This section contains information and instructions for a Websense-appliance-based deployment of Websense Web Security Gateway Anywhere. In this deployment scenario, a Websense V10000, V10000 G2, or V5000 G2 appliance provides the majority of Web Security Gateway Anywhere functions. For information about a software-based deployment of Web Security Gateway Anywhere, see
Web Security Gateway Anywhere (software-based).
The following illustration is a high-level diagram of a basic single-appliance-based deployment of Web Security Gateway Anywhere. Note that this illustration is intended to show the general distribution of components and does not include network details (such as segmenting, firewalls, routing, switching, and so forth).
Microsoft SQL Server is used to store Websense data (including log and reporting data). SQL Server must be obtained separately; it is not included as part of a Websense subscription. When installing Websense components, SQL Server must be installed and running, typically on its own machine as shown above. SQL Server Express (installed using the Websense installer) may be used in place of SQL Server. However, it is a best practice to use SQL Server Express only in non-production or evaluation environments.
TRITON management server is the term used to refer to the machine on which
TRITON Unified Security Center is installed. This machine is used to manage your Websense deployment. It includes TRITON Infrastructure and any or all of the TRITON Unified Security Center modules (Web Security, Data Security, and Email Security). In Web Security Gateway Anywhere deployments, both the Web Security and Data Security modules of the TRITON Unified Security Center are enabled.
Linking Service is typically installed on this machine. Additional components may also be installed on this machine. For example,
Web Security Log Server and
Real-Time Monitor (note that these components may be installed on another machine; they are not required to be located on the TRITON management server).
Sync Service and Transparent identification agents (
DC Agent,
Logon Agent,
eDirectory Agent, and
RADIUS Agent) must be installed on a separate machine from the appliance.
Small remote offices can be filtered through the Websense hybrid service. This is accomplished by designating a remote office as a hybrid filtered location. See
Initial Configuration for more information.
Off-site users (e.g., telecommuters or traveling personnel) can be filtered using the Websense hybrid service or Websense Remote Filtering. To use the hybrid service, a PAC file or the Websense Web Endpoint is installed on the user's machine. This directs Web browsing to be filtered through the hybrid service according to policies in
place. See Deploying Websense Endpoints for more information.
Websense Remote Filtering is accomplished using a Remote Filtering Server and Remote Filtering Client. Websense
Remote Filtering Server is typically installed on its own machine in the network DMZ. Remote Filtering Server is used, in conjunction with
Remote Filtering Client, to filter off-site users that are outside the corporate network. A combination of hybrid service and Remote Filtering can be used for off-site users—i.e., some filtered through the hybrid service, others filtered by Remote Filtering.
The above link goes to general instructions for creating a TRITON management server. In the case of Web Security Gateway Anywhere, choose to install both the Web Security and Data Security modules of TRITON Unified Security Center: when you reach the
Installation Type screen of the Websense installer, select both
Web Security and
Data Security (under TRITON Unified Security Center).