![]() |
![]() |
![]() |
![]() |
![]() |
Deployment Planning for X10G Chassis and Blades > Choosing a policy source machine
|
One of your earliest deployment decisions is your selection of the policy source machine. Only one computer must be designated as your policy source. Other servers look to this machine to obtain your current filtering policy.What distinguishes your policy source machine is that (in addition to other filtering components) it runs two Websense components that do not run on any other server or blade: Websense Policy Database and Policy Broker. Although multiple servers can be used for Web filtering, only a single Policy Database holds policy and general configuration data for your organization. Your primary instance of Policy Server also runs on the policy source machine.All machines running Websense filtering components need up-to-date policy information obtained from the single policy source machine.Following is a brief description of the key filtering components that you are deploying. You have several choices about which components will run on each security blade in your X10G chassis, and whether it would be advisable for your network to use additional off-chassis instances.For component limits and rations, see this article in the Websense Technical Library.
Stores Websense software settings and policy information. Installed automatically with Policy Broker. Runs on policy source machine only. Typicall installed on Windows server off-chassis. Manages requests from Websense components for policy and general configuration information. Runs on policy source machine only. Typically installed on Windows server off-chassis. Can run on every blade. Primary copy runs on policy source machine.
![]()
Identifies and tracks the location and status of other Websense components.
![]()
Stores configuration information specific to a single Policy Server instance.
![]()
Communicates configuration data to Filtering Service, for use in filtering Internet requests.Configure Policy Server settings in the TRITON - Web Security console.Policy and most configuration settings are shared among all Policy Servers that share a Policy Database. Provides Internet filtering in conjunction with Network Agent or a third-party integration product. When a user requests a site, Filtering Service receives the request and determines which policy applies.
![]()
Filtering Service must be running for Internet requests to be filtered and logged.
![]()
Each Filtering Service instance downloads its own copy of the Websense Master Database.Configure filtering and Filtering Service behavior in the TRITON - Web Security console.
![]()
Enables non-HTTP amd non-HTTPS protocol management
![]()
Includes more than 36 million Web sites, sorted into more than 90 categories and subcategories
![]()
Contains more than 100 non-HTTP protocol definitions for use in filtering protocolsAfter all modules are set up, download the Websense Master Database to activate Internet filtering, and schedule automatic updates. If the Master Database is more than 2 weeks old, no filtering occurs. Serves as the configuration, management, and reporting interface for Websense software.Use the TRITON - Web Security console to define and customize Internet access policies, configure Websense software components, report on Internet filtering activity, and more.The TRITON - Web Security console is made up of the following services:
![]()
Websense - TRITON Web Security Usage Monitor tracks URL category access (shown in Real-Time Monitor) and protocol access, and generates alert messages according to the alerting behavior you have configured. Can run on every blade. (Not used on the blade in slot 16 if Network Agent is enabled.)
![]()
Can analyze the content of Web sites and files in real time to categorize previously uncategorized sites.As part of a Websense Web Security Gateway deployment, also:
![]()
Analyzes HTML code to find security threats (for example, phishing, URL redirection, Web exploits, and proxy avoidance).
![]()
Inspects file content to assign a threat category (for example, viruses, Trojan horses, or worms).
![]()
Identifies the machines as clients to be filtered, and communicates with Remote Filtering Server.
![]()
Communicates with Filtering Service to provide Internet access management of remote machines.
![]() |
![]() |
![]() |
![]() |
![]() |
Deployment Planning for X10G Chassis and Blades > Choosing a policy source machine
|