The Red Hat Update Agent on the client systems does not directly contact a Red Hat Network Server. Instead, the client (or clients) connects in turn to an RHN Proxy Server that connects to the Red Hat Network Servers or to a RHN Satellite Server. Thus, the client systems do not need direct access to the Internet. They need access only to the RHN Proxy Server.
Important | |
---|---|
Red Hat strongly recommends that clients connected to an RHN Proxy Server be running the latest update of Red Hat Enterprise Linux to ensure proper connectivity. |
Clients that access RHN directly are authenticated by the RHN servers. Clients that access an RHN Proxy Server are still authenticated by RHN; however, in this case the Proxy provides both authentication and route information to RHN. After a successful authentication, the Red Hat Network Server informs the RHN Proxy Server that it is permitted to execute a specific action for the client. The RHN Proxy Server downloads all of the updated packages (if they are not already present in its cache) and delivers them to the client system.
Requests from the Red Hat Update Agent on the client systems are still authenticated on the server side, but package delivery is significantly faster since the packages are cached in the HTTP Proxy Caching Server or the RHN Proxy Server (for local packages); the RHN Proxy Server and client system are connected via the LAN and are limited only by the speed of the local network.
Authentication is done in the following order:
The client performs a login action at the beginning of a client session. This login is passed through one or more RHN Proxy Servers until it reaches a Red Hat Network Server.
The Red Hat Network Server attempts to authenticate the client. If authentication is successful, the server then passes back a session token via the chain of RHN Proxy Servers. This token, which has a signature and expiration, contains user information, including channel subscriptions, username, etc.
Each RHN Proxy Server caches this token on its local file system in /var/cache/rhn/. Caching reduces some of the overhead of authenticating with Red Hat Network Servers and greatly improves the performance of Red Hat Network.
This session token is passed back to the client machine and is used in subsequent actions on Red Hat Network.
From the client's point of view, there is no difference between an RHN Proxy Server and a Red Hat Network Server. From the Red Hat Network Server's point of view, an RHN Proxy Server is a special type of RHN client. Clients are thus not affected by the route a request takes to reach a Red Hat Network Server. All the logic is implemented in the RHN Proxy Servers and Red Hat Network Servers.
Optionally, the RHN Package Manager can be installed and configured to serve custom packages. Any package that is not an official Red Hat package, including custom packages written specifically for an organization, can only be served from a private software channel (also referred to as a custom software channel). After creating a private RHN channel, the custom RPM packages are associated with that channel by uploading the package headers to the RHN Servers. Only the headers are uploaded, not the actual package files. The headers are required because they contain crucial RPM information, such as software dependencies, that allows RHN to automate package installation. The actual custom RPM packages are stored on the RHN Proxy Server and sent to the client systems from inside the organization's local area network.
Configuring a computer network to use RHN Proxy Servers is straightforward. The Red Hat Network applications on the client systems must be configured to connect to the RHN Proxy Server instead of the Red Hat Network Servers. Refer to the RHN Client Configuration Guide for details. On the proxy side, one has to specify the next proxy in the chain (which eventually ends with a Red Hat Network Server). If the RHN Package Manager is used, the client systems must be subscribed to the private RHN channel.