Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Go to the table of contents Go to the previous page Go to the next page Go to the index

Before upgrading Websense Web Security components, make sure the installation machine meets the system recommendations in System Requirements, including hardware specifications, operating system, browser, and database engine.
See Preparing for Installation for important information about preparing to use the Websense installer, which is used to upgrade components on Windows.
Important 
As part of the upgrade process, the Websense installer can install SQL Server 2008 R2 Express (which replaces MSDE as the no-cost, reduced-performance version of SQL Server supported by Websense solutions). If you intend to install SQL Server 2008 R2 Express, be sure to install the following prior to starting the upgrade:
Note 
In this section, the Web Security manager refers to both v7.5 TRITON - Web Security and v7.1 Websense Manager.
In version 7.6, management of a Websense deployment is concentrated on one machine, the TRITON management server. All management interfaces (i.e., TRITON - Web Security, - Data Security, and - Email Security) and components run on this machine.
When upgrading Web Security components to version 7.6, you must decide what to do with the current installation of the Web Security manager. You can choose to leave it in its current location and upgrade it in place. TRITON Infrastructure will be installed and then the Web Security manager upgraded. Together these components form a TRITON Unified Security Center.
You can choose to move it to a different machine. To do this, uninstall the Web Security manager from its current location. Then install TRITON Unified Security Center (including v7.6 TRITON - Web Security) on a different machine.Upgrade instructions (Windows) guide you through this process.
Note that if the Web Security manager is installed on Linux, it will be disabled by the installer during upgrade. For version 7.6, management functions run only on Windows.
It is important to note that TRITON Unified Security Center can run with only its Web Security management module (i.e., TRITON - Web Security) enabled if running on a Windows Server 2003 machine. If you want to enable other management modules (e.g., TRITON - Data Security or - Email Security), TRITON Unified Security Center must run on a Windows Server 2008 R2 machine. If the Web Security manager is currently running on a Windows Server 2003 machine, you must uninstall it. Then, install TRITON Unified Security Center on a Windows Server 2008 R2 machine. Note that if your subscription includes Web Security Gateway Anywhere, you must run the TRITON Unified Security Center on a Windows Server 2008 R2 machine because both TRITON - Web Security and - Data Security modules are required.
If necessary, obtain a machine meeting the operating system and hardware requirements stated in System Requirements prior to beginning the upgrade process.
When the upgrade process is started the prior-version Web Security manager will be detected if present and the installer will ask what you want to do with it.
Make sure Websense administrator accounts authenticated by a directory service have an email address specified in the directory service. In version 7.6, an email address is required for each administrator account (except group accounts). See Upgrading or Merging Administrators for more information.
Before upgrading to a new version of Websense Web Security components, it is a best practice to perform a full system backup. This makes it possible to restore the current production system with minimum downtime, if necessary.
*
Windows: Open a command window (Run > cmd) and navigate to the Websense bin directory (C:\Program Files\Websense\bin, by default).
*
Linux: Navigate to the Websense installation directory (/opt/Websense/bin, by default).
For these commands, <directory> is the path where the backup file will be stored.
The Backup Utility saves the essential Websense software files on the machine on which it is run, including any custom block pages. A complete list of the files saved can be found in the Websense Manager (v7.1.x) or TRITON - Web Security (v7.5) Help.
Repeat this process on all machines on which Websense Web Security components are installed, and make sure that the files are stored in a safe and accessible location.
Sites upgrading to version 7.6 from Websense Web Filter or Web Security version 7.1.1 should run the backup utility described above and should also carefully read the following list. This is a short list of configuration variables affected by the upgrade from v7.1.1.
These variables are returned to their default values during an upgrade from version 7.1.1 to version 7.6. They must be reset to your custom values.
Before you upgrade from version 7.1.1, please make a note of any custom values you may have given these variables or settings, so that you can reset them after the upgrade.
*
If you customized the charts displayed on the Today page in Websense Manager, or changed the values of the Time or Bandwidth Estimate options, you must re-do these customizations on the Today page in the TRITON console for Web Security.
*
If you have set up Active Directory on the Settings > General > Directory Services page, you need to re-enter the information after the upgrade.
