Transparent Identification of Users
Websense Web Security Solutions, Versions 7.5 and 7.6

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Websense DC Agent

DC Agent queries Windows domain controllers for logon session information to identify users without prompting them for logon information. The agent works with User Service to gather user information and send it to Filtering Service for use in applying policies. Several variables determine the speed of data transmission, including the size of your network and the amount of existing network traffic. See Components used for transparent identification with DC Agent for more information.
*
DC Agent detects domain controllers: At startup, and (by default) every 24 hours thereafter, DC Agent identifies available domains and domain controllers in the network, saves the information to dc_config.txt, and sends the information to Filtering Service.
NetBIOS and Domain Discovery 
For automatic domain detection to occur, NetBIOS must be enabled on firewalls or routers connecting virtually or physically separate subnets or domains. In particular, TCP port 139 (used by NetBIOS) must be enabled. If NetBIOS is not enabled between domains or subnets, DC Agent cannot communicate with those domains or subnets. This can be true even if those domains or subnets are trusted by the domain where Filtering Service resides.
*
DC Agent obtains logon session information: DC Agent queries each domain controller for user logon sessions, obtaining the user and computer name.
By default, the query occurs every 10 seconds. This interval can be configured in TRITON - Web Security (go to Settings > General > User Identification, and then click a DC Agent instance in the Transparent Identification Agents list).
Note 
If DC Agent is not running when a user logs on to a domain controller (because the DC Agent machine was restarted, for example), the logon session is not recorded. In this case, the user may be filtered by the computer or network policy (if it exists), or by the Default policy.
*
DC Agent records user name/IP address pairs: For each logon session, DC Agent performs a DNS lookup to resolve the computer name to an IP address, and then stores the user name/IP address pair in its user map in local memory. It periodically writes a copy of the user map to XidDcAgent.bak.
*
DC Agent sends user information to Filtering Service: DC Agent provides user names and IP addresses to Filtering Service each time its user map is updated.
*
Filtering Service gets group information for logged-on users: Filtering Service queries User Service to get group information for users in its copy of the user map. User Service queries the directory service for this group information, and sends the information to Filtering Service.
User Service also provides user, group, domain, and organizational unit information from the directory service to TRITON - Web Security when you add Directory clients.
*
Websense software applies policies to logged-on users: Filtering Service uses the information from DC Agent and User Service to ensure that the correct policies are applied to Directory clients.
Filtering Service does not check the policy every time an Internet request is made; policy data is cached for 3 hours by the server, unless updates are saved in TRITON - Web Security. For more information, see the TRITON - Web Security Help.
DC Agent can be used in conjunction with Logon Agent. In this configuration, user logon information provided by Logon Agent takes precedence over information from DC Agent. DC Agent communicates a logon session to Filtering Service only in the unlikely event that Logon Agent has missed one.


Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Websense DC Agent