Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Go to the table of contents Go to the previous page Go to the next page Go to the index
TRITON Enterprise (V10000 G2)

This section contains information and instructions for deploying Websense TRITON Enterprise (i.e., Websense Web Security Gateway Anywhere, Data Security, and Email Security Gateway). The Web Security and Email Security portions are based on a Websense V10000 G2 appliance running in Web and Email Security mode.
The following illustration is a high-level diagram of a basic V10000-G2-based deployment of TRITON Enterprise. Note that this illustration is intended to show the general distribution of components and does not include network details (such as segmenting, firewalls, routing, switching, and so forth).
The Websense hybrid Web Security service can provide Web filtering for small remote offices. This is accomplished by designating a remote office as a hybrid filtered location. See Initial Configuration for more information.
Either the hybrid service or Websense Remote Filtering can provide Web filtering for off-site users (e.g., telecommuters or traveling personnel). To use the hybrid service, a PAC file or the Websense Web endpoint is installed on the user's machine. This directs Web browsing to be filtered through the hybrid service according to policies in place.
To use Websense Remote Filtering, Remote Filtering Client must be installed on the off-site machine. It works with Remote Filtering Server (see below).
If your subscription includes Email Security Gateway Anywhere, you can enable the Websense hybrid email service. This is an in-the-cloud service that provides an extra layer of email scanning, stopping spam, virus, phishing, and other malware attacks before they reach the network and considerably reducing email bandwidth and storage requirements. You can also use the hybrid service to encrypt outbound email before delivery to its recipient.
Websense Remote Filtering is accomplished using a Remote Filtering Server and Remote Filtering Client. Websense Remote Filtering Server is typically installed on its own machine in the network DMZ. Remote Filtering Server is used, in conjunction with Remote Filtering Client, to filter off-site users that are outside the corporate network.
The Websense V10000 G2 appliance provides the majority of Web and Email Security Gateway functions. Web traffic is directed through the Websense appliance for filtering.
Incoming email flows from the hybrid email service (if enabled) to the Websense appliance and to your mail server. The Websense appliance also provides the Personal Email Manager facility for end users to manage quarantined email.
A separate TRITON management server is required. TRITON management server is the term used to refer to the machine on which TRITON Unified Security Center is installed. This machine is used to manage your Websense deployment. It includes TRITON Infrastructure and all of the TRITON Unified Security Center modules (Web Security, Data Security, and Email Security).
The Data Security module of the TRITON Unified Security Center works with the Websense appliance to provide Web and email DLP (data loss prevention) features.
Also located on the TRITON management server are Data Security Management Server and, typically, Crawler providing key Data Security functions.
Linking Service is typically installed on this machine. Real-Time Monitor, Web Security Log Server, and Email Security Log Server may also be installed on this machine (note that these components may be installed on another machines; they are not required to be located on the TRITON management server).
Microsoft SQL Server, running on a Windows server in your network, is used to store Websense logging and reporting data. Quarantined email are also stored here.
SQL Server must be obtained separately; it is not included as part of a Websense subscription. When installing Websense components, SQL Server must be installed and running, typically on its own machine as shown above. SQL Server Express (installed using TRITON Unified Security Setup) may be used in place of SQL Server. However, it is a best practice to use SQL Server Express only in non-production or evaluation environments.
Sync Service and Transparent identification agents (DC Agent, Logon Agent, eDirectory Agent, and RADIUS Agent) must be installed on a separate machine from the appliance. Also, you can install additional instances of certain Web Security filtering components on off-appliance machines.
The protector is a Linux-based soft-appliance, providing monitoring and blocking capabilities, preventing data loss and leaks of sensitive information. Using PreciseID technology, the protector can be configured to accurately monitor sensitive information-in-transit on any port.
Microsoft ISA agent/TMG agent, Printer agent, SMTP agent, Crawler, and Endpoint agent are installed on appropriate machines.
The Endpoint agent can be installed on any machine.
The link above goes to general instructions for creating a TRITON management server. As you follow those instructions, choose to install all three modules of the TRITON Unified Security Center. This is done in the Installation Type screen of TRITON Unified Security Setup. When you reach that screen, select Web Security, Data Security, and Email Security (under TRITON Unified Security Center).


Go to the table of contents Go to the previous page Go to the next page Go to the index
TRITON Enterprise (V10000 G2)