*
If you customized the name of the folder used to output scheduled presentation reports, your customized folder name does not persist after the upgrade to v7.6. Check the name of this folder inside the file mng.xml in this path: C:\Program Files\Websense\tomcat\conf\Catalina\. The filename is the value for the parameter: reportsOutput.
*
Reporting preferences on the page Settings > Reporting > Preferences do not persist after an upgrade to v7.6.This includes the SMTP server IP address or name, the email recipients for scheduled reports, and the Allow self-reporting check box. Note the values before the upgrade and reset them afterwards.
*
Note the Active Directory values configured in Websense Manager on the Settings > Directory Service page. You need to specify these again after the upgrade.
*
Navigate to the Manage Custom LDAP Groups page, and note any custom groups you have set up, based on attributes defined in your directory service. This option is available only if you have configured Websense software to communicate with an LDAP-based directory service. After the upgrade to v7.6, custom LDAP groups created by delegated administrators need to be re-created.
*
If you specified a non-standard port on which Network Agent monitors HTTP traffic, the setting does not persist after an upgrade to v7.6. This paragraph explains how to check this setting. Navigate to the Settings > Network Agent > Local Settings page to see the settings for a selected instance of Network Agent. The IP address of the selected Network Agent instance appears in the title bar of the content pane, and is highlighted in the left navigation pane. Use the Network Interface Cards list to see the configuration for the individual NICs. Click on a NIC in the Name column to view (and then make note of) custom details. If HTTP requests in your network are passed through a non-standard port, click Advanced Network Agent Settings to see the ports that Network Agent monitors. By default the Ports used for HTTP traffic are 8080, 80.
*
If you customized the HTTPS port value for Websense Manager, the custom value does not persist after upgrade. To check the value, or to reset the value after the upgrade:
*
On the machine where the TRITON Unified Security Center runs, use the Windows Services dialog box (Start > Administrative Tools > Services) to stop the Websense TRITON - Web Security service.
*
In a text editor, open the file server.xml from the folder
C:\Program Files\Websense\Web Security\tomcat\conf.
*
After upgrade, you must manually set the version number to 7.6 (in place of 7.1.1) in the container \EIMServer\Global\Version\ in the file config.xml. This file is located by default in the directory C:\Program Files\Websense\Web Security\bin\.
The value of DNSLookup in the file eimserver.ini should be noted before upgrade and restored afterwards.
*
During the process of upgrading from v7.1.1, the parameter redirect_children, in the squid.conf file located by default in the /etc/squid directory, is reset to default.
*
The value of all parameters in the file mng.xml, such as connectionsMaxActive, should be noted before upgrade and then restored to the custom value after the upgrade.This file is located by default in the directory:
Warning 
Do not simply replace the mng.xml file with the pre-upgrade version of the file. That will corrupt the installation. Instead, open the post-upgrade mng.xml file and edit parameters to pre-upgrade values individually.
*
Windows:
C:\Program Files\Websense\tomcat\conf\Catalina\localhost\ (v7.1.1)
C:\Program Files\Websense\Web Security \tomcat\conf\Catalina\localhost\ (v7.6)
1.
Stop all Websense services. See "Stopping and starting Websense services" in the Websense Enterprise and Websense Web Security Suite Installation Guide.
2.
3.
If you have created custom block pages, make a backup copy of the files in the Websense\BlockPages\en\Custom (Windows) or Websense/BlockPages/en/Custom (Linux) directory.
It is important that you back up your current Websense databases and stop any active SQL Server Agent jobs prior to upgrading. After upgrade, reactivate the jobs to resume normal database operations.
Warning 
Having active database operations taking place during upgrade can leave the Websense log database in an inconsistent state after upgrade. It is important to stop Log Server and currently active SQL Server Agent jobs prior to upgrading Web Security or Web Filter.
Refer to Microsoft documentation for instructions on backing up databases. The Websense Web Security databases are named wslogdb70, wslogdb70_1, wslogdb70_2, and so on. wslogdb70 is referred to as the catalog database. wslogdb70_n are database partitions.
b.
In the Object Explorer, expand SQL Server Agent > Jobs.
Disabling the jobs prevents them from executing at the next scheduled time. Make sure all jobs have completed any current operation before proceeding with upgrade.
