Go to the table of contents Go to the previous page Go to the next page
Email Security Gateway Deployment > Multiple-appliance deployments
Multiple-appliance deployments
Deployment and Installation Center | Email Security Solutions | Version 7.8.x
 
Multiple appliance deployments can be implemented when message volume warrants having greater processing capacity. When the deployed appliances are all in standalone mode, the appliances can be a mix of V10000 G2, V10000 G3, or V5000 G2 machines. An appliance cluster usually cannot contain a mix of appliance platforms. However, a V10000 G2 appliance may be deployed in a cluster with a V10000 G3 appliance. Contact Websense Technical Support for more information.
An X-Series modular chassis may include multiple blade servers running Email Security Gateway.
Email Security Gateway Anywhere appliance cluster
Multiple V-Series appliances are configured in Email Security Gateway Anywhere as a cluster for this deployment scenario. You may also consider multiple X10G blade servers for this scenario. This Email Security Gateway Anywhere environment includes the Email Security hybrid service "in the cloud" filtering. See Email Security Gateway Anywhere single appliance for information about the email hybrid service.
You may want to use a third-party load balancer with a V-Series appliance cluster, to distribute email traffic among your appliances. Appliances in a cluster all have the same configuration settings, which can streamline a load balancing implementation.
Personal Email Manager traffic load balancing may be accomplished via cluster configuration. After a cluster is created, designate the Personal Email Manager access point in Settings > Personal Email > Notification Message, in the Personal Email Manager Portal section. Personal Email Manager traffic is routed to this designated IP address. This appliance then passes the traffic on to other appliances in the cluster via the round robin forwarding mechanism.
To create a cluster, add an appliance to the Email Security appliances list on the Settings > General > Email Appliances page, then configure these appliances in a cluster on the Settings > General > Cluster Mode page. See the Email Security Gateway Manager Help for details.
A primary appliance in a cluster may have up to 7 secondary (or auxiliary) appliances. Configuration settings for any cluster appliance are managed only on the primary appliance Email Appliances page (Settings > General > Email Appliances).
Cluster appliances must all be running in the same security mode (Email Security only mode or dual Email Security/Web Security mode). The Email Security Gateway management server (TRITON console) and all cluster appliance versions must all match for cluster communication to work properly.
In order to protect the messages stored in Email Security queues, appliances added to a cluster must have the same message queue configuration as the other cluster appliances. For example, an administrator-created queue on appliance B must be configured on primary cluster appliance A before appliance B is added to the cluster. Message queue records may be lost if this step is not performed before cluster creation.
Multiple standalone appliances
A multiple standalone V-Series appliance or X-Series blade server deployment might be useful if each appliance must have different configuration settings. Two standalone scenarios are described in this section:
*
*
These Email Security Gateway Anywhere environments include the Email Security hybrid service "in the cloud" filtering. See Email Security Gateway Anywhere single appliance for information about the email hybrid service.
Using domain-based routing
You can configure domain-based delivery routes so that messages sent to recipients in specified domains are delivered to a particular appliance. Configuring a delivery preference for each SMTP server facilitates message routing.
Configure the domain groups for which you want to define delivery routes in the Settings > Users > Domain Groups > Add Domain Groups page. See the Email Security Gateway Manager Help for information about adding or editing domain groups:
*
*
To set up a domain-based delivery route on the Settings > Inbound/Outbound > Mail Routing page:
1.
Click Add in the Domain-based Routes section to open the Add Domain-based Route page.
2.
3.
Select an order number from the Route order drop-down list to determine the route's scanning order.
4.
Select a destination domain from the pre-defined domains in the Domain group drop-down list. Default is Protected Domain. Information about the selected domain group appears in the Domain details box.
If you want to add a new domain group to the list, navigate to Settings > Users > Domain Groups and click Add.
If you want to edit your selected domain group, click Edit to open the Edit Domain Group page.
 
Important 
The Protected Domain group defined in the Settings > Users > Domain Groups page should not be used to configure Email Security Gateway delivery routes if you need to define domain-based delivery routes via multiple SMTP servers.
5.
Select the SMTP server IP address delivery option to open the SMTP Server List:
a.
Click Add to open the Add SMTP Server dialog box.
b.
c.
Mark the Enable MX lookup check box to enable the MX lookup function.
Important 
*
Mark the Enable MX lookup check box for message delivery based on the host name MX record.
d.
If a single route has multiple defined server addresses, Email Security attempts to deliver mail in order of server preference. When multiple routes have the same preference, round robin delivery is used.
You may enter no more than 16 addresses in the SMTP Server List.
6.
a.
Select Use Transport Layer Security (TLS) if you want email traffic to use opportunistic TLS protocol.
b.
Select Require authentication when you want users to supply credentials. Enter the appropriate user name and password in the Authentication Information box. You must use the SMTP server IP address delivery method when you want users to authenticate.
Using DNS round robin
Email traffic distribution among multiple standalone appliances can be accomplished by using the domain name system (DNS) round robin method for distributing load.
With Email Security hybrid service configured and running, set up the round robin system as follows:
1.
2.
If hybrid service is not enabled, you need to modify your MX records to allow round robin load balancing. Ask your DNS manager (usually your Internet service provider) to replace your current MX records with new ones for load balancing that have a preference value equal to your current records.
 
 

Go to the table of contents Go to the previous page Go to the next page
Email Security Gateway Deployment > Multiple-appliance deployments
Copyright 2016 Forcepoint LLC. All rights reserved.