
is to set an expiration time on the object. This expiration time is known as the time to live (TTL). When a
client requests an object that is cached, Proxy Server checks the TTL to determine if the requested object
is still valid. If the TTL has not expired, then the object is returned to the client. If the TTL has expired,

in the \mspclnt folder. The file contains the LAT. The contents of this file are identical to the LAT on the
server. To keep this file consistent, the server regularly updates the msplat.txt file on the client.
When a WinSock application needs to establish a connection using an IP address, the msplat.txt file is
consulted to determine if the requested IP address is internal or external. If the address is listed in the
msplat.txt file, then it is considered to be on the internal network and the connection with the resource is
made directly. If the address is not listed, then it is considered to be on an external network and the
connection is made through the Proxy Server.
If the LAT at the server does not contain all of the internal network addresses, you can modify the
msplat.txt at the client to include the other internal network addresses. However, these address
modifications are lost when the server periodically sends the LAT update to the client. To overcome this,
you can create a custom LAT for the client using a text editor. You add the additional address pairs that
are on the internal network so that the client recognizes them as part of the internal network. You then
3
save the file in the \mspclnt folder. The file must be named Locallat.txt. The WinSock client checks both
files, if they are present, for local IP addresses.
TCP/IP and IPX/SPX
There are several important points you need to know about using TCP/IP or IPX/SPX protocols and the
WinSock Proxy service. When you are using TCP/IP on your LAN and an application wants to
communicate with a server, that server may be local or remote to the application. Based on the addresses
contained in the LAT, the application can tell if the requested server is local or remote. If the address is
local, the client forwards the request directly. If the address is not local, then the WinSock Proxy service
is involved.
If your LAN is running the IPS/SPX protocol, the scenario changes. In this case, the WinSock Proxy
service is also acting as a protocol gateway. It converts the IPX/SPX protocol to the TCP/IP protocol and
back again. Since you are not running TCP/IP, there is no LAT table to be downloaded to the WinSock
Proxy client at installation time. Since there are no TCP/IP hosts on the local network, all attempts to
connect to a TCP/IP host are considered requests for a remote host and are processed according to those
rules.
SOCKS Proxy Service
The SOCKS Proxy service is a cross-platform mechanism used to establish secure communications

This is undesirable because you want all clients to specify a single URL. This process needs to be
transparent to the user.
The Microsoft DNS server supports a process known as round robin. This process balances the workload
of the servers, in this case, the three Web servers. To do this, you must create an alias that points to
multiple IP addresses. This alias record is a CNAME record entry in your DNS server file,
DNS gives the client the IP address of the first host in the list. The DNS then moves that host to the
bottom of the list. When the next request arrives, DNS gives the IP addresses of the second server, now at
the top of the list, and moves that server name to the bottom of the list, and so on. In this manner, each
host receives an equal share of client requests and the process is transparent to the user.
Load Sharing Using WINS
If you are using Windows and the TCP/IP protocol, then you should have at least one WINS server
deployed. WINS is Microsoft’s implementation of an RFC NetBIOS Name server. WINS serves a similar,
but different function than DNS. DNS resolves FQDNs (Fully Qualified Domain Names) to IP addresses.
WINS resolves NetBIOS names to IP addresses. All Microsoft operating systems rely on NetBIOS for
their networking.
You can use WINS in the same manner as you use DNS to share the load of your Proxy Servers. You
create a static entry in your WINS server table for the Proxy Server alias and map it to multiple IP
addresses.
Load Sharing Using WinSock Proxy
You install the WinSock Proxy client from a Proxy Server. The client then attaches to and uses the
WinSock Proxy service of the Proxy Server from which the client was installed. To balance the workload
of the WinSock Proxy services, configure each clients from a different Proxy Servers. This distributes the
load among the Proxy Servers in the organization.
Distributed Caching
You can configure caching to be distributed among multiple Proxy Servers in the organization. This
improves both the active and passive caching. You distribute the cached objects and provide for fault
tolerance if one Proxy Server fails or becomes unavailable. Distributed caching is implemented by one of
two methods, or by combining and using both methods: Chaining or Arrays.
Chaining
Using Proxy Server to route to another proxy server is a technique that involves a process called upstream

