Transcript Slide 1
Installation and
Deployment
Part 1
Topic 2
Version 6.3.1
www.websense.com
Copyright © 2006-2007. All
rights reserved.
Module 2 Topics – Pre-installation
Websense Web Security Suite - Installation
Installation Part 1
Preinstall Questions
Installation & Deployment Part 1
Hands-On Lab 2-1
Installing Websense Web Security Suite
2-2
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Module 2 Topics – Deployment Part 1
Websense Web Security Suite - Deployment
Websense Core Components
Websense Secondary Components
Installation & Deployment Part 1
Additional Deployment Notes
Instructor-Led Lab (iLab) 2-2
Websense Help and Documentation
2-3
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Module 2 Topics – Reporting Tools
Websense Web Security Suite - Installation
Installing Websense Reporting Tools and Components
Log Server
Installation & Deployment Part 1
Reporter
Enterprise Explorer
Database Administration
Hands-On Lab 2-3
Installing Reporting Components
2-4
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Preinstall
Questions
Installing
Websense Web
Security Suite
Steps for a Successful Deployment
Websense Web Security Suite - Standalone
1. Plan the Websense deployment
2. Install Websense filtering and reporting components
Installation & Deployment Part 1
3. Perform initial setup tasks
4. Customize filtering policies, configure user and group
based filtering, and learn to use more advanced
Websense features
2-6
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Preinstall Questions
Verify Before Installing Websense Software
Our Scenario
Single Machine, Custom Installation, Stand-Alone Edition
Installation & Deployment Part 1
Preinstall Questions:
Supported Operating System?
Meet Hardware Recommendations?
Server?
Free Disk Space?
Installed RAM?
Necessary Software Installed?
Installation Preparation and Answers
2-7
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Preinstall Questions
Supported Operating System?
Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition
Supported Operating Systems
Installation & Deployment Part 1
Windows 2000 Server SP3 or higher – or –
Windows Server 2003
Standard or Enterprise
– With or without SP1 – or –
Red Hat Enterprise Linux 3 or 4
AS, ES, or WS – or –
Solaris 9 or 10
2-8
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Preinstall Questions
Meet Hardware Recommendations?
Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition
Machine Recommendations
Installation & Deployment Part 1
Pentium 4, 3 GHz processor or greater
UltraSPARC IIIi or greater
Free Disk Space
10 GB of free disk space
Installed RAM
2 GB RAM
2-9
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Preinstall Questions
Necessary Software Installed?
Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition
Web Server Installed?
Installation & Deployment Part 1
Microsoft Internet Information Server (IIS) – or –
Apache Web Server
And, if Installing Reporting Components
Database Engine Installed? (Must be installed before you
install reporting components)
MSDE: Microsoft SQL Server Desktop Engine 2000 –or SQL Server: Microsoft SQL Server 2000/2005
– Not SQL Server Express – SQL Server Express does
not have SQL Server Agent jobs
2-10
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Preinstall Questions
Installation Preparation
Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition
Installation & Deployment Part 1
Make sure you have Administrator privileges before
installation
If you plan to have multiple NICs, install them before
installing the Network Agent
Make sure you are not using DHCP to assign IP
addresses
2-11
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Preinstall Questions
Installation Answers
Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition
Typical or Custom Install?
Installation & Deployment Part 1
We will install as Custom
2-12
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Preinstall Questions
Installation Answers
Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition
Install as Stand-Alone or Integrated?
Installation & Deployment Part 1
We will install as Stand-Alone
2-13
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Preinstall Questions
Installation Answers
Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition
Installation & Deployment Part 1
Will Users be filtered immediately after installation?
We will install as
‘Monitor Internet traffic only (configure filtering later)’
2-14
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Preinstall Questions
Installation Answers
Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition
Install Transparent User Identification Agents?
Installation & Deployment Part 1
We will install DC Agent and Logon Agent
2-15
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Preinstall Questions
Installation Answers
Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition
Download Websense Master Database Now or Later?
