Replication tips

51290 | Policy Broker Replication | TRITON AP-WEB and Web Filter & Security, v8.0.x, v8.1.x

Backup and restore for the primary Policy Broker

As a best practice, perform regular backups of the primary Policy Broker so that you can revert to a previous configuration if needed.

In order to ensure that the restore process goes as smoothly as possible, perform a backup:

Any time you change the password for admin, the default administrator.

Any time you add or remove a replica Policy Broker from your deployment.

This helps to minimize errors and lessen the need for post-restore reconfiguration, should you have to restore configuration for your primary Policy Broker.

Backup and restore for replica instances

Because replica Policy Broker instances host a read-only copy of the data stored in the primary Policy Database, you do not need to back up your replica Policy Broker instances.

Should the replica Policy Database become corrupted, the simplest way to get back to a working database is to uninstall and reinstall the replica.

If the installer returns an "unable to uninstall" error for the replica, try changing the replica to standalone mode (see Change the Policy Broker mode), then change back to replica mode.

When the reinstalled or reconfigured replica connects to the primary Policy Broker instance, it will receive the latest policy and configuration data in its synchronized copy of the Policy Database.

Changing from replicated to standalone mode

If you reconfigure your primary Policy Broker to become a standalone Policy Broker, be sure to remove all replica Policy Broker instances from your network.

If there are still replica instances running in your network after you change to standalone mode:

The replica Policy Database instances are not updated.

Policy Server instances configured to connect to a replica Policy Broker continue to connect to the replica, meaning that Policy Server and its associated components receive outdated information.

If you are unable to immediately remove the replica Policy Broker instances after changing to standalone mode, on each affected Policy Server machine:

Stop the Policy Server instance.

Windows: Use the Services tool to stop Websense Policy Server.

Linux: Use the opt/Websense/WebsenseDaemonControl command to stop Policy Server.

Navigate to the Websense bin directory (C:\Program Files or Program Files (x86)\Websense\Web Security\bin or /opt/Websense/bin/) and make a backup copy of config.xml in another location.

Open the original config.xml file in a text editor and navigate to the Brokers container. For example:

Delete the entire Brokers container.

Save and close the file.

Delete the config.xml.bak file from the bin directory.

Restart the web module services on the Policy Server machine.

Remote Filtering Server and Policy Broker replication

Unlike other components, Remote Filtering Server (available to Web Filter & Security customers who purchase the Remote Filter module) does not use the Policy Server connection list to determine its Policy Broker connection order. Instead, Remote Filtering Server always connects to the primary Policy Broker.

If the primary Policy Broker becomes unavailable, however, Remote Filtering Server continues to function normally:

There is only one setting that Remote Filtering Server retrieves from Policy Broker: whether to fail open or fail closed if Remote Filtering Client cannot connect to Remote Filtering Server.

If Remote Filtering Server cannot retrieve the setting from Policy Broker, it uses the default option (fail open).