Planning Data Security Deployment > Most common deployments

Most common deployments

Applies to

Data Security v7.6.x

In this topic

Overview

Websense Web Security Gateway Anywhere

Websense Email Security Gateway

Websense Data Monitor

Websense Data Protect

Websense Data Endpoint

Websense Data Discover

Overview

Websense Data Security is a flexible system that affords you various, customizable deployment scenarios. Each scenario is based on an organization's practical needs and purposes—of course, individual hardware/software setups vary. Be sure to obtain guidance and advisement from your Websense sales representative to assure that the appropriate deployment option is tailored for your organization.

Below are the most common single and multi-site deployment scenarios.

Websense Web Security Gateway Anywhere

Depending on your enterprise needs and requirements, a deployment can be subject to a variety of different combinations of components that make up Websense Data Security.

Topology	Small organization	Large org/Enterprise
Monitoring or blocking for DLP over Web channels: HTTP HTTPS FTP FTP-over-HTTP	1 TRITON Management Server with Web Security and Data Security modules enabled 1 V-Series appliance 1 Windows server for Microsoft SQL Server and Log Database	Scenario 1: 1 TRITON Management Server with Web Security and Data Security modules enabled 1 Data Security Server Multiple V-Series appliances 1 Windows server for Microsoft SQL Server and Log Database Larger organization with significant amount of traffic or multiple geographic locations. This will require load balancing between policy engines.
Monitoring or blocking for DLP over Web channels: HTTP HTTPS FTP FTP-over-HTTP Monitoring or blocking of SMTP traffic	1 TRITON Management Server with SMTP agent and Web Security and Data Security modules enabled 1 Protector 1 V-Series appliance 1 Windows server for Microsoft SQL Server and Log Database	Scenario 2: 1 TRITON Management Server with Web Security and Data Security modules enabled 1 Data Security Server 1 Protector Multiple V-Series appliances 1 Windows server for Microsoft SQL Server and Log Database

Websense Email Security Gateway

Topology	Small organization	Large org/Enterprise
Monitoring or blocking for DLP over email channels: SMTP	1 TRITON Management Server with Email Security and Data Security modules enabled 1 V-Series appliance 1 Windows server for Microsoft SQL Server and Log Database	1 TRITON Management Server with Email Security and Data Security modules enabled 1 Data Security Server Multiple V-Series appliances 1 Windows server for Microsoft SQL Server and Log Database Larger organization with significant amount of traffic or multiple geographic locations. This will require load balancing between policy engines.
Monitoring or blocking for DLP over email channels: SMTP Monitoring for: Web / FTP IM User-defined protocols Destination awareness	1 TRITON Management Server with Email Security and Data Security modules enabled 1 Protector 1 V-Series appliance 1 Windows server for Microsoft SQL Server and Log Database	1 TRITON Management Server with Email Security and Data Security modules enabled 1 Data Security Server 1 Protector Multiple V-Series appliances 1 Windows server for Microsoft SQL Server and Log Database

Websense Data Monitor

Topology	Small organization	Large org/Enterprise
Monitoring for: Mail Web / FTP IM User-defined protocols Destination awareness	1 Data Security Management Server 1 protector Small-to-medium business with one or more egress points (connected to the same protector) to monitor traffic. This scenario is tailored to organizations that are keen on monitoring traffic rather than enforcing traffic	Scenario 1: 1 Data Security Management Server 1 Data Security Server 1 protector - load balancing with the Data Security server Larger organization with significant amount of traffic. In most cases, they will also plan to move to enforcement. This will require both load balancing between policy engines and building a load-balanced SMTP Agents environment (to avoid single points of failure). Note that Protector MTA can be used in those cases in which SMTP Agent is not supported on the operating system.
		Scenario 2: 1 Data Security Management Server 1 Data Security Server 2 protectors - one for each site Organization having multiple geographical locations for monitoring traffic
		Scenario 3: 1 Data Security Management Server 2 Data Security Servers - one for each site 2 protectors - one for each site Organization having multiple geographical locations for monitoring traffic with low latency between sites. Local policy engine is placed close to protector to avoid occupying bandwidth when sending transactions to analysis. Both protectors will do load balancing with the local policy engine.

Websense Data Protect

Topology	Small organization	Large org/Enterprise
The Data Protect module includes: Data Protection: HTTP and SMTP blocking Policy enforcement for all channels Destination policy controls Data Monitoring: Monitoring for: Mail Web / FTP IM User-defined protocols Destination awareness	1 Data Security Management Server 1 protector	1 Data Security Management Server X Data Security Servers and Y protectors depending on traffic volume. The protect mode is very similar to the monitor mode; therefore, the same topologies mentioned in the monitor table apply here.

Websense Data Endpoint

 

Topology	Small organization	Large org/Enterprise
Local discovery Removable media & CD/DVD security Application controls for copy/paste, print, print screen, file access Endpoint Web channels (HTTP/HTTPS) Endpoint LAN control	1 Management Server Endpoint clients	1 Data Security Management Server 1 Data Security Server for every additional 30,000 endpoint clients

Websense Data Discover

 

Topology	Small organization	Large org/Enterprise
Network and file discovery for data in file folders, SharePoint sites, databases, and Exchange servers Automated remediation for data at rest	1 Data Security Management Server 1 Data Security Server	1 Data Security Management Server Websense Technical Support will assess the number of Data Security servers with discovery and fingerprinting crawlers needed.

Planning Data Security Deployment > Most common deployments