Installation & Deployment Part 1
We will Download Later
2-16
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Hands-On Lab 2-1
• Hands-on Lab 2-1
– Installing Websense Web Security Suite
• Single Machine, Custom Installation,
Stand-Alone Edition
Hands-On Lab
17
Core
Components
Websense
Enterprise /
Websense Web
Security Suite
Websense Software Core Components
Filtering Service *
Policy Server *
Installation & Deployment Part 1
Websense Manager *
Websense Master Database *
User Service
Network Agent
* Required Components
2-19
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Filtering Service
Installation & Deployment Part 1
The Filtering Service is the core of the Websense
software and is responsible for most aspects of URL
filtering
Filtering Service communications are necessary for the
core filtering and policy execution functionality of other
Websense Components
2-20
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Filtering Service
The Filtering Service performs or initiates four major
functions:
Installation & Deployment Part 1
1. URL filtering based on defined policies
2. Identifying requestors
3. Block page display
4. Websense Master Database Download
The Filtering Service also interacts heavily with other
Websense services and communicates with
firewall/router/proxy/caching device (integration)
2-21
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Filtering Service
Filtering Service Functions
Enforces policy defined with Websense Manager
Installation & Deployment Part 1
Provides the following filtering services:
Receives configurations executed through Websense
Manager
Communicates with integration partner to allow or
block URL access
Sends activity data to a Log Server
Sends activity data to Websense Real Time Analyzer
Sends Policy data to and receives protocol
information and disposition status from Network
Agent
2-22
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Filtering Service
Filtering Service Deployment
Typically installed on same machine as the Policy Server
Installation & Deployment Part 1
May be installed on the same machine as Websense
Manager
Recommended maximum of 10 Filtering Services for
each Policy Server (if they employ quality network
connections)
2-23
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Installation & Deployment Part 1
Filtering Service Architecture
2-24
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Filtering Service
Filtering Service and Web Traffic
The Filtering Service can receive Web traffic from a
variety of integrations including:
Installation & Deployment Part 1
Microsoft ISA Server
Cisco PIX Firewall and Content Engine
Check Point FireWall-1
Network Appliance NetCache
Stand-Alone installation, using the Network Agent
component
2-25
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Filtering Service
Installation & Deployment Part 1
TechNote on Filtering Service and Web Traffic
26
Tech
Note
Websense Filtering Service receives traffic, by
default, on TCP 15868 and listens on this port for
requests coming from the integration partner. If
the port is blocked, you will not be able to filter
user traffic.
Websense Filtering Service will use this port for
communications with Network Agent, if Network
Agent is installed.
This can be modified at any time after installation
if required.
Core Component: Filtering Service
Filtering Service TechNote
The Filtering Service runs as
Installation & Deployment Part 1
A service on Windows or as
A daemon on Solaris or Linux
Tech
Note
2-27
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core
Component
Policy Server
Core Component: Policy Server
Policy Server Overview
Stores all Websense
configuration information
Installation & Deployment Part 1
Configured from Websense Manager
Communicates configuration data to Filtering Service
All other components must communicate with Policy
Server
Automatically identifies all other Websense
components
Continually tracks location/status of all Websense
services
Definitive source of configuration information
2-29
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Policy Server
Policy Server Overview
Installation & Deployment Part 1
One Policy Server can communicate settings to a large
number of Websense services, including multiple filtering
services when necessary
In most environments, only a single Policy Server is
necessary
In large environments (10,000+ nodes), multiple
Policy Servers may be necessary
When using multiple Policy Servers, it is possible
to configure a single source of policy distribution
2-30
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Policy Server
Policy Server Deployment
Typically installed on the same machine as the
Filtering Service
Installation & Deployment Part 1
May be installed on a separate machine
Depends on the configuration of your network
Only one Policy Server installed for each logical
installation
An example would be a Policy Server that delivers
the same policies and categories to each machine
