Applies to:	In this topic:
Data Security, v7.7.x Web Security Gateway, v7.7.x Web Security Gateway Anywhere, v7.7.x Email Security Gateway, v7.7.x	Websense Web Security Gateway Anywhere Websense Email Security Gateway Websense Data Monitor Websense Data Protect Websense Data Endpoint Websense Data Discover

Topology	Small organization	Large org/Enterprise
Monitoring or blocking for DLP over Web channels: HTTP HTTPS FTP FTP-over-HTTP	1 TRITON Management Server with Web Security and Data Security modules enabled 1 V-Series appliance 1 Windows server for Microsoft SQL Server and Log Database	Scenario 1: 1 TRITON Management Server with Web Security and Data Security modules enabled 1 Data Security Server Multiple V-Series appliances 1 Windows server for Microsoft SQL Server and Log Database Larger organization with significant amount of traffic or multiple geographic locations. This will require load balancing between policy engines.
Monitoring or blocking for DLP over Web channels: HTTP HTTPS FTP FTP-over-HTTP Monitoring or blocking of SMTP traffic	1 TRITON Management Server with SMTP agent and Web Security and Data Security modules enabled 1 Protector 1 V-Series appliance 1 Windows server for Microsoft SQL Server and Log Database	Scenario 2: 1 TRITON Management Server with Web Security and Data Security modules enabled 1 Data Security Server 1 Protector Multiple V-Series appliances 1 Windows server for Microsoft SQL Server and Log Database

Topology	Small organization	Large org/Enterprise
Monitoring or blocking for DLP over email channels: SMTP	1 TRITON Management Server with Email Security and Data Security modules enabled 1 V-Series appliance 1 Windows server for Microsoft SQL Server and Log Database	1 TRITON Management Server with Email Security and Data Security modules enabled 1 Data Security Server Multiple V-Series appliances 1 Windows server for Microsoft SQL Server and Log Database Larger organization with significant amount of traffic or multiple geographic locations. This will require load balancing between policy engines.
Monitoring or blocking for DLP over email channels: SMTP Monitoring for: Web / FTP IM User-defined protocols Destination awareness	1 TRITON Management Server with Email Security and Data Security modules enabled 1 Protector 1 V-Series appliance 1 Windows server for Microsoft SQL Server and Log Database	1 TRITON Management Server with Email Security and Data Security modules enabled 1 Data Security Server 1 Protector Multiple V-Series appliances 1 Windows server for Microsoft SQL Server and Log Database

Topology	Small organization	Large org/Enterprise
Monitoring for: Mail Web / FTP IM User-defined protocols Destination awareness	1 Data Security Management Server 1 protector Small-to-medium business with one or more egress points (connected to the same protector) to monitor traffic. This scenario is tailored to organizations that are keen on monitoring traffic rather than enforcing traffic	Scenario 1: 1 Data Security Management Server 1 Data Security Server 1 protector - load balancing with the Data Security server Larger organization with significant amount of traffic. In most cases, they will also plan to move to enforcement. This will require both load balancing between policy engines and building a load-balanced SMTP Agents environment (to avoid single points of failure). Note that Protector MTA can be used in those cases in which SMTP Agent is not supported on the operating system.
		Scenario 2: 1 Data Security Management Server 1 Data Security Server 2 protectors - one for each site Organization having multiple geographical locations for monitoring traffic
		Scenario 3: 1 Data Security Management Server 2 Data Security Servers - one for each site 2 protectors - one for each site Organization having multiple geographical locations for monitoring traffic with low latency between sites. Local policy engine is placed close to protector to avoid occupying bandwidth when sending transactions to analysis. Both protectors will do load balancing with the local policy engine.

Topology	Small organization	Large org/Enterprise
The Data Protect module includes: Data Protection: HTTP and SMTP blocking Policy enforcement for all channels Destination policy controls Data Monitoring: Monitoring for: Mail Web / FTP IM User-defined protocols Destination awareness	1 Data Security Management Server 1 protector	1 Data Security Management Server X Data Security Servers and Y protectors depending on traffic volume. The protect mode is very similar to the monitor mode; therefore, the same topologies mentioned in the monitor table apply here.

Topology	Small organization	Large org/Enterprise
Local discovery Removable media & CD/DVD security Application controls for copy/paste, print, print screen, file access Endpoint Web channels (HTTP/HTTPS) Endpoint LAN control	1 Management Server Endpoint clients	1 Data Security Management Server 1 Data Security Server for every additional 30,000 endpoint clients

Topology	Small organization	Large org/Enterprise
Network and file discovery for data in file folders, SharePoint sites, databases, and Exchange servers Automated remediation for data at rest	1 Data Security Management Server 1 Data Security Server	1 Data Security Management Server Websense Technical Support will assess the number of Data Security servers with discovery and fingerprinting crawlers needed.