Proxy configuration tools, Other network services – Google Networking Best Practices for Large Deployments User Manual
Page 28
28
Networking Best Practices for Large Deployments
Proxy Configuration Tools
Download the following tools which may be helpful when configuring Proxy Servers:
•
Use
pactester
or a similar tool to validate PAC files for different URIs. Download
pactester from the
•
Download
HttpWatch
or
HttpFox
(Firefox extension) to help you see what URIs are being
requested by the browser prior to encryption.
Other Network Services
Google runs a sophisticated load-balancing system to ensure the best experience for the user.
One factor in Google load-balancing systems is the way in which Google answers DNS
requests for some services. Google attempts to determine the geographical location of a user
partly through the location of the DNS resolver’s IPv4 address.
To ensure the best experience for your users:
•
Use a DNS resolver in a location that is close to the user, in terms of both geography and
network topology. Using DNS resolvers located in remote network locations will greatly
slow down connections to Google Apps.
•
If it’s not feasible to use a DNS resolver that’s close to the user, use a DNS server that
supports the edns-client-subnet extension (
such as
or
—which allows the resolver to pass part of the client’s IP
address.
•
Adhere to the advertised TTL value for all DNS record types.
•
Set up firewall rules to allow unrestricted outbound HTTPS traffic to Google Apps. You do
not need to set up special rules for inbound traffic; Google Apps does not generally initiate
inbound traffic to users.
•
Avoid routing inbound and outbound mail through a gateway inside your network. If
inbound and outbound mail is routed to a gateway inside your network, mail traffic will
consume unnecessary network resources.