The Websense v7.6 filtering plug-in for Citrix Presentation Server has been redesigned. Earlier Citrix plug-ins must be removed before you upgrade Websense components, then reinstalled after the upgrade is complete.
If you plan to modify or upgrade other integration products, it is a best practice to make the change before upgrading Websense software. For more information, see:
The Websense Master Database is removed when you upgrade. Websense Filtering Service downloads a new Master Database after the upgrade is completed.
If Websense Web Filter or Web Security is integrated with another product or device all traffic is either unfiltered and permitted, or completely blocked during the upgrade, depending on how your integration product is configured to respond when Websense filtering is unavailable.
When you upgrade a stand-alone installation of Web Filter or Web Security, filtering stops when Websense services are stopped. Users have unfiltered access to the Internet until the Websense services are restarted.
If you want to move any Websense component in your deployment to a different machine, it is a best practice to do so before upgrading.
Remove the component and then install it on the new machine, using the installer for the component version. See the Websense Web Security and Websense Web Filter Installation Guide, for your version, for instructions.
Important 
When moving components, make sure the associated Websense Policy Server is running. Policy Server keeps track of the location of components in a deployment. See the Installation Guide, for your version, for more information.
If you are upgrading Websense Log Server and it uses a Windows trusted connection to access the Log Database, you must log on to this machine with the same trusted account before running the Websense installer to perform the upgrade.
Use the Windows Services dialog box to find which account is used by Log Server:
a.
Start the Windows Services dialog box (typically, Start > Administrative Tools > Services).
b.
View the Log On As column entry for Websense Log Server. This is the account you should use.
The upgrade process is designed for a properly functioning deployment of Websense software. Upgrading does not repair a non-functional system.
If you must perform an intermediate upgrade (see Versions supported for upgrade) from version 6.3.2 to 7.1, be aware that the Audit Log for the version 6.3.2 installation will not carry across to version 7.1. To preserve your 6.x Audit Log, use Websense Manager to export the log to a tab-separated text file prior to upgrading. Then, move the exported file to a directory that will not be affected by the upgrade (i.e., outside the Websense installation directory: C:\Program Files\Websense or /opt/Websense, by default).
Note 
If you upgraded to version 7.1 without exporting the 6.x Audit Log, you may still be able to retrieve it. Search the Websense Knowledge Base (www.websense.com/support) for the terms Upgrading from v6.x does not preserve the audit log.
To upgrade Websense software, run the Websense installer on each machine running Websense components. Distributed components must be upgraded in a particular order. Start with the machine running Policy Broker.
If Web Security components are distributed across multiple machines, they must be upgraded in the following order due to dependencies between them.
If your Websense software is integrated with a third-party product requiring a Websense filtering plug-in (Microsoft ISA Server or Forefront TMG, Citrix Presentation Server, or Squid Web Proxy Cache), the plug-in must be upgraded as well.
Run the Websense installer on the integration product machine. The installer detects Websense integration-specific components and upgrades them.
Warning 
The Websense v7.6 filtering plug-in for Citrix Presentation Server has been redesigned. Earlier Citrix plug-ins must be removed before you upgrade Websense components, then reinstalled after the upgrade is complete.
Important 
Note 
If you are changing your integrated firewall, proxy server, caching application, or network appliance, modify that product before upgrading Websense software.
If these services have been running uninterrupted for several months, the installer may not be able to stop them before the upgrade process times out.
Important 
In the Windows Services dialog box, if you have set the Recovery properties of any of the Websense services to restart the service on failure, you must change this setting to Take No Action before upgrading.
When upgrading Websense Filtering Service installed on a machine separate from Websense Manager (v7.1) or TRITON - Web Security (v7.5), you must upgrade Filtering Service in the same locale environment (language and character set) as Websense Manager/TRITON - Web Security.
*
Before upgrading Filtering Service on Windows, open Control Panel > Regional Options, and change the locale to match that of the Websense Manager/TRITON - Web Security machine.
*
When upgrading on Linux, log on to the Filtering Service machine with the locale appropriate to Websense Manager/TRITON - Web Security.


Go to the table of contents Go to the previous page Go to the next page Go to the index