Planning Data Security Deployment > Most common deployments
|
Websense Data Security is a flexible system that affords you various, customizable deployment scenarios. Each scenario is based on an organization's practical needs and purposes—of course, individual hardware/software setups vary. Be sure to obtain guidance and advisement from your Websense sales representative to assure that the appropriate deployment option is tailored for your organization.Depending on your enterprise needs and requirements, a deployment can be subject to a variety of different combinations of components that make up Websense Data Security.
Monitoring or blocking for DLP over Web channels:
1 TRITON Management Server with Web Security and Data Security modules enabled
1 Windows server for Microsoft SQL Server and Log Database
1 TRITON Management Server with Web Security and Data Security modules enabled
1 Windows server for Microsoft SQL Server and Log DatabaseLarger organization with significant amount of traffic or multiple geographic locations. This will require load balancing between policy engines.
Monitoring or blocking for DLP over Web channels:
Monitoring or blocking of SMTP traffic
1 TRITON Management Server with SMTP agent and Web Security and Data Security modules enabled
1 Windows server for Microsoft SQL Server and Log Database
1 TRITON Management Server with Web Security and Data Security modules enabled
1 Windows server for Microsoft SQL Server and Log Database
Monitoring or blocking for DLP over email channels:
1 TRITON Management Server with Email Security and Data Security modules enabled
1 Windows server for Microsoft SQL Server and Log Database
1 TRITON Management Server with Email Security and Data Security modules enabled
1 Windows server for Microsoft SQL Server and Log DatabaseLarger organization with significant amount of traffic or multiple geographic locations. This will require load balancing between policy engines.
Monitoring or blocking for DLP over email channels:
User-defined protocols
Destination awareness
1 TRITON Management Server with Email Security and Data Security modules enabled
1 Windows server for Microsoft SQL Server and Log Database
1 TRITON Management Server with Email Security and Data Security modules enabled
1 Windows server for Microsoft SQL Server and Log Database
User-defined protocols
Destination awareness
1 Data Security Management ServerSmall-to-medium business with one or more egress points (connected to the same protector) to monitor traffic. This scenario is tailored to organizations that are keen on monitoring traffic rather than enforcing traffic
1 protector - load balancing with the Data Security serverLarger organization with significant amount of traffic. In most cases, they will also plan to move to enforcement. This will require both load balancing between policy engines and building a load-balanced SMTP Agents environment (to avoid single points of failure). Note that Protector MTA can be used in those cases in which SMTP Agent is not supported on the operating system. Organization having multiple geographical locations for monitoring traffic Organization having multiple geographical locations for monitoring traffic with low latency between sites. Local policy engine is placed close to protector to avoid occupying bandwidth when sending transactions to analysis. Both protectors will do load balancing with the local policy engine.
The Data Protect module includes:
HTTP and SMTP blocking
Policy enforcement for all channels
Destination policy controls
User-defined protocols
Destination awareness
1 Data Security Management Server
X Data Security Servers and Y protectors depending on traffic volume.
The protect mode is very similar to the monitor mode; therefore, the same topologies mentioned in the monitor table apply here.
Removable media & CD/DVD security
Application controls for copy/paste, print, print screen, file access
Endpoint Web channels (HTTP/HTTPS)
Endpoint LAN control
1 Data Security Server for every additional 30,000 endpoint clients
Network and file discovery for data in file folders, SharePoint sites, databases, and Exchange servers
Automated remediation for data at rest
1 Data Security Management Server
Websense Technical Support will assess the number of Data Security servers with discovery and fingerprinting crawlers needed.
Planning Data Security Deployment > Most common deployments
|