Migrating the Web Security manager off of a Websense appliance

Topic 50625 | Management Server Location Change | Web Security Solutions | v7.7.x, 7.8.x

In version 7.8, the Web Security manager cannot reside on an appliance. Before upgrading, disable the v7.7 on-appliance TRITON console and create a Windows-based TRITON management server.

Use the following instructions to complete the process:

Step 1: Disable the on-appliance TRITON console

Step 2: Create a new TRITON management server

Step 3: Restore your TRITON console backup

Step 1: Disable the on-appliance TRITON console

When you disable the TRITON console on the appliance, you are prompted to back up your existing configuration. You can then use the backup file to restore your configuration to the new management server machine.

Log on to the Appliance manager:

https://<C_interface>:9447/appmng

Under Configuration, select Web Security Components.

Under TRITON - Web Security, select Disabled.

Click Save.

The disabling process may take several minutes. Wait for it to complete.

When the process completes successfully, a TRITON Configuration link appears below the Disabled option. Use this link to create a backup of TRITON settings that can be restored to the off-appliance TRITON Unified Security Center:

Click the backup file link that is displayed below the Disabled button.

If a certificate error is displayed, click the continue or accept option to start the download.

Save the TRITON backup file (EIP_bak.tgz) in a convenient location.

Step 2: Create a new TRITON management server

Getting started

Install TRITON management components on a Windows Server 2008 R2 machine that meets or exceeds the v7.8 system requirements. (Note that while v7.8.x components can also run on Windows Server 2012, v7.7 components cannot.)

Download the TRITON Unified Installer (WebsenseTRITON77xSetup.exe) from mywebsense.com.

Right-click WebsenseTRITON77xSetup.exe and select Run as administrator to launch the installer. After a few seconds, a progress dialog box appears, as files are extracted.

On the Welcome screen, click Start.

On the Subscription Agreement screen, select I accept this agreement, then click Next.

On the Installation Type screen, select TRITON Unified Security Center, then mark the Web Security check box and click Next.

On the Summary screen, click Next to continue the installation.

TRITON Infrastructure Setup launches.

Install TRITON infrastructure components

The TRITON infrastructure includes data storage and common components for the management modules of the TRITON console.

On the TRITON Infrastructure Setup Welcome screen, click Next.

On the Installation Directory screen, specify the location where you want TRITON Infrastructure to be installed and then click Next.

To accept the default location (recommended), simply click Next.

To specify a different location, click Browse.


	Important The full installation path must use only ASCII characters. Do not use extended ASCII or double-byte characters.

On the SQL Server screen, select Use existing SQL Server on another machine, then specify the location and connection credentials for a database server located elsewhere in the network.

Enter the Hostname or IP address of the SQL Server machine, including the instance name, if any, and the Port to use for SQL Server communication.

If you are using a named instance, the instance must already exist.

If you are using SQL Server clustering, enter the virtual IP address of the cluster.

Specify whether to use SQL Server Authentication (a SQL Server account) or Windows Authentication (a Windows trusted connection), then provide the User Name or Account and its Password.

If you use a trusted account, an additional configuration step is required after installation to ensure that reporting data can be displayed in the Web Security manager. See Configuring Websense Apache services to use a trusted connection.

Click Next.

The installer verifies the connection to the database engine. If the connection test is successful, the next installer screen appears.

If the test is unsuccessful, click OK to dismiss the message, verify the information you entered, and click Next to try again.

On the Server & Credentials screen:

Select an IP address for this machine. If this machine has a single network interface card (NIC), only one address is listed.

Administrators will use this address to access the TRITON console (via a web browser), and Websense component on other machines will use it to connect to the TRITON management server.

Specify the Server or domain of the user account to be used by TRITON Infrastructure and TRITON Unified Security Center. The name cannot exceed 15 characters.

Specify the User name of the account to be used by TRITON Unified Security Center.

Enter the Password for the specified account.

On the Administrator Account screen, enter an email address and password for the default TRITON console administration account: admin. When you are finished, click Next.

System notification and password reset information is sent to the email address specified (once SMTP configuration is done; see next step).

On the Email Settings screen, enter information about the SMTP server to be used for system notifications and then click Next. You can also configure these settings after installation in the TRITON console.


	Important If you do not configure an SMTP server now and you lose the admin account password (set on previous screen) before the setup is done in the TRITON console, the "Forgot my password" link on the logon page does not provide password recovery information. SMTP server configuration must be completed before password recovery email can be sent.

IP address or hostname: IP address or host name of the SMTP server through which email alerts should be sent. In most cases, the default Port (25) should be used. If the specified SMTP server is configured to use a different port, enter it here.

Sender email address: Originator email address appearing in notification email.

Sender name: Optional descriptive name that can appear in notification email. This is can help recipients identify this as a notification email from the TRITON Unified Security Center.

On the Pre-Installation Summary screen, verify the information and then click Next to begin the installation.

The Installation screen appears, showing installation progress. Wait until all files have been installed.

If an Error 1920 message appears, check to see if port 9443 is already in use on this machine.

If port 9443 is in use, release it and then click Retry to continue installation.

On the Installation Complete screen, click Finish.

You are returned to the Installer Dashboard and, after a few seconds, the Web Security component installer launches.

Install Web Security management components

On the Select Components screen, select:

TRITON - Web Security (selected by default)

Real-Time Manager

When prompted, supply the IP address and port used by Policy Broker (on the full policy source appliance or Policy Broker machine) in your deployment.

If the management server machine does not include a supported version of the Microsoft SQL Server Native Client and related tools, you are prompted to install the required components. Follow the on-screen prompts to complete this process.

On the Pre-Installation Summary screen, verify the information shown, then click Next.

A progress screen is displayed. Wait for installation to complete.

On the Installation Complete screen, click Next.

This completes the management server installation process.

Step 3: Restore your TRITON console backup

Copy the EIP_bak.tgz file created when you disabled your on-appliance Web Security manager to the new TRITON management server machine.

Use a utility like 7-Zip to extract and unpack the contents of the appliance TRITON backup file to a temporary directory.

When the process is complete, you should have a directory called EIP_bak that contains, among other files, EIP.db and httpd-data.txt, as well as apache and tomcat folders.

Open the Windows Services tool on the TRITON management server.

Right-click the following service and select Stop:

Websense TRITON Unified Security Center

Websense TRITON Web Server

Websense TRITON - Web Security

Open the Windows Control Panel and select Programs > Programs and Features, then select Websense TRITON Infrastructure.

Click Uninstall/Change.

When asked if you want to modify, repair, or remove the TRITON Infrastructure, select Modify, then click Next until you get to the Restore Data from Backup screen.

Mark the Use backup data box and click the Browse button to locate the backup folder, then click Next until you begin the restore process.


	Note If you receive a pop-up message stating that the selected backup file "is from the same release but from a different build," click Yes to continue the restore process. The restore process will proceed normally.

Click Finish to complete the restore wizard.

10.

Go back to the Services window and click Refresh. If the Websense TRITON Unified Security Center service (or any other service that you stopped manually) has not restarted, right-click it and select Start.

Once the restore process is complete, a file named DataRestore.log is created in the date-stamped backup folder that was used for the restore.