Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Library Search:


Go to the table of contents Go to the previous page Go to the next page Go to the index
Websense Email Security Gateway Deployment > Email Security Gateway multiple-appliance deployments

Email Security Gateway multiple-appliance deployments
Applies to
*
Email Security Gateway v7.6
*
Email Security Gateway Anywhere v7.6
In this topic
*
Overview
*
Email Security Gateway appliance cluster
*
Multiple standalone appliances with load balancing
*
Multiple standalone appliances with domain-based routing
Overview
Multiple V-Series appliance deployments can be implemented when message traffic volume warrants having greater processing capacity. When the deployed appliances are all in standalone mode, the appliances can be either V10000 G2 or V5000 G2 machines. In an appliance cluster, however, all the machines must be V10000 G2 or V5000 G2 machines. The cluster cannot contain a mix of appliance platforms.
Email Security Gateway appliance cluster
Multiple V-Series appliances are configured in Email Security Gateway as a cluster for this deployment. Appliances in a cluster must be either all V10000 G2 machines or all V5000 G2 machines. A cluster cannot contain a mix of different appliance platforms.
You may want to use a third-party load balancer with an appliance cluster, to distribute email traffic among your appliances. Appliances in a cluster all have the same configuration settings, which can streamline a load balancing implementation.
Add an appliance to the Email Security appliances list on the Settings > General > Email Appliances page. Configure available appliances in a cluster on the Settings > General > Cluster Mode page. See the TRITON - Email Security Help for details.
A primary appliance in a cluster may have up to 7 secondary (auxiliary) appliances. Configuration settings for any cluster appliance are managed only on the primary appliance Email Appliances page (Settings > General > Email Appliances).
Cluster appliances must all be running in the same deployment mode (Email Security only mode or dual Email Security/Web Security mode). The Email Security Gateway management server and cluster appliance versions must all match for cluster communication to succeed.
In order to protect the messages stored in Email Security queues, appliances added to a cluster must have the same message queue configuration as the other cluster appliances. For example, an administrator-created queue on appliance B must be configured on primary cluster appliance A before appliance B is added to the cluster. Message queue records may be lost if this step is not performed.
This Email Security Gateway Anywhere environment includes the Email Security hybrid service "in the cloud" filtering. Register for the hybrid service in the Email Security Gateway management interface (Settings > General > Hybrid Configuration). See the TRITON - Email Security Help for details.
The hybrid service prevents malicious email traffic from entering a company's network by:
*
Dropping a connection request based on the reputation of the IP address of the request
*
Scanning inbound email against a database of known spam and viruses, and dropping any message that matches a database entry
The hybrid service may also share spam and virus detection information by writing extended headers in the mail it sends to Email Security Gateway. The additional header information includes a spam/virus detection "score," which Email Security then uses to determine message disposition.
Multiple standalone appliances with load balancing
A multiple standalone appliance deployment might be useful if each appliance must have different configuration settings.
Email traffic distribution among multiple standalone appliances can be accomplished by using the domain name system (DNS) round robin method for distributing load.
With Email Security hybrid service configured and running, set up the round robin system as follows:
1.
Enter the SMTP server domain in the Delivery Route page of the hybrid service configuration wizard used for registering Email Security Gateway with the hybrid service (Settings > General > Hybrid Configuration).
2.
Register the IP addresses of the appliances you want subject to the round robin method in the SMTP domain.
If hybrid service is not enabled, you need to modify your MX records to allow round robin load balancing. Ask your DNS manager (usually your Internet service provider) to replace your current MX records with new ones for load balancing that have a preference value equal to your current records.
This Email Security Gateway Anywhere environment includes the Email Security hybrid service "in the cloud" filtering. Register for the hybrid service in the Email Security Gateway management interface (Settings > General > Hybrid Configuration). See the TRITON - Email Security Help for details.
The hybrid service prevents malicious email traffic from entering a company's network by:
*
Dropping a connection request based on the reputation of the IP address of the request
*
Scanning inbound email against a database of known spam and viruses, and dropping any message that matches a database entry
The hybrid service may also share spam and virus detection information by writing extended headers in the mail it sends to Email Security Gateway. The additional header information includes a spam/virus detection "score," which Email Security then uses to determine message disposition.
Multiple standalone appliances with domain-based routing
You can configure domain-based delivery routes so that messages sent to recipients in specified domains are delivered to a particular appliance.
Configure the domain groups for which you want to define delivery routes in the Settings > General > Domain Groups > Add Domain Groups page. See the TRITON - Email Security Help for information about adding or editing domain groups.
To set up a domain-based delivery route on the Settings > Receive/Send > Mail Routing page:
1.
Click Add in the Domain-based Routes section to open the Add Domain-based Route page.
2.
Enter a name for your route in the Route name field.
3.
Select an order number from the Route order drop-down list to determine the route's scanning order.
4.
Select a destination domain from the pre-defined domains in the Domain group drop-down list. Default is Protected Domain. Information about the domain group appears in the Domain details box.
If you want to add a new domain group to the list, navigate to Settings > General > Domain Groups and click Add.
If you want to edit your selected domain group, click Edit to open the Edit Domain Group page.
5.
Select the SMTP server IP address option.
6.
Enter the SMTP server IP address or host name and port. Mark the check box to enable MX lookup. Click the right arrow to add the SMTP server information to the SMTP Server List. Mail for that domain group is delivered to the specified SMTP server for routing to the domain address.
This Email Security Gateway Anywhere environment includes the Email Security hybrid service "in the cloud" filtering. Register for the hybrid service in the Email Security Gateway management interface (Settings > General > Hybrid Configuration). See the TRITON - Email Security Help for details.
The hybrid service prevents malicious email traffic from entering a company's network by:
*
Dropping a connection request based on the reputation of the IP address of the request
*
Scanning inbound email against a database of known spam and viruses, and dropping any message that matches a database entry
The hybrid service may also share spam and virus detection information by writing extended headers in the mail it sends to Email Security Gateway. The additional header information includes a spam/virus detection "score," which Email Security then uses to determine message disposition.

Quick Links



Go to the table of contents Go to the previous page Go to the next page Go to the index
Websense Email Security Gateway Deployment > Email Security Gateway multiple-appliance deployments
(c) 2011 Websense, Inc. All Rights Reserved.