Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Go to the table of contents Go to the previous page Go to the next page Go to the index
General Deployment Recommendations for Web Security > Deploying transparent identification agents

If you are using Websense software as a stand-alone deployment, or if your integration product does not send user information to Websense software, use Websense transparent identification agents to identify users without prompting them for a user name and password.
Note 
DC Agent must have domain administrator privileges to retrieve user information from the domain controller.
If you have deployed Websense software in a single network location, it is a best practice to have a single transparent identification agent instance.
*
One DC Agent instance can handle multiple trusted domains. Add additional instances based on:
Load results from the number of user logon requests. With a large number of users (10,000+ users, 30+ domains), having multiple DC Agent instances allows for faster identification of users.
*
One eDirectory Agent is required for each eDirectory Server.
*
One Logon Agent is required for each Filtering Service instance.
*
One RADIUS Agent instance is required for each RADIUS server.
It is a best practice to install and run RADIUS Agent and the RADIUS server on separate machines. (The agent and server cannot have the same IP address, and must use different ports.)
See Installing Web Security components for transparent identification agent installation instructions. See the TRITON - Web Security Help for detailed configuration information. More information is also available in the Transparent Identification of Users technical paper.
Websense software can work with multiple transparent identification agents. If your environment requires multiple agents, it is best to install them on separate machines.
*
eDirectory or RADIUS Agent can be installed on the same machine as Filtering Service, or on a separate server on the same network.
Same machine?
Same network?
Ensure that all instances of DC Agent can communicate with Filtering Service, and that the individual DC Agents are not monitoring the same domain controllers.
Configure each agent to communicate with Filtering Service.
Multiple instances of the RADIUS Agent cannot be installed on the same machine.
Configure each instance to communicate with Filtering Service.
Configure each instance to communicate with Filtering Service.
DC Agent + RADIUS Agent
Each agent must use a unique port number to communicate with Filtering Service. By default, DC Agent uses port 30600; RADIUS Agent uses port 30800.
DC Agent + eDirectory Agent
Communication with both a Windows directory service and Novel eDirectory is not supported in the same deployment. However, both agents can be installed, with only one agent active.
Configure each agent to use a unique port to communicate with Filtering Service. By default, DC Agent uses port 30600; Logon Agent uses port 30602.
RADIUS Agent + Logon Agent
Communication with both Novell eDirectory and a Windows- or LDAP-based directory service in the same deployment is not supported. However, both agents can be installed, with only one agent active.
RADIUS Agent + eDirectory Agent
Configure each agent to use a unique port to communicate with Filtering Service. By default, eDirectory Agent uses port 30700; RADIUS Agent uses port 30800.
When adding agents to TRITON - Web Security, use an IP address to identify one, and a machine name to identify the other. See the Transparent Identification of Users white paper for details.
DC Agent + Logon Agent + RADIUS Agent
Configure each agent to use a unique port to communicate with Filtering Service. By default, DC Agent uses port 30600; Logon Agent uses port 30602; RADIUS Agent uses port 30800.


Go to the table of contents Go to the previous page Go to the next page Go to the index
General Deployment Recommendations for Web Security > Deploying transparent identification agents