Anybody out there got any experience regarding using a firewall mashine in
conjunction with a "Information Agent System" (our is named "BI=IAS")?
The scenario:
I'm involved in a project, trying to establish a system consisting of the
following:
Internet = Rest of the world PPP - connections
---------------------------- -----------------
| |
Router Access mashine with Call-back
------ & other stuff
| -----------------------------
| |
+--------------------------------|
|
------------------------------------
Dual-Home Bastion host running
Firewall & WWW services (CERN-brand)
& BI=IAS (got a HUGE cache)
------------------------------------
|
inner network of different hosts
& types of NOS
& BI=IAS-base servers
The WWW-server running on the bastion host will be acting as an interface
for the BI=IAS-system.
Design goals of the BI=IAS-system are:
- external/internal users post a request for info of some sort (pretty much
like a normal www-request), but wont get any reply (exept a nice
acknowledgment of the posting ;-).
- BI-IAS make's sense of the posting, decides a retrieval strategy ... blah,
blah ... and ultimately triggers a set of locally agents tasked to travel
the net and (hopefully) returning some usefull info/answers. (Hint: one way
to travel is acting like a WWW-client, another way is triggering other agent
on other servers "out there")
- BI=IAS will do some filtering/formatting and post the result for later
retrieval (via WWW or by email or what ever...)
- That's it -
The issue of letting some "on the fly created" software running on my
bastion host some-what gives me the creep. On the other hand - I can't
afford to put up a dedicated BI=IAS-server behind the firewall,- only
specialised BI=IAS-agent-servers handling retrieval of data from some of our
data-bases, and from other special sources.
We havent discussed this subject much,- but would like to hear from other
(if any :-O) that's been working with "information agent's", and/or got an
oppinion on pitfalls concerning the above scheme/scenario, and/or "guru's"
knowing something about setting up the CERN-firewall/WWW-server.
Thank's in advance
Oh BTW: if we succeed with our project - the product (BI=IAS) will be
donated to the public at (i hope)(late) 1996.
-sab
=========================================================================
postmaster @
bio .
atv .
dk - a non-profit organisation -
sab @
bio .
atv .
dk Biotechnological Institute
Soren A. Brandbyge Holbergsvej 10 PB 818
+45 75 52 04 33 - 269 6000 Kolding, Denmark
=========================================================================
|
|