in a subnet
2-31
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Policy Server
Installation & Deployment Part 1
Policy Server Architecture
User Service
2-32
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core
Component
Websense
Manager
Core Component: Websense Manager
Websense Manager Overview
The Websense Manager is a Java-based Graphical User
Interface (GUI) interface
Installation & Deployment Part 1
It serves as the administrative interface and is used to
- Define and customize internet access policies
- Add or remove clients
- Configure the Policy Server
- Add and change other configuration settings
2-34
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Websense Manager
Installation & Deployment Part 1
Websense Manager – Before Logon
2-35
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Websense Manager
Websense Manger: Logon
Installation & Deployment Part 1
Websense Manager access requires a
User Name and Password
You set the Websense administrator password when
running the Websense Manger for the first time
2-36
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Websense Manager – Overview
Installation & Deployment Part 1
Menu
Bar
2-37
Content
Pane
Navigation Tree
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Websense Manager
Websense Manager Overview
Installation & Deployment Part 1
The Websense Manager is also the configuration
front-end for the gateway and network as well as Client
Policy Manager (CPM)
More information in the [Optional CPM Module]
2-38
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Websense Manager
Websense Manager Deployment
Installation & Deployment Part 1
May be on any Windows XP / 2000 / 2003 machine as
well as supported Linux and Solaris machines
Typically installed on the same machine as the Policy
Server
May be installed on one or more machines in your
network
Machine needs network access to the Policy
Server machine on port 55806
2-39
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Websense Manager
Installation & Deployment Part 1
Websense Manager TechNote
A policy server can only have one concurrent
session with a Websense Manager
Tech
Note
2-40
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core
Component
Websense
Master
Database
Core Component: Master Database
Category and Protocol Definitions
The Websense Master Database provides the basis for
filtering internet content
Installation & Deployment Part 1
Websense Master Database
Continually Updated
Published in more than 50 Languages
Organized into general categories and subcategories
2-42
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Master Database
Websense Master Database Overview
The Websense Master Database has the industry's most
accurate and up-to-date classification of:
Installation & Deployment Part 1
URLs
2-43
More Than 22 Million Websites in 90+ Categories
Protocols
~95 Protocols in 50 Categories
Applications
More Than 2.2 Million Applications and
Executables in 50+ Categories
Websense uses a variety of proprietary classification software
and human inspection techniques to maintain the Master
Database
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Master Database
Categories and Subcategories
For example, the Information Technology category
includes the subcategories:
Installation & Deployment Part 1
Computer Security
Hacking
Proxy Avoidance
Search Engines and Portals
URL Translation Sites
Web Hosting
NOTE: Without a valid subscription key, category names are
not displayed in the Websense Manager
2-44
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Master Database
Reputation Filtering
Installation & Deployment Part 1
From Websense Security Labs
The Websense ThreatSeeker technology leverages
years of experience to provide content-aware web
reputation intelligence allowing customers to easily
extend their protection by managing suspicious
websites
2-45
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Master Database
Reputation Filtering
New Extended Protection
Installation & Deployment Part 1
Websense Web Security Suite v 6.3.1’s parent
category contains three categories:
1. Elevated Exposure
2. Emerging Exploits
3. Potentially Damaging Content
2-46
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Master Database
Reputation Filtering
New Database Categories
1. Potentially Damaging Content
Installation & Deployment Part 1
Sites likely to contain little or no useful content,
with potentially harmful elements
2. Elevated Exposure
Sites that camouflage their true nature or identity,
or that include elements suggesting latent malign
intent
3. Emerging Exploits
Sites found to be hosting known and potential
exploit code
2-47
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Master Database
Reputation Filtering
New Category Defaults
The default category dispositions will be as follows:
Installation & Deployment Part 1
Potentially Damaging Content: Allow
Elevated Exposure: Block
