Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Library Search:


Go to the table of contents Go to the previous page Go to the next page Go to the index
Choosing and Deploying Data Security Agents > Integration agent

Integration agent
Applies to
*
Data Security v7.6.x
In this topic
*
Overview
*
Installing the integration agent
*
Registering the integration agent
*
Using the Websense Data Security API
Overview
The integration agent allows third-party products to send data to Websense Data Security for analysis.
Third parties can package the integration agent inside their own installer using simple, 'industry standard' methods that are completely transparent to end users.
When the third-party product is installed on a users system, it needs to register the integration agent with the Data Security Management Server. This can be done transparently through the installation process or using a command-line utility.
The integration agent works on the following operating systems:
*
Windows Server, 32-bit
*
Redhat Enterprise Linux
TRITON - Data Security treats third-party products that use the integration agent as it does any other agent.
It supports all relevant views and capabilities, including:
*
Incident Management and Reporting
*
Quarantine and Release of emails
*
Traffic log view
*
Load balancing capabilities
The Integration agent does not support discovery transactions.
For information on configuring the integration agent, see "Configuring the integration agent" in the TRITON - Data Security Help system.
Installing the integration agent
Installed components
When you embed the integration agent in your product installer, 3 Data Security components are installed on the end-user machine:
*
PEInterface.dll - A DLL the that interacts with the Data Security policy engine on the management server.
*
ConnectorsAPIClient.exe - Client software that connects the API in the third-party product with Websense Data Security.
*
registerAgent.bat (or .vbs) - A script that performs registration with the Data Security Management Server.
Installation package format
On Windows, the installation package for the integration agent is provided in 2 major formats:
*
MSM file. The installer that uses the MSM can choose (by setting properties) whether or not to register the product with the Data Security Management Server during installation. The MSM contains a 'custom action' that validates Data Security user names and passwords and can be called by the third-party installer.
*
MSI file. This file embeds the MSM file. Some parties prefer to work with an MSI, and others can use it as a reference implementation. The MSI installation wizard presents 4 interactive dialogs:
*
Installation-dir - installation directory.
*
Registered Channels - The DLP channels to use: HTTP, SMTP, Printer, Discovery.
*
Local IP Address - which of the static IP addresses currently assigned to the machine should be used for registration.
*
Data Security Management Server details - IP address or host name, user name, password.
On Linux, the package is in the form of a relocateable RPM.
Registering the integration agent
Every instance of the integration agent needs to be registered after being installed. (This is a one time operation.) In other words, every time the third-party product is installed on an end-user machine, that instance of the agent needs to be registered.
The registration operation can be done during the installation by the installer, or using a command-line utility provided with the agent.
The command-line utility should receive the following input arguments:
*
Protocols - a non-empty list of supported protocols (out of HTTP, SMTP, Printer, Discovery).
*
Data Security Management Server details - IP address or host name, user name, password.
*
Local IP Address (optional) - In case this is not supplied, use any of the static addresses of the machine, and print it to the standard output.
*
Search IP Address (optional) - used for re-registration after IP change. In case this is not supplied, use the address in the registerAgent.conf file. If that file does not exist, use the given local IP address.
A successful operation registers the machine with the Data Security Management Server as having the desired protocols and generates certificate files in the same directory that the tool is located. The tool also stored a configuration file (registerAgent.conf) with the IP address used for registration.
On failure, the script returns a meaningful exit code and prints an error message to standard output
Using the Websense Data Security API
Third parties that subscribe to the integration agent use a C-based API to send data to Websense Data Security for analysis and receive dispositions in return.
The API can be used to configure analysis operations on a transaction-by-transaction basis on the following variables:
*
Channel/Protocol - Upon installation the third-party product can declare its ability to intercept various protocols, and assign each transaction to a protocol.
*
Blocking/Monitoring mode - each transaction can work in a different mode.
*
Timeout - can be different per transaction.
For documentation on the Data Security API, consult with your Websense Sales representative.

Quick Links



Go to the table of contents Go to the previous page Go to the next page Go to the index
Choosing and Deploying Data Security Agents > Integration agent
(c) 2011 Websense, Inc. All Rights Reserved.