Microsoft MVP성태의 닷넷 이야기
TFS : 159. TFS 프록시 서버 동작 방식 [링크 복사], [링크+제목 복사]
조회: 7058
글쓴 사람
정성태 (techsharer at outlook.com)
홈페이지
첨부 파일
 
How Team Foundation Server Proxy 2008 works
; http://blogs.msdn.com/tsyang/archive/2008/03/24/how-team-foundation-server-proxy-2008-works.aspx

TFS 에 대해서 잘 아시는 분들조차도,,, TFS Proxy 서버가, 인트라넷에 설치된 TFS Application Tier를 인터넷에 노출시킬 수 있는 기능을 가진 것으로 오해하는 경우가 종종 있습니다.

하지만, 직접 설치해 보면 아시겠지만... TFS Application Tier 역시 인터넷에 반드시 연결되어 있어야 한다는 것을 알 수 있습니다. 위에 소개한 토픽을 읽어보시면 실제로 TFS App Tier 에 질의가 되는 과정을 확인할 수 있습니다.

[위의 내용이 간단해서, 아예 아래에 실어봅니다.]
Ever wondering how TFS Proxy works? While this MSDN article "Team Foundation Server Proxy and Source Control" ( http://msdn2.microsoft.com/en-us/library/ms252490.aspx ) provides a great overview, this blog post will add an end-to-end story for TFS users who likes to dig into technical details.
Let's see what happens among a user (CLIENT), TFServer (SERVER) and TFS Proxy (PROXY) when the user is trying to downloading a file from TFServer.
  1. CLIENT authenticates with SERVER.
    1. SERVER terminates connection if authentication failed. End of story.
  2. CLIENT sends a file download request to SERVER.
  3. SERVER checks CLIENT's read permission on the requested file.
    1. SERVER reports "file does not exist" if CLIENT has no read permission. End of story.
  4. SERVER sends a download ticket for the requested file to CLIENT.
  5. CLIENT sends the download ticket to PROXY and wait for PROXY to return the requested file
  6. PROXY checks whether the requested file is already cached.
    1. PROXY returns the requested file to CLIENT if it is already cached. End of story.
  7. PROXY service account authenticates with SERVER
    1. SERVER terminates connection if authentication failed. PROXY reports error to CLIENT. CLIENT will download directly from SERVER. End of story.
  8. PROXY asks SERVER for the location of VersionControl services.
  9. SERVER checks whether PROXY service account has read permission on server-level information.
    1. SERVER terminates connection if PROXY service account has no read permission on server information. PROXY reports error to CLIENT. CLIENT will download directly from SERVER. End of story.
  10. SERVER tells PROXY where VersionControl services are.
  11. PROXY uses CLIENT's download ticket to download the requested file from SERVER.
  12. PROXY caches the requested file.
  13. PROXY returns requested file to CLIENT. End of story.

Highlights:

  1. SERVER always checks repository read permission against CLIENT, not PROXY service account.
  2. SERVER always checks server-level information read permission against PROXY service account; and that is the only permission PROXY service account ever needs.
  3. PROXY can save SERVER resources by serving CLIENT's downloading request when the requested file is already cached.

In other words:

  1. PROXY and SERVER are binded at the server-level, not team project level.
  2. PROXY does not act as a surrogate for SERVER; PROXY only does caching and all permission checking is done by SERVER.
  3. PROXY service account can simply be placed in a server-level group, e.g. "[Server]\Proxy Service Accounts", without any extra security configuration. This effectively grants PROXY service account read permission on server-level information.
    1. Adding PROXY service account to either TFServer Admin group, TFServer service account group, or any team project group will also grant PROXY service account read permission on server-level infromation; however, this practice is not recommended because it gives PROXY service account more permissions than it needs.

[연관 글]


donaricano-btn



[최초 등록일: ]
[최종 수정일: 3/25/2008 ]


비밀번호

댓글 쓴 사람
 




1  2  3  4  5  6  7  8  9  [10]  11  12  13  14  15  ...
NoWriterDateCnt.TitleFile(s)
946정성태1/22/20218491.NET 3.5 : 41. 사용자 정의 LINQ Provider 제작파일 다운로드1
945정성태4/6/20086585VS.NET IDE : 42. Class Designer Powertoys (VS.NET 2008)파일 다운로드1
944정성태4/1/20088605Debug : 36. Visual C++ - 메모리 누수 코드 감지 [1]
943정성태3/28/20087015VS.NET IDE : 41. 라인수 세어주는 애드인
942정성태3/26/20086228Debug : 35. Managed Debug Assistants (MDAs)
941정성태3/25/20086993.NET : 76. 닷넷 코드 가이드라인
940정성태3/25/20086320Windows 2008 : 7. Microsoft: Hyper-V RC
939정성태3/25/20087386.NET 3.5 : 40. ASP.NET MVC 소스 코드 공개
938정성태3/25/20086749IIS : 23. IIS7 - Administration Pack [1]
937정성태3/25/20086531.NET : 75. PRISM - something like PResentation Integration SysteM.
936정성태4/8/20087435개발 환경 구성: 123. SPN(Service Principal Name) 이 뭘까? [1]
935정성태3/25/20086429TFS : 160. BuildCop v1.0
934정성태3/25/20087058TFS : 159. TFS 프록시 서버 동작 방식
933정성태3/10/20086719TFS : 158. Process Template v4.2
932정성태3/5/20085530IIS : 22. IIS 7 관리자의 UI 확장
931정성태3/5/20086586.NET : 74. CAS 이야기 - Native Code 와 Link/Full Demand
930정성태3/2/20086176.NET : 73. Variable Capturing
929정성태4/8/20086309개발 환경 구성: 122. VS.NET 2008 용 PowerCommands 도구 [1]
928정성태4/8/20086725개발 환경 구성: 121. 설치된 Windows SDK 들 간의 선택을 간편하게 해주는 설정 도구 [1]
927정성태4/8/20086380개발 환경 구성: 120. Hyper-V 와 Virtual PC/Server 와의 VHD 호환성 [1]
926정성태2/28/20089471.NET 3.5 : 39. LINQ Providers
925정성태2/27/20086684TFS : 157. OpenGauntlet - Private Builds
924정성태2/23/20086449VS.NET IDE : 40. Visual Studio Programmer Themes Gallery
923정성태2/23/20086051.NET : 72. Configuration Section Designer
922정성태2/23/20086212.NET : 71. PowerShell 호스팅하는 방법
921정성태4/8/20085726개발 환경 구성: 119. Windows 네트워킹 - TCPChimney 에 대해서.
1  2  3  4  5  6  7  8  9  [10]  11  12  13  14  15  ...