Emerging Exploits: Block
2-48
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
URL Matching
Analyzes Full URL Entered by User
Installation & Deployment Part 1
Includes protocol, domain, and path to a specific
page
Prevents filtering sites incorrectly if pages in multiple
categories
2-49
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
URL Matching
Example
Installation & Deployment Part 1
Two URLs on the same domain but in different
categories
http://www.cnn.com/WORLD
(News and Media category)
http://www.cnn.com/SHOWBIZ
(Entertainment category)
Pages on the same site may be filtered differently
2-50
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
CGI Requests
CGI (Common Gateway Interface) scripts common in
interactive web sites
Installation & Deployment Part 1
Includes search engine request forms or image maps
CGI script automatically generates new URL request
Example:
http://search.yahoo.com/bin/search?p=CGI query string
CGI String
By default, disregards CGI-query in requested site
Can be added as Custom Keyword search
2-51
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
URL Pattern Matching
Supports regular expressions in matching URLs
Custom URLs
Installation & Deployment Part 1
Yes lists
Keywords
Pattern strings replace absolute character strings
Adds flexibility to site filtering
Allows specific general patterns for matching
2-52
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Websense Master Database
Installation & Deployment Part 1
TechNote: URL Pattern Matching
Using regular expressions as filtering
criteria may result in increased CPU
usage
Tech
Note
Tests have shown that with 100 regular
expressions, the average CPU usage
on the machine running the Websense
Filtering Server increased by 20%
2-53
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
IP Address Matching
Exclusive technology recognizing sites with text-based
URLs or with the numerical IP addresses of host servers
Installation & Deployment Part 1
Analyzes numeric IP address
204.15.67.11 = http://www.websense.com
Ensures accurate filtering however a site is requested
2-54
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Master Database
Installation & Deployment Part 1
Click in Black Window to Start Movie
2-55
<spacebar> to skip movie
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core
Component
User Service
Core Component: User Service
User Service Overview
Installation & Deployment Part 1
The User Service supports user identification for userbased policy execution
2-57
Installation of the User Service is required before any
identification can take place
The User Service is responsible for:
Directory browsing
Group membership discovery
Manual authentication
User verification
Communication with transparent identification agents
(DC Agent and Logon Agent)
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: User Service
Supported Directory Services
You can use any of the following directory services with
Websense User Service:
Installation & Deployment Part 1
Windows NTLM-based directories
Windows Active Directory
Novell Directory Services /
Novell eDirectory v8.51 and later
Sun Java System Directory Server v4.2 or v5.2
2-58
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: User Service
User Service Deployment
Installation & Deployment Part 1
Installed in networks using a directory service for
authentication
User Service is necessary for filtering and logging
internet requests even if only IP filtering is being used
Typically installed on the same machine as the Policy
Server
Only one User Service per Policy Server
2-59
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: User Service
Installation & Deployment Part 1
User Service Interaction with Directory Services
2-60
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core
Component
Network
Agent
Core Component: Network Agent
Network Agent Overview
Installation & Deployment Part 1
Network Agent uses protocol analyzing technology to
monitor all of the internet traffic on the network machines
assigned to it
Can filter HTTP traffic
Filters ~90 other popular internet protocols
Captures data about bandwidth usage
The Network Agent is typically used as a means for
evaluating Websense software
Must have bi-directional visibility into the network in order
to function properly
2-62
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Network Agent
Network Agent Overview
Installation & Deployment Part 1
Network Agent integrates well with proxy servers, network
caches, and firewalls
The Network Agent is the component that is
responsible for the filtering of non-HTTP protocols
Since most integrations (firewalls, proxies, etc.) can't
send information about these protocols to the Filtering
Service, Network Agent acts as a protocol analyzer in
order to inform the Filtering Service of this traffic
Network Agent detects malicious peer-to-peer
applications and spyware, even when tunneled over wellknown ports such as 80, 8080 etc.
