Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Go to the table of contents Go to the previous page Go to the next page Go to the index
Web Security Distributed Enterprise Deployments > Web Security distributed enterprise deployment models

Deployment scenarios vary with different enterprise configurations. For example, an organization with 50 remote sites, all located in the same general region, deploys Websense software differently than a company with remote sites spread throughout the world. This section discusses 3 basic example models for distributed enterprises:
*
Sites in a region: Remote sites located within one region
*
Expanding sites in a region: Remote sites located within one region, with a growing number of employees or sites (or both)
*
National or worldwide offices: Remote sites located nationally or globally
The simplest Websense deployment for a distributed enterprise is a network with remote sites in a single region, such as San Diego County, California, U.S.A. Most organizations with sites like this can use a single Websense Web Security or Web Security Gateway deployment, centrally located within that region, to provide filtering for all clients. See the following illustration.
Each remote site would be filtered as shown in the illustration under Websense Web Security or Web Security Gateway. The site in which Websense software is deployed is represented as the "main site", but need not be truly a main site in your organization. It is whichever one houses Websense software.
Off-site users, not shown in the above illustration, can be filtered using Websense Remote Filtering Server (deployed at the main site). Websense Remote Filtering Client must be installed on each off-site user's machine. See Remote Filtering Software technical paper for details.
Expanding sites in a region
Some organizations deploy Web Security or Web Security Gateway within a given region and later decide to increase the number of remote sites in that area.
*
Improve the performance of the machines running Websense components. Increasing the RAM and CPU, and installing faster hard drives on the Websense machines allows Websense software to respond to an increased number of requests without additional latency. This type of upgrade can help with a moderate increase in head count, or the addition of a few more offices.
u
Deploy additional machines to run Websense components. If a significant number of new users or sites is added, the deployment of additional instances of certain Websense components, such as Filtering Service and Network Agent, distributes the load and provides optimum performance for each remote site..
Off-site users, not shown in the preceding illustration, can be filtered by Websense Remote Filtering Server (deployed at the main site). Websense Remote Filtering Client must be installed on each off-site user's machine. See Remote Filtering Software technical paper for details.
Some organizations have hundreds of remote sites spread through a country or around the world. In such cases, one or two Web Security or Web Security Gateway installations are not enough because:
*
Each remote site would be geographically distant from the Websense components. Request lookups would have to travel farther over the Internet to reach Websense software. This distance increases the total latency of the response and may lead to slower Internet access for end users.
*
Large numbers of employees generate more Internet requests than recommended for one or two Websense machines, leading to delays in returning Web pages to requesting clients.
These organizations should divide their sites into logical regions and deploy Websense software in each region. For example, a distributed enterprise might group their United States sites into a western region, a central region, and an eastern region. Websense software is deployed at a central site in each region.
The logical division of sites into regions depends on the location and grouping of remote sites and the total number of employees at each site. For example, a company with a large number of remote sites in a concentrated area, such as New York City, may need to deploy multiple machines running Websense software within that area. Or an enterprise may only have three sites in California with 100 to 250 employees each. In this case, a single Websense software installation might be deployed for all three sites. This enterprise also can deploy Websense software locally at each site (rather than using a distributed approach), particularly if IT staff is present at each location.You may consider installing instances of Filtering Service, Network Agent, and possibly Policy Server and Content Gateway to improve response time for filtering.
Given the significant number of variables, large organizations should contact a Websense partner or Websense Sales Engineering to plan a rollout strategy before deployment.
Websense Web Security Gateway Anywhere is particularly well-suited for organizations with sites distributed nationally or worldwide.
An organization with one main site (such as headquarters office or main campus) and multiple, geographically dispersed remote or branch sites can deploy Websense software at the main site (with main-site users filtered by the on-premises components) and have all remote sites filtered through the hybrid service. See the following illustration.
Off-site users, not shown in the above illustration, are filtered through the hybrid service. Alternatively, they could be filtered by Websense Remote Filtering Server (deployed at the main site). In that case, Websense Remote Filtering Client must be installed on each off-site user's machine. See Remote Filtering Software technical paper for details.
Organizations with multiple large sites (such as main headquarters and regional headquarters) can deploy on-premises filtering at the larger sites while filtering small, remote sites through the hybrid service.
u
There must be only one Policy Broker and one Sync Service in the entire deployment (at the main site). See Component limits and ratios and the TRITON - Web Security Help for more information.
u
For unified configuration and policy-application, V-Series appliances deployed at regional sites should be configured to use the appliance at the main site as the policy source. See the Getting Started Guide for Websense V-Series Appliance and the Websense Appliance Manager Help.
u
All Log Server instances should be configured to send data to the main Log Database at the main site. See the TRITON - Web Security Help for more information.
Off-site users, not shown in the preceding illustration, are filtered through the hybrid service. Alternatively, they could be filtered by Websense Remote Filtering Server (deployed at the main site or a regional site). In that case, Websense Remote Filtering Client must be installed on each off-site user's machine. See the Remote Filtering Software technical paper for details.


Go to the table of contents Go to the previous page Go to the next page Go to the index
Web Security Distributed Enterprise Deployments > Web Security distributed enterprise deployment models