Setting up Proxy Services: Recommendations from NC LIVE

For specific EZproxy configuration information, see our proxy configuration page.

Is your library considering investing in proxy services? NC LIVE frequently consults with libraries during their proxy implementation and assists with troubleshooting these services. Below we outline what a proxy service is, how it works, and factors to consider when selecting and configuring a service. We also have some set-up recommendations based on our experience troubleshooting local proxy issues.

Because of the number of options and configurations possible in a proxy service, this overview doesn’t include every possible option.  If you have any questions please contact the NC LIVE Help Desk.

I. Proxy Service Overview 

A proxy service acts as a single ‘gatekeeper’ for web traffic to-and-from specific web targets, such as licensed electronic resources. It simplifies authentication and access for all patrons, regardless of where they are in the world. A local proxy server allows patrons to use a single credential, such as a familiar username and password, to access all licensed electronic resources. This includes both resources licensed or purchased by the local library and those provided through consortia such as NC LIVE. It also means that content providers only need to recognize one source of traffic, such as the proxy server IP address.

A. Ownership 

Proxy services can be delivered from library-owned systems and servers, or can just as easily be outsourced to a commercial provider; both approaches carry risks and rewards.

  • Some advantages of owned systems:  Libraries control access, retain all traffic and authentication records, and can make changes as quickly and as often as needed
  • Some drawbacks of owned systems: Staff turnover and hardware/software maintenance can impact budgets and users
  • Some advantages of outsourced systems: Predictable budgeting, skilled management and support
  • Some drawbacks of outsourced systems: Less control, logs and authentication records may be offsite under provider control, potential for disruption due to network connectivity, changes can take longer than they would with “owned” services

B. Authentication 

The service needs to be secured by some form of authentication for it to function as a proper pathway to vendor-licensed content—there must be a way for the service to easily recognize and allow access to authorized users, but exclude unauthorized users. Proxy servers can be secured in multiple ways, including connections to many existing systems for patron identification such as ILS login systems (SIP/SIP-2), LDAP directories (used to connect students to Moodle and Blackboard), Shibboleth, library card pattern-matching, and custom database-queried data stores. The most appropriate authentication method for each library will depend on which systems are already supported and familiar to patrons, and which systems are most appropriate for local library IT management.

C. Management 

The greatest amount of effort required for proxy services happens at the beginning, during setup and deployment. Ongoing service management consists of adding and removing licensed resource targets and/or processing of logging data.

II. Selecting The Right Approach 

Below are the three most common proxy approaches currently available to NC libraries:

A. Self-Hosted EZ-Proxy 

A library purchases a license for the EZ-Proxy software and deploys on a server they administer and control. See: http://www.oclc.org/ezproxy/ordering.en.html for ordering information. OCLC also provides a 30-day free trial for this product, which can help with the evaluation process.

B. ILS-based Proxy

Proxy service add-ons are available from ILS vendors. While there may be others available or being used by NC LIVE libraries, the most common ILS-based server is the WAM server bundled into the Innovative Interface ILS. Interested libraries should contact their ILS vendor to learn more about this option.

C. OCLC-Hosted EZ-Proxy

OCLC now offers a hosted version of their EZ-Proxy server:  http://www.oclc.org/ezproxy.en.html . This page contains information about their service, including links to webinars.

III. Recommendations

Every library is different, but the following setup is the most successful based on NC LIVE staff experience with running and troubleshooting proxy services. Note that this setup might need to be adjusted by local libraries due to constraints on staff, server capacity, and budgets:

  • Locally hosted, owned, and managed EZ Proxy instances are most easily managed if they are configured as a “Proxy-By-Name” server over port 80.

Using port 80 means libraries can avoid problems related to opening/managing extra firewall settings (see:  http://www.oclc.org/support/services/ezproxy/documentation/cfg/proxybyhostname.en.html ).

  • Running the proxy server in the same host as a webserver requires additional configuration steps.

It requires mapping a second network IP address to the system in order for the webserver and the proxy server to both use port 80. The host system can run the Windows or Linux version of the EZProxy software.

  • Connect the Proxy user-authentication (user.txt) to an existing data source. 

This can include an ILS Patron database, LDAP, Shibboleth, or custom database targets. A complete list of authentication options is here: http://www.oclc.org/support/services/ezproxy/documentation/usr.en.html .

  • Customize the “look and feel” of the login page.

If you use the built-in EZ Proxy login pages (as opposed to a custom script), you have the option to apply logos/colors/etc. to match the look and feel of your website. You can also include links to FAQs and login help for users.

  • Use the EZ Proxy “ExcludeIP” option so that the same links can be used both on and off campus. 

This is an easy way to simplify the links in your website so that authentication is not required for in-library users. Different links or web pages for on and off-campus use is unnecessary and is confusing for users. See http://www.oclc.org/support/services/ezproxy/documentation/cfg/excludeip.en.html  for setup options.