2-63
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Core Component: Network Agent
Network Agent
Installation & Deployment Part 1
The Network Agent is also responsible for monitoring
bandwidth usage for use with Bandwidth Optimizer
(BWO) component
It is also used for enhanced logging with integrations
NOTE: Websense software can filter and log HTTP
traffic without using Network Agent
– Depending on the integration (such as Cisco
PIX) bandwidth information may not be
available without the Network Agent
2-64
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Installation & Deployment Part 1
Core Component: Network Agent
2-65
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Secondary
Components
Secondary Components
Real Time Analyzer
Installation & Deployment Part 1
Transparent ID Agents
DC Agent / RADIUS Agent / eDirectory Agent / Logon
Agent
Usage Monitor
Websense Reporting Components
Covered later in this module
Remote Filtering
Covered in a later module
2-67
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Installation & Deployment Part 1
Websense Secondary Components
2-68
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Secondary Component:
Real-Time Analyzer (RTA)
Real-Time Analyzer (RTA)
Installation & Deployment Part 1
A web-based reporting tool for IT administrators which
provides a real-time view of network activity
RTA is usually installed on the same machine as the
reporting components
RTA can be memory and CPU demanding, depending
on system settings and network load conditions
RTA should not be installed on real-time critical
machines
2-69
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Secondary Component:
Real-Time Analyzer (RTA)
Real-Time Analyzer (RTA)
Supported only on Windows
Installation & Deployment Part 1
Installation of the RTA requires a machine with web server
software installed:
Apache Web Server
Microsoft IIS
If no installed web server is detected, the Websense
software installer will offer to install the included
Apache Web Server
NOTE: Only one installation of RTA per Policy Server
2-70
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Secondary
Component
Transparent
ID (XID)
Agents
DC Agent
Logon Agent
eDirectory
Agent
RADIUS Agent
Secondary Component: (XID) Agents
Enable Websense software to filter based on policies
assigned to users or groups housed in a directory service
Installation & Deployment Part 1
Optional components
Can be used alone, or combined, with certain
limitations, covered in the User Identification and
Authentication module
2-72
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Secondary Component: DC Agent
DC Agent
Installation & Deployment Part 1
Installed in networks using a Windows directory service
(NTLM-based or Active Directory)
Can be installed on the same machine as Websense Web
Security Suite or installed on a separate machine
2-73
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Secondary Component: DC Agent
TechNote
Installation & Deployment Part 1
Installing DC Agent on the domain
controller machine or firewall DMZ is
not recommended
Tech
Note
DC Agent can be installed on any
network segment as long as
NetBIOS is allowed between the DC
Agent and the domain controllers
2-74
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Secondary Component: Logon Agent
Logon Agent
Installation & Deployment Part 1
Installed in networks using a Windows directory service
(NTLM-based or Active Directory)
Can be installed on the same machine as Websense Web
Security Suite or on a separate machine
May be installed with DC Agent to improve accuracy
of user authentication
2-75
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Secondary Component: eDirectory Agent
eDirectory Agent
Installation & Deployment Part 1
Installed in networks using a Novell eDirectory directory
structure
Can be installed on the same machine as Websense Web
Security Suite or installed on a separate machine
2-76
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Secondary Component: eDirectory Agent
Tech Note
Installation & Deployment Part 1
eDirectory Agent can be installed in the
same network as DC Agent or Logon Agent,
but cannot be active at the same time.
Tech
Note
Websense does not support communication
with Windows and Novell directory services
simultaneously
2-77
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Secondary Component: RADIUS Agent
RADIUS Agent
Installation & Deployment Part 1
Installed in networks using a RADIUS authentication
server
Can be installed on the same machine as Websense Web
Security Suite or a separate machine
2-78
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Secondary
Component
Usage
Monitor
Secondary Component: Usage Monitor
Usage Monitor
Installation & Deployment Part 1
A “behind-the-scenes” service enabling alerting based on
internet usage
Tracks URL category and protocol visits made by
clients
Generates alert messages according to behaviour
configured
Email / Onscreen / SNMP
Typically installed on the same machine as the Policy
Server
Only one installation of Usage Monitor per Policy
Server
2-80
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Additional
Deployment
Notes
Web Browser and Web Server
Web Browser and Web Server
Installation & Deployment Part 1
Microsoft Internet Explorer v5.5 or higher
Microsoft IIS (Internet Information Services) v5.0 or
v6.0, or Apache HTTP Server v2.0.50
2-82
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Basic Deployment: <1,000 Users
Installation & Deployment Part 1
Internet
2-83
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Deployment Dependencies
One Log Server per Policy Server
One User Service per Policy Server
Installation & Deployment Part 1
One Real-Time Analyzer (RTA) per Policy Server
One Usage Monitor per Policy Server
Recommended: Up to 10 (ten) Filtering Services per
Policy Server
2-84
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Additional Deployment Considerations
Relevant Documentation
Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition
Installation & Deployment Part 1
For additional stand-alone deployment considerations, refer to
the documentation:
2-85
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
(iLab) Instructor-Led Lab 2-2
•
In this iLab, the instructor will take you on an electronic field trip to
the Websense website to find KnowledgeBase Articles, Support
Tutorials and Documentation!
