Before upgrading Websense Web Security components, make sure the installation machine meets the system recommendations in
System Requirements, including hardware specifications, operating system, browser, and database engine.
See Preparing for Installation for important information about preparing to use the Websense installer, which is used to upgrade components on Windows.
|
As part of the upgrade process, the Websense installer can install SQL Server 2008 R2 Express (which replaces MSDE as the no-cost, reduced-performance version of SQL Server supported by Websense solutions). If you intend to install SQL Server 2008 R2 Express, be sure to install the following prior to starting the upgrade:
|
|
In this section, the Web Security manager refers to both v7.5 TRITON - Web Security and v7.1 Websense Manager.
|
In version 7.6, management of a Websense deployment is concentrated on one machine, the TRITON management server. All management interfaces (i.e., TRITON - Web Security, - Data Security, and - Email Security) and components run on this machine.
When upgrading Web Security components to version 7.6, you must decide what to do with the current installation of the Web Security manager. You can choose to leave it in its current location and upgrade it in place. TRITON Infrastructure will be installed and then the Web Security manager upgraded. Together these components form a TRITON Unified Security Center.
You can choose to move it to a different machine. To do this, uninstall the Web Security manager from its current location. Then install TRITON Unified Security Center (including v7.6 TRITON - Web Security) on a different machine.
Upgrade instructions (Windows) guide you through this process.
It is important to note that TRITON Unified Security Center can run with only its Web Security management module (i.e., TRITON - Web Security) enabled if running on a Windows Server 2003 machine. If you want to enable other management modules (e.g., TRITON - Data Security or - Email Security), TRITON Unified Security Center must run on a Windows Server 2008 R2 machine. If the Web Security manager is currently running on a Windows Server 2003 machine, you must uninstall it. Then, install TRITON Unified Security Center on a Windows Server 2008 R2 machine. Note that if your subscription includes Web Security Gateway Anywhere, you must run the TRITON Unified Security Center on a Windows Server 2008 R2 machine because both TRITON - Web Security and - Data Security modules are required.
Make sure Websense administrator accounts authenticated by a directory service have an email address specified in the directory service. In version 7.6, an email address is required for each administrator account (except group accounts). See
Upgrading or Merging Administrators for more information.
Before upgrading to a new version of Websense Web Security components, it is a best practice to perform a full system backup. This makes it possible to restore the current production system with minimum downtime, if necessary.
|
Windows: Open a command window (Run > cmd) and navigate to the Websense bin directory (C:\Program Files\Websense\bin, by default).
|
|
Linux: Navigate to the Websense installation directory (/opt/Websense/bin, by default).
|
For these commands, <directory> is the path where the backup file will be stored.
The Backup Utility saves the essential Websense software files on the machine on which it is run, including any custom block pages. A complete list of the files saved can be found in the Websense Manager (v7.1.x) or TRITON - Web Security (v7.5) Help.
Repeat this process on all machines on which Websense Web Security components are installed, and make sure that the files are stored in a safe and accessible location.
Sites upgrading to version 7.6 from Websense Web Filter or Web Security version 7.1.1 should run the backup utility described above and should also carefully read the following list. This is a short list of configuration variables affected by the upgrade from v7.1.1.
Before you upgrade from version 7.1.1, please make a note of any custom values you may have given these variables or settings, so that you can reset them after the upgrade.
|
Reporting preferences on the page Settings > Reporting > Preferences do not persist after an upgrade to v7.6.This includes the SMTP server IP address or name, the email recipients for scheduled reports, and the Allow self-reporting check box. Note the values before the upgrade and reset them afterwards.
|
|
Navigate to the Manage Custom LDAP Groups page, and note any custom groups you have set up, based on attributes defined in your directory service. This option is available only if you have configured Websense software to communicate with an LDAP-based directory service. After the upgrade to v7.6, custom LDAP groups created by delegated administrators need to be re-created.
