Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Some components are limited to a single instance in the entire network, or to a single instance of components that depend on them. When deploying Websense software, consider the following restrictions.
Even when the number of dependent components is not limited to one, there are best practice component-to-dependent-component ratios. See Component ratios.
It may be appropriate to install multiple Filtering Service instances for load balancing. Some load balancing configurations allow the same user to be filtered by different Filtering Service instances, depending on the current load.
As a best practice, no more than 4 Network Agent instances should be deployed per Filtering Service. One Filtering Service instance may be able to handle more than 4 Network Agents, depending on the number of Internet requests, but if Filtering Service or Network Agent capacities are exceeded, filtering and logging inconsistencies may occur.
Network Agent can typically monitor 50 Mbps of traffic per second, or about 800 requests per second. The number of users that Network Agent can monitor depends on the volume of Internet requests from each user, the configuration of the network, and the location of Network Agent in relation to the computers it is assigned to monitor. Network Agent functions best when it is close to those computers.
As a best practice, no more than 10 Filtering Service instances should be deployed per Policy Server. A Policy Server instance may be able to handle more, depending on the load. However, if the number of Filtering Service instances exceeds the Policy Server's capacity, responses to Internet requests may be slowed.
If a ping command sent from one machine to another receives a response in fewer than 30 milliseconds (ms), the connection is considered high-quality. See Testing the connection for more information.
If Filtering Service and Policy Server become disconnected, all Internet requests are either blocked or permitted, depending on which option you have chosen in the TRITON - Web Security console. For more information, see the Getting Started topic in the TRITON - Web Security Help.
Filtering Service machines running behind firewalls or running remotely (at a great topological distance, communicating through a series of routers) may need their own Policy Server instance. In a multiple Policy Server environment, a single Websense Policy Database holds the policy settings for all Policy Server instances. See the TRITON - Web Security Help for more information.
Run a ping test to check the response time and connection between the Policy Server and Filtering Service machines. A response time of fewer than 30 milliseconds is recommended.
ping <IP address or hostname>
Here, <IP address or hostname> identifies the Filtering Service machine.
When you run the ping command on a Windows machines, the results resemble the following:
Minimum = 14ms, Maximum = 15ms, Average = 14ms
Ensure that Maximum round trip time or the value of ms is fewer than 30 ms. If the time is greater than 30 ms, move one of the components to a different network location and run the ping test again. If the result is still greater than 30 ms, locate and eliminate the source of the slow response.
Typically, only one Directory Agent instance is required in a deployment. Multiple instances may be deployed if necessary. However, specific configuration of the additional Directory Agent instances is required. See the TRITON - Web Security Help for more information and configuration instructions.
In a V-Series Appliance-based deployment of Websense Web Security Gateway Anywhere, be aware that Directory Agent is already installed on the appliance. Additional instances of Directory Agent are not typically necessary. If you need to deploy additional instances, see the TRITON - Web Security Help for important configuration instructions.