Websense Security Blade Manager Help
X-Series v7.6.4

Library Search:


Go to the table of contents Go to the previous page Go to the next page Go to the index View or print as PDF
Configuration > Configuring Web Security components on the X10G security blade > User directory with X10G security blades

User directory with X10G security blades
If your organization relies on user identification or authentication, each security blade that is running Websense User Service must be configured to talk to a user directory. Multiple blades can talk to the same user directory, or to different user directories.
Preparing for hybrid user identification
With Web Security Gateway Anywhere (Web Security Gateway with the hybrid deployment option and enterprise-class data loss prevention) running, some users in your organization may be filtered by the hybrid (SaaS) cloud service. In this situation, an interoperability component on the security blade called Directory Agent is required to enable user-, group-, and domain- (OU) based filtering.
Directory Agent must be able to communicate with:
*
Your supported LDAP-based directory service (Windows Active Directory [Native Mode], Oracle [Sun Java] Directory Server, or Novell eDirectory)
*
Websense Sync Service
After deployment, use TRITON - Web Security to configure User Service and Directory Agent.
*
User Service configuration is performed on the Settings > General > Directory Services page.
*
Directory Agent configuration is performed on the Settings > Hybrid Configuration > Shared User Data page.
*
You can have multiple Directory Agent instances.
*
Each Directory Agent must use a unique, non-overlapping root context.
*
Each Directory Agent instance must be associated with a different Policy Server.
*
All Directory Agent instances must connect to a single Sync Service. (A deployment can have only one Sync Service instance.)
*
You must configure the Sync Service connection manually for all supplemental Directory Agent instances (these are the Directory Agents running on secondary blades). Communication is configured automatically for the Directory Agent instance that connects to the same Policy Server as Sync Service. See the TRITON - Web Security Help for details.
You can configure Directory Agent to use a different root context than User Service, and to process its directory data differently than User Service. Also, with Windows Active Directory, if User Service is configured to communicate with multiple global catalog servers, Directory Agent can communicate with all of them.
 

Quick Links



Go to the table of contents Go to the previous page Go to the next page Go to the index View or print as PDF
Configuration > Configuring Web Security components on the X10G security blade > User directory with X10G security blades
(c) 2011 Websense, Inc. All Rights Reserved.