Websense Web Security Gateway Anywhere v7.5: Hybrid Web Tips : Synchronizing user and group data with the hybrid service

Synchronizing user and group data with the hybrid service

Topic 45052 / Updated: 17-June-2010

Applies To:

Websense Web Security Gateway Anywhere 7.5

Problem description

I understand that the on-premises portion of Web Security has to send user and group information to the cloud so branch office personnel and off-site users are recognized and my policies are applied.

How do I send information from my directory service to the cloud, and once I do, how do I ensure the data is always in sync?

Resolution

 

Note  Websense supports user and group data collection for Windows Active Directory (Native Mode) and Novell eDirectory. If your organization uses Windows NT Directory, Windows Active Directory (Mixed Mode), or Sun Java System directory, user and group data cannot be collected and sent to the hybrid service.

If your organization uses a supported, LDAP-based directory service – Windows Active Directory (Native Mode) or Novell eDirectory – you can collect user and group data and send it to the hybrid service. This is accomplished using two Websense components:

Websense Directory Agent collects user and group information from the directory and collates it for hybrid filtering.

Websense Sync Service (among other functions) transports user and group data provided by Directory Agent to the hybrid service.

When Directory Agent is configured to send data to the hybrid service, hybrid filtering is then able to apply user- and group-based filtering.

The four main steps are:

1.	Establish User Service communication with a supported, LDAP-based directory service (such as Microsoft Active Directory in native mode or Novel eDirectory). This is done on the Settings > General > Directory Services page in TRITON - Web Security.

Information you will need:

IP address or host name and communication port information for the Active Directory global catalog server(s) or Novell eDirectory server

Account name and password for an account with domain administrator privileges

A root context for users, groups, and domains (OUs) filtered on-premises components

2.	Provide basic information about how users and groups will be filtered by the hybrid service. This is done on the Settings > Hybrid Configuration > User Access page.

3.	Configure Directory Agent communication with the directory service. This is done on the Settings > Hybrid Configuration > Shared User Data page. Note that you must configure User Service to communicate with the directory before configuring Directory Agent.

Information you will need:

A root context for users, groups, and domains (OUs) filtered by the hybrid service.

This is used when gathering user and group data from the directory. Narrow the context to increase speed and efficiency of both directory search and processing user and group information by the hybrid service. It is best to provide a context that includes only users filtered by the hybrid service.

Name or IP address of the Sync Service machine

Port used for Sync Service communication (by default, 55832)

4.	Schedule communication with hybrid filtering. This is done on the Settings > Hybrid Configuration > Scheduling page.

You must send data at least once a week.

If you have an urgent update, you have the option to initiate the send process immediately. Note that there may be a short delay between initiating the send process and seeing a change in behavior from hybrid filtering. This time is needed to gather changes from the directory, upload them to the hybrid service, and have them processed by hybrid filtering components.

Most deployments require only one Directory Agent instance. If your deployment requires additional Directory Agent instances, see "Working with hybrid filtering clients" in the TRITON - Web Security Help for important configuration considerations.

For more detailed instructions on synchronizing user and group data with the hybrid service, please see chapter 8 of TRITON - Web Security Help.

 

 

Websense Web Security Gateway Anywhere v7.5: Hybrid Web Tips : Synchronizing user and group data with the hybrid service