Deployment scenarios vary with different enterprise configurations. For example, an organization with 50 remote sites, all located in the same general region, deploys Websense software differently than a company with remote sites spread throughout the world. This section discusses 3 basic example models for distributed enterprises:
The simplest Websense deployment for a distributed enterprise is a network with remote sites in a single region, such as San Diego County, California, U.S.A. Most organizations with sites like this can use a single Websense Web Security or Web Security Gateway deployment, centrally located within that region, to provide filtering for all clients. See the following illustration.
Each remote site would be filtered as shown in the illustration under Websense Web Security or Web Security Gateway. The site in which Websense software is deployed is represented as the "main site", but need not be truly a main site in your organization. It is whichever one houses Websense software.
Off-site users, not shown in the above illustration, can be filtered using Websense Remote Filtering Server (deployed at the main site). Websense Remote Filtering Client must be installed on each off-site user's machine. See
Remote Filtering Software technical paper for details.
Some organizations deploy Web Security or Web Security Gateway within a given region and later decide to increase the number of remote sites in that area.
Off-site users, not shown in the preceding illustration, can be filtered by Websense Remote Filtering Server (deployed at the main site). Websense Remote Filtering Client must be installed on each off-site user's machine. See
Remote Filtering Software technical paper for details.
Some organizations have hundreds of remote sites spread through a country or around the world. In such cases, one or two Web Security or Web Security Gateway installations are not enough because:
These organizations should divide their sites into logical regions and deploy Websense software in each region. For example, a distributed enterprise might group their United States sites into a western region, a central region, and an eastern region. Websense software is deployed at a central site in each region.
The logical division of sites into regions depends on the location and grouping of remote sites and the total number of employees at each site. For example, a company with a large number of remote sites in a concentrated area, such as New York City, may need to deploy multiple machines running Websense software within that area. Or an enterprise may only have three sites in California with 100 to 250 employees each. In this case, a single Websense software installation might be deployed for all three sites. This enterprise also can deploy Websense software locally at each site (rather than using a distributed approach), particularly if IT staff is present at each location.You may consider installing instances of Filtering Service, Network Agent, and possibly Policy Server and Content Gateway to improve response time for filtering.
Given the significant number of variables, large organizations should contact a Websense partner or Websense Sales Engineering to plan a rollout strategy before deployment.
Off-site users, not shown in the above illustration, are filtered through the hybrid service. Alternatively, they could be filtered by Websense Remote Filtering Server (deployed at the main site). In that case, Websense Remote Filtering Client must be installed on each off-site user's machine. See
Remote Filtering Software technical paper for details.
Organizations with multiple large sites (such as main headquarters and regional headquarters) can deploy on-premises filtering at the larger sites while filtering small, remote sites through the hybrid service.
Off-site users, not shown in the preceding illustration, are filtered through the hybrid service. Alternatively, they could be filtered by Websense Remote Filtering Server (deployed at the main site or a regional site). In that case, Websense Remote Filtering Client must be installed on each off-site user's machine. See the
Remote Filtering Software technical paper for details.