We are (finally) planning to move the proxy settings on all of our workstations from Microsoft GPO to a single PAC file globally. We have users and offices globally, so we are hosting the PAC file in an AWS S3 bucket and distributing it with AWS Cloudfront CDN. This works perfectly, EXCEPT for our Chinese users when they are sitting at home on a Chinese public internet circuit. They don't get a proxy set when they are off of the corporate network, but they still need to initially download the PAC file for the logic to work.
What happens is that the closest AWS POP is in Hong Kong which is outside of the great firewall of China, so they're getting roughly 25% packet loss and terrible latency to AWS due to (I assume) packet inspection and internet congestion to get out of the country, which causes the browser to freeze for several seconds each time the PAC file is downloaded. We have PAC file caching enabled which improves the situation a bit but it's still quite bad. I have tested with Azure CDN but basically gives the same results. I assume Akamai has a similar service but we haven't tried them since we're not using them at this point for other stuff.
I guess I have two questions:
1) Are we missing any obvious setting somewhere? (either on the browser side or CDN side?)
2) Worst case I guess we'll need to host the file at a local Chinese CDN provider for our local users. Any experiences? (or try Akamai?)
Thanks in advance.
No comments:
Post a Comment