Web Security Gateway Anywhere is a hybrid on-premises and in-the-cloud Web filtering solution. Users inside your corporate network are filtered by on-premises Websense components. Small, remote offices and off-site users can be filtered by Websense hybrid service clusters located across the globe.
Websense Web Security Gateway Anywhere software consists of components that work together to monitor Internet requests, log activity, apply Internet usage filters, and report on activity. In addition, Web Security Gateway Anywhere protects you from data loss over the Web, providing security for outbound content as well. You identify sensitive data and define whether you want to audit or block attempts to post it to HTTP, HTTPS, FTP, or FTP-over-HTTP channels.
Websense software is highly-distributable, providing the flexibility to scale a deployment to suit your needs. Components can be installed together on one machine for smaller organizations; or they can be distributed across mutliple machines, and multiple sites, to create a high-performing deployment for larger organizations. The appropriate deployment is determined by network size and configuration, Internet request volume, hardware performance, and filtering needs.
The following illustration is a high-level diagram of a basic software-based deployment of Web Security Gateway Anywhere. Note that this illustration is intended to show the general distribution of components and does not include network details (such as segmenting, internal firewalls, routing, switching, and so forth).
Microsoft SQL Server is used to store Websense data (including log and reporting data). SQL Server must be obtained separately; it is not included as part of a Websense subscription. When installing Websense components, SQL Server must be installed and running, typically on its own machine as shown above. SQL Server Express (installed using the Websense installer) may be used in place of SQL Server. However, it is a best practice to use SQL Server Express only in non-production or evaluation environments.
TRITON management server is the term used to refer to the machine on which
TRITON Unified Security Center is installed. This machine is used to manage your Websense deployment. It includes TRITON Infrastructure and any or all of the TRITON Unified Security Center modules (Web Security, Data Security, and Email Security). In Web Security Gateway Anywhere deployments, both the Web Security and Data Security modules of the TRITON Unified Security Center are enabled.
Linking Service is typically installed on this machine. Additional components may also be installed on this machine. For example, Web Security Log Server and Real-Time Monitor (note that these components may be installed on another machine; they are not required to be located on the TRITON management server).
Websense filtering components may be installed on the same machine or distributed across several machines. Additionally, you can install multiple instances (on different machines) of certain components to scale to your organization's needs.
Websense Content Gateway is a Web proxy that passes HTTP, HTTPS, FTP over HTTP, and native FTP traffic to Websense software for filtering. Content Gateway Manager—the Web-browser-based management UI for Content Gateway—runs on the Content Gateway machine, but is typically accessed from within TRITON Unified Security Center.
Small remote offices can be filtered through the Websense hybrid service. This is accomplished by designating a remote office as a hybrid filtered location. See
Initial Configuration for more information.
Off-site users (e.g., telecommuters or traveling personnel) can be filtered using the Websense hybrid service or Websense Remote Filtering. To use the hybrid service, a PAC file or the Websense Web endpoint is installed on the user's machine. This directs Web browsing to be filtered through the hybrid service according to policies in place.
Websense Remote Filtering is accomplished using a Remote Filtering Server and Remote Filtering Client. Websense
Remote Filtering Server is typically installed on its own machine in the network DMZ. Remote Filtering Server is used, in conjunction with
Remote Filtering Client, to filter off-site users that are outside the corporate network.
A combination of hybrid service and Remote Filtering can be used for off-site users—i.e., some filtered through the hybrid service, others filtered by Remote Filtering.
Important: When following these instructions, designate Filtering Service to be integrated with Websense Content Gateway:
Also install Policy Broker and
Policy Server before creating a TRITON management server.
Important: When following these instructions, choose to install both the Web Security and Data Security modules of the TRITON Unified Security Center. When you reach the
Installation Type screen of the Websense installer, select both
Web Security and
Data Security (under TRITON Unified Security Center).
Deployment and Installation Center
