Some components are limited to a single instance in the entire network, or to a single instance of components that depend on them. When deploying Websense software, consider the following restrictions.
As a best practice, no more than 4 Network Agent instances should be deployed per Filtering Service. One Filtering Service instance may be able to handle more than 4 Network Agents, depending on the number of Internet requests, but if Filtering Service or Network Agent capacities are exceeded, filtering and logging inconsistencies may occur.
Network Agent can typically monitor 50 Mbps of traffic per second, or about 800 requests per second. The number of users that Network Agent can monitor depends on the volume of Internet requests from each user, the configuration of the network, and the location of Network Agent in relation to the computers it is assigned to monitor. Network Agent functions best when it is close to those computers.
As a best practice, no more than 10 Filtering Service instances should be deployed per Policy Server. A Policy Server instance may be able to handle more, depending on the load. However, if the number of Filtering Service instances exceeds the Policy Server's capacity, responses to Internet requests may be slowed.
If Filtering Service and Policy Server become disconnected, all Internet requests are either blocked or permitted, depending on which option you have chosen in the TRITON - Web Security console. For more information, see the
Getting Started topic in the TRITON - Web Security Help.
Filtering Service machines running behind firewalls or running remotely (at a great topological distance, communicating through a series of routers) may need their own Policy Server instance. In a multiple Policy Server environment, a single Websense Policy Database holds the policy settings for all Policy Server instances. See the TRITON - Web Security Help for more information.
Run a ping test to check the response time and connection between the Policy Server and Filtering Service machines. A response time of fewer than 30 milliseconds is recommended.
Here, <IP address or hostname> identifies the Filtering Service machine.
When you run the ping command on a Windows machines, the results resemble the following:
Ensure that Maximum round trip time or the value of
time=x.xxx ms is fewer than 30 ms. If the time is greater than 30 ms, move one of the components to a different network location and run the ping test again. If the result is still greater than 30 ms, locate and eliminate the source of the slow response.
Typically, only one Directory Agent instance is required in a deployment. Multiple instances may be deployed if necessary. However, specific configuration of the additional Directory Agent instances is required. See the TRITON - Web Security Help for more information and configuration instructions.