A Web Security All deployment places all Web security filtering and management components on one machine. Typically, this type of deployment is for evaluation purposes or small organizations.
Websense Web security software monitors Internet requests, logs activity, applies Internet usage filters, and reports on activity. In addition, Web Security Gateway Anywhere (if included in your subscription) protects you from data loss over the Web, providing security for outbound content as well. You identify sensitive data and define whether you want to audit or block attempts to post it to HTTP, HTTPS, FTP, or FTP-over-HTTP channels.
The following illustration is a high-level diagram of a basic Web Security All deployment. Note that this illustration is intended to show the general distribution of components and does not include network details (such as segmenting, internal firewalls, routing, switching, and so forth).
Microsoft SQL Server is used to store Websense data (including log and reporting data). SQL Server must be obtained separately; it is not included as part of a Websense subscription. When installing Websense components, SQL Server must be installed and running, typically on its own machine as shown above. SQL Server Express (installed using the Websense installer) may be used in place of SQL Server. However, it is a best practice to use SQL Server Express only in non-production or evaluation environments.
Websense Content Gateway is a Web proxy that passes HTTP, HTTPS, FTP over HTTP, and FTP traffic to Websense software for inspection and policy enforcement. Content Gateway Manager—the Web-browser-based management UI for Content Gateway—runs on the Content Gateway machine, but is typically accessed from within TRITON Unified Security Center. Content Gateway is necessary if your subscription includes Web Security Gateway or Web Security Gateway Anywhere.
With Web Security Gateway Anywhere, small remote offices can be filtered through the Websense hybrid service. This is accomplished by designating a remote office as a hybrid filtered location. See
Initial Configuration for more information.
Off-site users (e.g., telecommuters or traveling personnel) can be filtered using the Websense hybrid service or Websense Remote Filtering. To use the hybrid service, a PAC file or the Websense Web endpoint is installed on the user's machine. This directs Web browsing to be filtered through the hybrid service according to policies in place.
Websense Remote Filtering is accomplished using a Remote Filtering Server and Remote Filtering Client. Websense
Remote Filtering Server is typically installed on its own machine in the network DMZ. Remote Filtering Server is used, in conjunction with
Remote Filtering Client, to filter off-site users that are outside the corporate network.
A combination of hybrid service and Remote Filtering can be used for off-site users—i.e., some filtered through the hybrid service, others filtered by Remote Filtering.
Deployment and Installation Center
