Technical Library
|
Support
Planning Data Security Deployment
> Most common deployments
Most common deployments
Deployment and Installation Center | Data Security Solutions | Version 7.7.x
Applies to:
In this topic:
Data Security, v7.7.x
Web Security Gateway, v7.7.x
Web Security Gateway Anywhere, v7.7.x
Email Security Gateway, v7.7.x
Websense Web Security Gateway Anywhere
Websense Email Security Gateway
Websense Data Monitor
Websense Data Protect
Websense Data Endpoint
Websense Data Discover
Websense Data Security is a flexible system that affords you various, customizable deployment scenarios. Each scenario is based on an organization's practical needs and purposes—of course, individual hardware/software setups vary. Be sure to obtain guidance and advisement from your Websense sales representative to assure that the appropriate deployment option is tailored for your organization.
Below are the most common single and multi-site deployment scenarios.
Websense Web Security Gateway Anywhere
Depending on your enterprise needs and requirements, a deployment can be subject to a variety of different combinations of components that make up Websense Data Security.
Topology
Small organization
Large org/Enterprise
Monitoring or blocking for DLP over Web channels:
HTTP
HTTPS
FTP
FTP-over-HTTP
1 TRITON Management Server with Web Security and Data Security modules enabled
1 V-Series appliance
1 Windows server for Microsoft SQL Server and Log Database
Scenario 1:
1 TRITON Management Server with Web Security and Data Security modules enabled
1 Data Security Server
Multiple V-Series appliances
1 Windows server for Microsoft SQL Server and Log Database
Larger organization with significant amount of traffic or multiple geographic locations. This will require load balancing between policy engines.
Monitoring or blocking for DLP over Web channels:
HTTP
HTTPS
FTP
FTP-over-HTTP
Monitoring or blocking of SMTP traffic
1 TRITON Management Server with SMTP agent and Web Security and Data Security modules enabled
1 Protector
1 V-Series appliance
1 Windows server for Microsoft SQL Server and Log Database
Scenario 2:
1 TRITON Management Server with Web Security and Data Security modules enabled
1 Data Security Server
1 Protector
Multiple V-Series appliances
1 Windows server for Microsoft SQL Server and Log Database
Websense Email Security Gateway
Topology
Small organization
Large org/Enterprise
Monitoring or blocking for DLP over email channels:
SMTP
1 TRITON Management Server with Email Security and Data Security modules enabled
1 V-Series appliance
1 Windows server for Microsoft SQL Server and Log Database
1 TRITON Management Server with Email Security and Data Security modules enabled
1 Data Security Server
Multiple V-Series appliances
1 Windows server for Microsoft SQL Server and Log Database
Larger organization with significant amount of traffic or multiple geographic locations. This will require load balancing between policy engines.
Monitoring or blocking for DLP over email channels:
SMTP
Monitoring for:
Web / FTP
IM
User-defined protocols
Destination awareness
1 TRITON Management Server with Email Security and Data Security modules enabled
1 Protector
1 V-Series appliance
1 Windows server for Microsoft SQL Server and Log Database
1 TRITON Management Server with Email Security and Data Security modules enabled
1 Data Security Server
1 Protector
Multiple V-Series appliances
1 Windows server for Microsoft SQL Server and Log Database
Websense Data Monitor
Topology
Small organization
Large org/Enterprise
Monitoring for:
Mail
Web / FTP
IM
User-defined protocols
Destination awareness
1 Data Security Management Server
1 protector
Small-to-medium business with one or more egress points (connected to the same protector) to monitor traffic. This scenario is tailored to organizations that are keen on monitoring traffic rather than enforcing traffic
Scenario 1:
1 Data Security Management Server
1 Data Security Server
1 protector - load balancing with the Data Security server
Larger organization with significant amount of traffic. In most cases, they will also plan to move to enforcement. This will require both load balancing between policy engines and building a load-balanced SMTP Agents environment (to avoid single points of failure). Note that Protector MTA can be used in those cases in which SMTP Agent is not supported on the operating system.
Scenario 2:
1 Data Security Management Server
1 Data Security Server
2 protectors - one for each site
Organization having multiple geographical locations for monitoring traffic
Scenario 3:
1 Data Security Management Server
2 Data Security Servers - one for each site
2 protectors - one for each site
Organization having multiple geographical locations for monitoring traffic with low latency between sites. Local policy engine is placed close to protector to avoid occupying bandwidth when sending transactions to analysis. Both protectors will do load balancing with the local policy engine.
Websense Data Protect
Topology
Small organization
Large org/Enterprise
The Data Protect module includes:
Data Protection:
HTTP and SMTP blocking
Policy enforcement for all channels
Destination policy controls
Data Monitoring:
Monitoring for:
Mail
Web / FTP
IM
User-defined protocols
Destination awareness
1 Data Security Management Server
1 protector
1 Data Security Management Server
X Data Security Servers and Y protectors depending on traffic volume.
The protect mode is very similar to the monitor mode; therefore, the same topologies mentioned in the monitor table apply here.
Websense Data Endpoint
Topology
Small organization
Large org/Enterprise
Local discovery
Removable media & CD/DVD security
Application controls for copy/paste, print, print screen, file access
Endpoint Web channels (HTTP/HTTPS)
Endpoint LAN control
1 Management Server
Endpoint clients
1 Data Security Management Server
1 Data Security Server for every additional 30,000 endpoint clients
Websense Data Discover
Topology
Small organization
Large org/Enterprise
Network and file discovery for data in file folders, SharePoint sites, databases, and Exchange servers
Automated remediation for data at rest
1 Data Security Management Server
1 Data Security Server
1 Data Security Management Server
Websense Technical Support will assess the number of Data Security servers with discovery and fingerprinting crawlers needed.
Planning Data Security Deployment
> Most common deployments
Copyright 2016 Forcepoint LLC. All rights reserved.