An RHN Proxy Server is a package-caching mechanism that reduces the bandwidth requirements for RHN and enables custom package deployment. Proxy customers cache RPMs, such as Errata Updates from Red Hat or custom RPMs generated by their organization, on an internal, centrally-located server. Client systems then receive these updates from the Proxy rather than by accessing the Internet individually.
Although the packages are served by the Proxy, clients' System Profiles and user information are stored on the secure, central RHN Servers[1], which also serve the RHN website (rhn.redhat.com). The Proxy acts as a go-between for client systems and Red Hat Network (or an RHN Satellite Server). Only the package files are stored on the RHN Proxy Server. Every transaction is authenticated, and the Red Hat Update Agent checks the GPG signature of each package retrieved from the local RHN Proxy Server.
In addition to storing official Red Hat packages, the RHN Proxy Server can be configured to deliver an organization's own custom packages from private RHN channels, using the RHN Package Manager. For instance, an organization could develop its own software, package it in an RPM, sign it with its own GPG signature, and have the local RHN Proxy Server update all of the individual systems in the network with the latest versions of the custom software.
Advantages of using RHN Proxy Server include:
Scalability — there can be multiple local RHN Proxy Servers within one organization.
Security — an end-to-end secure connection is maintained: from the client systems, to the local RHN Proxy Server, to the Red Hat Network servers.
Saves time — packages are delivered significantly faster over a local area network than the Internet.
Saves bandwidth — packages are downloaded from RHN only once (per local Proxy Server's caching mechanism) instead of downloading each package to each client system.
Customized updates — create a truly automated package delivery system for custom software packages, as well as official Red Hat packages required for the client systems. Custom private RHN channels allow an organization to automate delivery of in-house packages.
Customized configuration — restrict or grant updates to specific architectures and OS versions.
Only one Internet connection required — Because clients connect only to the RHN Proxy Server and not the Internet, they require only a Local Area Network connection to the Proxy. Only the RHN Proxy Server needs an Internet connection to contact the RHN Servers, unless the RHN Proxy Server is using a RHN Satellite Server, in which case only the RHN Satellite Server requires an Internet connection.
[1] | Throughout this document, "RHN" may refer to either RHN's Hosted site (http://rhn.redhat.com) or an RHN Satellite Server. |