Technical Library
|
Support
Deployment Planning for TRITON Solutions
> TRITON Enterprise deployment overview
TRITON Enterprise deployment overview
Deployment and Installation Center | Web, Data, and Email Security Solutions | v7.8.x
Websense TRITON Enterprise includes Web Security Gateway Anywhere, Data Security, and Email Security Gateway Anywhere.
The TRITON Unified Security Center, the management interface for Web, Email, and Data Security, resides on a Windows server.
Web Security Gateway Anywhere may be deployed on Websense appliances, dedicated Windows or Linux servers, or a combination of platforms.
Data Security runs on Windows servers, optional Protector appliances, and elsewhere in the network.
Email Security Gateway Anywhere enforcement components reside only on Websense appliances. Management and reporting components reside on Windows servers.
High-level deployment diagram
The diagram shows an appliance-based deployment:
Remote office and off-site users
You can use the hybrid web service to provide security for small remote offices. This is accomplished by designating a remote office as a hybrid filtered location.
Either the hybrid service or Websense remote filtering software can provide policy enforcement and reporting for off-site users (e.g., telecommuters or traveling personnel).
To direct user requests to the hybrid service, you can install a PAC file or Websense Web Endpoint on the user's machine. Web requests from that machine are then directed to the hybrid service for policy enforcement.
To use remote filtering software, an optional component, Remote Filtering Server, is installed in your network DMZ, and Remote Filtering Client is installed on user machines. Web requests from the machine are sent to Remote Filtering Server, which connects to Filtering Service for policy enforcement. See
Deploying Remote Filtering Server and Client
.
Hybrid services
If your subscription includes Web Security Gateway Anywhere and Email Security Gateway Anywhere:
The cloud-based hybrid web service can provide Internet security for remote offices and off-site users.
The cloud-based email hybrid service provides an extra layer of email scanning, stopping spam, virus, phishing, and other malware attacks before they reach your network and possibly reducing email bandwidth and storage requirements. You can also use the hybrid service to encrypt outbound email before delivery to its recipient.
Websense appliances
Websense appliances may be used to deploy core Web and Email Security Gateway functionality.
The Content Gateway proxy on the appliance manages web traffic.
Incoming email flows from the email hybrid service (if enabled) to the Websense appliance and to your mail server. The Websense appliance also provides the Personal Email Manager facility for end users to manage quarantined email.
Data Security Protector
The protector is a Linux-based soft-appliance, providing monitoring and blocking capabilities, preventing data loss and leaks of sensitive information. Using PreciseID technology, the protector can be configured to accurately monitor sensitive information-in-transit on any port.
Components that may not be installed on Websense appliances
TRITON management server
The TRITON management server is the Windows server on which the TRITON Unified Security Center (TRITON console) is installed. The TRITON console is the management and reporting interface for Websense Web, Data, and Email Security solutions.
The Data Security Management Server and, typically, Crawler also reside on the TRITON management server machine to provide key Data Security functions, including web and email DLP (data loss prevention) features.
Linking Service also usually resides on the management server.
Web Security and Email Security Log Server
A separate Windows machine hosts Web Security Log Server and Email Security Log Server. These services receive information about Web Security and Email Security activity and process it into their respective Log Database.
Optional Web Security components
Remote Filtering Server, Sync Service, and transparent identification agents (
DC Agent, Logon Agent, eDirectory Agent, and RADIUS Agent) may not reside on V-Series appliances.
Also, you can install additional instances of several Web Security components on Windows or Linux servers, if needed.
Data Security Agents
Microsoft ISA/TMG agent, Printer agent, SMTP agent, Crawler, and Data Endpoint are installed on appropriate machines.
See
Installing Data Security Solutions
for installation instructions.
Data Endpoint (User Machine)
The Data Endpoint
can be installed on any machine.
Third-party components
Microsoft SQL Server
Microsoft SQL Server, running on a Windows server in your network, is used to store Websense TRITON logging and reporting data. Quarantined email messages are also stored here.
When Websense TRITON components are installed, SQL Server must be installed and running, typically on its own machine as shown in the diagram above. SQL Server Express (installed using the TRITON Unified Installer) may be used in small deployments or evaluation environments.
Mail server
Your internal mail server.
Deployment Planning for TRITON Solutions
> TRITON Enterprise deployment overview
Copyright 2016 Forcepoint LLC. All rights reserved.