|
|
If you specified a non-standard port on which Network Agent monitors HTTP traffic, the setting does not persist after an upgrade to v7.6. This paragraph explains how to check this setting. Navigate to the Settings > Network Agent > Local Settings page to see the settings for a selected instance of Network Agent. The IP address of the selected Network Agent instance appears in the title bar of the content pane, and is highlighted in the left navigation pane. Use the Network Interface Cards list to see the configuration for the individual NICs. Click on a NIC in the Name column to view (and then make note of) custom details. If HTTP requests in your network are passed through a non-standard port, click Advanced Network Agent Settings to see the ports that Network Agent monitors. By default the Ports used for HTTP traffic are 8080, 80.
|
The value of DNSLookup in the file eimserver.ini should be noted before upgrade and restored afterwards.
|
The value of all parameters in the file mng.xml, such as connectionsMaxActive, should be noted before upgrade and then restored to the custom value after the upgrade.This file is located by default in the directory:
|
|
Windows:C:\Program Files\Websense\tomcat\conf\Catalina\localhost\ (v7.1.1) C:\Program Files\Websense\Web Security \tomcat\conf\Catalina\localhost\ (v7.6)
|
It is important that you back up your current Websense databases and stop any active SQL Server Agent jobs prior to upgrading. After upgrade, reactivate the jobs to resume normal database operations.
Refer to Microsoft documentation for instructions on backing up databases. The Websense Web Security databases are named wslogdb70, wslogdb70_1, wslogdb70_2, and so on. wslogdb70 is referred to as the
catalog database. wslogdb70_
n are
database partitions.
Disabling the jobs prevents them from executing at the next scheduled time. Make sure all jobs have completed any current operation before proceeding with upgrade.
The Websense v7.6 filtering plug-in for Citrix Presentation Server has been redesigned. Earlier Citrix plug-ins
must be removed before you upgrade Websense components, then reinstalled after the upgrade is complete.
If Websense Web Filter or Web Security is integrated with another product or device all traffic is either unfiltered and permitted, or completely blocked during the upgrade, depending on how your integration product is configured to respond when Websense filtering is unavailable.
When you upgrade a stand-alone installation of Web Filter or Web Security, filtering stops when Websense services are stopped. Users have unfiltered access to the Internet until the Websense services are restarted.
Remove the component and then install it on the new machine, using the installer for the component version. See the Websense Web Security and Websense Web Filter
Installation Guide, for your version, for instructions.
If you are upgrading Websense Log Server and it uses a Windows trusted connection to access the Log Database, you must log on to this machine with the same trusted account before running the Websense installer to perform the upgrade.
Use the Windows Services dialog box to find which account is used by Log Server:
a.
|
Start the Windows Services dialog box (typically, Start > Administrative Tools > Services).
|
b.
|
View the Log On As column entry for Websense Log Server. This is the account you should use.
|
If you must perform an intermediate upgrade (see Versions supported for upgrade) from version 6.3.2 to 7.1, be aware that the Audit Log for the version 6.3.2 installation will not carry across to version 7.1. To preserve your 6.x Audit Log, use Websense Manager to export the log to a tab-separated text file prior to upgrading. Then, move the exported file to a directory that will not be affected by the upgrade (i.e., outside the Websense installation directory: C:\Program Files\Websense or /opt/Websense, by default).
To upgrade Websense software, run the Websense installer on each machine running Websense components. Distributed components must be upgraded in a particular order. Start with the machine running Policy Broker.
If your Websense software is integrated with a third-party product requiring a Websense filtering plug-in (Microsoft ISA Server or Forefront TMG, Citrix Presentation Server, or Squid Web Proxy Cache), the plug-in must be upgraded as well.
|
If you are changing your integrated firewall, proxy server, caching application, or network appliance, modify that product before upgrading Websense software.
|
When upgrading Websense Filtering Service installed on a machine separate from Websense Manager (v7.1) or TRITON - Web Security (v7.5), you must upgrade Filtering Service in the same locale environment (language and character set) as Websense Manager/TRITON - Web Security.