Reconfigure Policy Server after a standalone Policy Broker becomes a replica

51289 | Policy Broker Replication | TRITON AP-WEB and Web Filter & Security, v8.0.x, v8.1.x

When a standalone Policy Broker is converted to a replica, you must update the config.xml file for each Policy Server instance that connected to the standalone Policy Broker. The update adds information about the primary Policy Broker for the deployment.

Note that if Policy Server resides on a Websense appliance, Websense Technical Support will need to assist with the process of updating the config.xml file.

Step 1: Collect required information

First, identify a Policy Server that is already configured to connect to the primary Policy Broker (for example, the Policy Server instance on the Policy Broker machine).

On the machine that hosts the Policy Server you identified:

Navigate to the Websense bin directory (C:\Program Files or Program Files (x86)\Websense\Web Security\bin or /opt/Websense/bin/) and make a backup copy of the config.xml file in another location.

Open the original config.xml file in a text editor and navigate to the BrokerService container:

Locate the Config container and Token container within the BrokerService container.

The Config container looks something like this:

The Token container looks something like this:

<data name="Token">0542A478BC2AB7773AE226F8471E4DD12E7AB7
8DEFF21A3A151621EFBF5A98559211A5746D4263F00797190AFD30A5F
D507DD5560362F6C5538C780F350C5467E106DC6A1D46FF2670FC1348
331640AA95D0ADDAD8999D491137C8C9ED831846599BF6C99242D512B
FABA28938E3CA975197AFED65CD335BC738E1BE933B48F7816C8F51D4
0AEE8B9C4F401815FAD21BD427175DBD1B06B28465CC20C41AD452DE2
B7798A71CF17E</data>

Make a copy of the contents of the each of these containers in a new text file.

This information will need to be added or copied to the config.xml file for each Policy Server that is being reconfigured.

Close the config.xml file.

Step 2: Update Policy Server configuration

Reconfigure each Policy Server instance that was originally set up to connect to the former standalone Policy Broker (now a replica).

Stop the Policy Server instance.

Windows: Use the Services tool to stop Websense Policy Server.

Linux: Use the opt/Websense/WebsenseDaemonControl command to stop Policy Server.

Navigate to the Websense bin directory (C:\Program Files or Program Files (x86)\Websense\Web Security\bin or /opt/Websense/bin/) and make a backup copy of config.xml in another location.

Open the original config.xml file in a text editor and navigate to the BrokerService container:

If a Brokers container exists, delete it. A Brokers container looks something like this:

Locate the Config container within the BrokerService container and update the Host container with the Policy Broker IP address copied in the previous procedure. For example:

Still in the Config container, update the Token field with the Policy Broker token value copied in the previous procedure. The token looks something like this, and must be entered as a single line (no line breaks):

Save and close the config.xml file.

Delete the config.xml.bak file from the Websense bin directory.

After making the change, restart the web module services on the Policy Server machine.

On Linux machines, run the following command from the /opt/Websense/ directory:

./WebsenseAdmin restart

On Windows machines, run the following command from the C:\Program Files or Program Files (x86)\Websense\Web Security\ folder:

WebsenseAdmin restart