– iLab 2-2: Websense Help and Documentation
• http://www.websense.com/global/en/SupportAndKB/
• http://www.websense.com/global/en/SupportAndKB/
VideoTutorials/
• http://www.websense.com/global/en/SupportAndKB/
ProductDocumentation/
Instructor Led Lab
86
Installing
Websense
Reporting
Components
Reporting Components
Log Server
WebCatcher
Installation & Deployment Part 1
Enterprise Explorer
Database Administration Tool
Reporter
2-88
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Reporting Components Dependencies
All Reporting Tools rely on the Websense Software
Installation & Deployment Part 1
Reporting Components are installed after Websense
Enterprise or the Websense Web Security Suite
Websense Reporting Tools must be installed with the
same version as Websense Web Security Suite
Reporting Tools require an installed database engine
Microsoft SQL Server 2000 / 2005 or MSDE 2000
Not SQL Server Express – SQL Server Express
does not have SQL Server Agent jobs
For Linux/Solaris, MySQL 5.0 is the supported
database engine
2-89
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Websense Reporting Component
Log Server
Log Server
Installation & Deployment Part 1
Required for all Websense Reporting Tools
The installation of the Log Server creates the
Log Database
The Log Server sends the following to the Log
Database:
Internet activity
Categories and protocols
Risk class names
2-90
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Websense Reporting Component
WebCatcher
Websense obtains WebCatcher data from customers to analyze
Unrecognized URLs
Installation & Deployment Part 1
Security URLs
for
Categorization
Tracking potential for security and liability risks
NOTE: Subsequent downloads of the Websense Master
Database may include URL revisions from data sent to
Websense
2-91
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Websense Reporting Component
WebCatcher
Installation & Deployment Part 1
It’s about quantity and
relevance
WebCatcher
– Culls uncategorized web
sites and network protocols
from our customer sites
Global Benefit
– Newly categorized web sites
and network protocols are
distributed to all Websense
customers
“Digital fingerprint” assists
in categorizing a site
found using WebCatcher
2-92
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Websense Reporting Component
Enterprise Explorer
A web-based tool which allows an administrator to report
from the log database quickly and easily without waiting
for canned report generation
Installation & Deployment Part 1
Simple
Intuitive
Ability to focus reports using drill down capabilities
Produces reports…
Generated automatically
Sent via email
Exported to PDF / XLS
2-93
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Websense Reporting Component
Enterprise Explorer
Runs via HTTP / HTTPS
Installation & Deployment Part 1
The web server can be installed on any machine that can
connect to the Log Database via ODBC
2-94
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Websense Reporting Component
Database Administration
Installation & Deployment Part 1
Manage the Log Database by choosing rollover, database
partition and maintenance options
2-95
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Websense Reporting Component
Websense Reporter
A Client-based application
Installation & Deployment Part 1
Can be installed on any machine that can connect to
the Log Database via ODBC
Produces reports…
Generated automatically
Sent via email
Printed
2-96
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.
Hands-On Lab 2-3
• Re-start the Websense Web Security
Suite Install Process to install the
Websense Reporting Components
– Lab 2-3: Installing Reporting Components
Hands-on Lab
97
Installation & Deployment Part 1
Any Questions
2-98
Websense Confidential
© 2007 Websense, Inc. All Rights Reserved.