Installation guide

Deployment Primer

2-25

Planning the HTTP Flow Using the ICAP Mode

For complete details on implementing the ICAP Mode, see ICAP Mode on page 1-10.

HTTP Proxy in ICAP Mode (Single and Multiple IWSVA

Servers)

This section discusses the flow of a typical HTTP GET request using both an ICAP

device and IWSVA servers. In these flows, IWSVA interacts with the ICAP device, in

response to ICAP rules. This is very different from other flows where IWSVA receives

URL requests from HTTP clients. To use these flows for HTTP browsers, configure the

browsers to use the ICAP device as the HTTP proxy.

Using ICAP devices can enhance performance in two ways:

• Caching good data—If the data is clean, the ICAP device caches the data.

Subsequent requests require only four steps, not eight. (ICAP must still ask IWSVA

to check the policies to validate that the users making the subsequent requests can

browse the data, have not exceeded their quota, and so on.)

• Clustered IWSVA servers—When multiple IWSVA servers are used, the ICAP

device load balances the requests between the servers. This is vital for enterprise

environments where the demand for scanning incoming pages can overwhelm a

single IWSVA server. With ICAP, the ICAP device performs load balancing, and

receives maximum performance from the available IWSVA servers.

Note: Non-ICAP environments can receive similar benefits by using multiple IWSVA

servers. However, the administrator must utilize additional load balancing technology.

When IWSVA is configured in ICAP mode, it processes requests from any

ICAP-compliant client. Trend Micro supports the following ICAP client

implementations:

•NetCache

•Blue Coat

• Cisco Content Engines

•Squid