Cache Protocol (ICP). The purpose of this protocol is to allow a proxy server to query other proxy servers
to see if those servers have cached copies of requested objects before the proxy server goes to the Internet
for the object.
CARP expands on the ICP protocol in several ways. CARP uses a "queryless" hash-based algorithm. The
hash-based routing results in the URL being resolved to the same Proxy Server. This means there is a
single hop resolution for the requested object. CARP becomes faster the more Proxy Servers are added.
This is because the location of each cached object is known within the array, unlike ICP, which must
query for each requested object.
CARP prevents multiple servers from caching the same object. This makes the CARP array much more
efficient than an ICP array.
Client Installation
When you install Proxy Server, the Setup Wizard creates the \msp\clients folder. Client software utilities
are installed in their respective folders. For example, the Alpha folder contains Alpha-specific files and
6
the I386 folder contains the Intel-specific files. The Setup Wizard also shares the \msp\clients as a share
called mspclnt.
You have to install the WinSock client software on the client computers. The client setup program
configures the computer to be a client of the WinSock Proxy service on the server where the setup was
initiated. Also, as part of the installation, the Web browser is configured as a client of the Web Proxy
service.
You can start the client setup program using one of two techniques. You can connect to the UNC
\\server_name\mspclnt and run the client setup program. Or, you can use a browser, such as Internet
Explorer, point it to http://computer_name/msproxy, and click the Install WinSock Proxy 2.0 client. If you
are installing the client on a Web server, the setup program stops the Web service while the installation is
in progress.
The Mspclnt.ini file contains configuration information about the client. This is a text file and can be
edited with any text editor. By default, the client configuration file is downloaded to the client each time a
client computer is restarted and is updated every six hours after an initial refresh. When a refresh occurs,
the order of server share paths, listed in the [Master Config] section of Mspclnt.ini, is used to determine
the location of updated configuration files. At least one entry must be present. Entries are tried in the

FTP Read This is for access to FTP services.
Gopher Gopher is a menu-based system used to supplement FTP.
Secure This is the SSL service. If you have access granted, then you can use SSL
security.
WinSock Proxy Service - Use the Permissions Tab to “Enable Access Control”. You can specify
“Unlimited Access” or you can specify who can have access to the following protocols: AlphaWorld,
AOL, Archie, Echo, Enliven, IMAP4, IRC, Microsoft NetShow, MSN, NNTP, POP3, RealAudio, SMTP,
Telnet, and VDOLive. Other protocols can be added with the WinSock Proxy service.
SOCKS Proxy Service - You use the same procedure to set the permissions for using the SOCKS service.
You get a dialog box you use to configure this service. The “source” specifies the origin of the request.
You do this either by IP address and subnet, for a particular Internet Domain or for all computers. The
“Destination” side is where you allow (or deny) the destination of the permitted entry.
IP Parameters
Proxy Server allows you to control access by specific IP parameters such as: IP address, IP subnet, and
Internet domain name. This is done by enabling filtering and then specifying the appropriate IP address,
subnet, or domain.
When configuring this security, there are two methods you can use. You can grant access to everyone and
then restrict access by denying certain IP addresses, subnets, or domains. Or, you can deny access to
everyone and then grant access by exception by specifying the IP address, subnet, or domain.
Just as with configuring access by Internet service, you can set these parameters for each individual Proxy
Server.
Port
You can configure which port is used by the TCP and UDP protocols and thus control the access to the
WinSock Proxy service. Proxy Server comes with a default set of protocol definitions. You can add your
own protocol definitions or modify the definitions of the default protocols to suit your requirements.
Proxy Server uses application service ports for the WinSock Proxy and SOCKS Proxy services. WinSock-
based applications work through a network connection. Ports are used in combination with IP addressing
to form socket connections. A socket is an endpoint in the communication process. The WinSock Proxy
service can also redirect a listen() call. The implication of this is that Proxy Server can listen to Internet
requests on behalf of your application. It then redirects the request from the Internet to your application.