Transcription
Websense Web Security Gateway Anywherewith the V-Series ApplianceEvaluationsInstalling selected componen ts on VMs off the appliancev7.5 Evaluat ions
1996–2010, Websense Inc.All rights reserved.10240 Sorrento Valley Rd., San Diego, CA 92121, USAPublished March 30, 2010Printed in the United States of America and China.This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronicmedium or machine-readable form without prior consent in writing from Websense Inc.Every effort has been made to ensure the accuracy of this manual. However, Websense Inc., makes no warranties withrespect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose.Websense Inc. shall not be liable for any error or for incidental or consequential damages in connection with the furnishing,performance, or use of this manual or the examples herein. The information in this documentation is subject to changewithout notice.TrademarksWebsense is a registered trademark of Websense, Inc., in the United States and certain international markets. Websense hasnumerous other unregistered trademarks in the United States and internationally. All other trademarks are the property oftheir respective owners.Microsoft, Windows, Windows NT, Windows Server, and Active Directory are either registered trademarks or trademarksof Microsoft Corporation in the United States and/or other countries.Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companiesand are the sole property of their respective manufacturers.
1EvaluatingWeb Security Gateway AnywhereOverview of the management serverWebsense Web Security Gateway Anywhere is a Web security solution fordistributed enterprises with branch offices and remote users. With Web SecurityGateway Anywhere, you can deploy a blended security solution that encompasses thebest of in-the-cloud and on-premises computing, and you can manage it from a singleuser interface—the TRITON console.Evaluations of this solution with Websense V-Series appliances typically include aseparate, management server machine. The management server contains 2 VMs, onewith an installer for Websense Web Security components that run off the V-Seriesappliance, and one containing an installer for Websense Data Security components.The Data Security VM includes Data Security Management Server, TRITON - DataSecurity, and Oracle database management software. The Web Security VM includes:TRITON - Web Security, Log Service, Websense transparent ID agents, LinkingService, Sync Service, and Microsoft SQL Server management software. Following isthe profile:Installing components off the appliance 3
Evaluating Web Security Gateway AnywhereYour management server for evaluations is already preconfigured with the two VirtualMachines (VMs).Each VM contains one installation program. One installer is used to install Websense Web Security off-appliance components. The other is used to install Data Security components.Database management software The Data Security installer places required database management software ontothe appropriate VM for use with Data Security during evaluation. The Web Security installer places required database management software ontothe appropriate VM for use with Web Security during evaluation.Web Security Gateway Anywhere includes Websense Web Security and WebsenseContent Gateway as well as hybrid Web and DLP features.Because it includes the real-time analytics of the Websense Content Gateway, you cancan protect your users from Web 2.0 threats no matter where they reside.Websense TRITON ConsoleThe centralized interface that you use to manage Websense Web Security GatewayAnywhere is called the TRITON console. TRITON has modules for Web, data, and—coming next—email security. The TRITON console is a Web-based user interface thatenables you to perform basic setup, system maintenance, policy creation, reporting,and incident management for both modules in the same location.NoteThe TRITON console supports Internet Explorer 7 and 8and Firefox 3.0.x - 3.5.x. If you have another browserversion, unexpected behavior may result.The TRITON module trayThe TRITON module tray indicates which module is active.When you log onto TRITON - Web Security, the Web Security module is active andthe Web Security button in the module tray is yellow. To enable the Data Security4 Websense Web Security Gateway Anywhere Evaluations
Evaluating Web Security Gateway Anywherebutton, you must install Data Security software, configure linking between TRITON Web Security and TRITON - Data Security, and create identical administratoraccounts in both the Web and data modules.After you have configured linking, you can click Data Security in the module tray toopen TRITON - Data Security. When you are in TRITON - Data Security, the DataSecurity button is yellow, and the Web Security button is grey.NoteOnce you have opened both management consoles in theTRITON security center, use the operating system task barto switch between the two. Each time you click WebSecurity or Data Security, a new browser window opens.Until you configure linking, clicking the Data Security button opens a Web pagedescribing the benefits of Websense data security solutions. The Email Security buttondisplays a similar Web page.ResourcesThe following additional resources are available to help you tailor your Web securityevaluation and to answer questions that may arise as you work with Websensesoftware.DocumentationDocumentation is available in the Websense knowledge base (http://kb.websense.com). It is also available on the Support by Product page ofWebsense.com.In addition, help systems are included with the product. To access help, click the Helpicon on the TRITON toolbar. Help for the active module opens. Click Help ExplainThis Page to access context-sensitive help—that is, help on the current page; or clickHelp Contents to access the entire help system.Following are the documentation modules that pertain to Websense Web SecurityGateway Anywhere.Websense Web Security Websense Web Security Gateway Anywhere Getting Started Guide - inknowledge base Websense Web Security Installation Guide - in knowledge base Websense Web Security Deployment Guide - in knowledge base TRITON - Web Security Help - in productInstalling components off the appliance 5
Evaluating Web Security Gateway Anywhere Log Server Help - in product New User’s Quick Start Tutorial - in product Upgrading User’s Quick Start Tutorial - in productWebsense Data Security TRITON - Data Security Help - in product Websense Data Security Deployment Guide - in knowledge baseWebsense Content Gateway Websense Content Gateway Installation Guide - in knowledge base Websense Content Gateway Administrator Guide - in knowledge base Content Gateway Manager Help - in productWebsense V-Series Appliances Websense Appliance Manager Help - in product Websense V-Series Getting Started Guide - in knowledge baseKnowledge BaseFor Websense Web Security knowledge base articles and FAQs, go to http://kb.websense.com.Technical SupportTechnical information about Websense software and services is available 24 hours aday at:www.websense.com/support/ the latest release information the searchable Websense Knowledge Base Support Forums Support Webinars show-me tutorials product documents answers to frequently asked questions Top Customer Issues in-depth technical papers6 Websense Web Security Gateway Anywhere Evaluations
2Installing Required Componentsoff the V-Series ApplianceDeployment overviewThe Websense V-Series Appliance is a security gateway appliance with an operatingsystem optimized for analyzing Web traffic and content.When you purchase or evaluate an appliance-based Web Security Gateway Anywheresolution, the following components are pre-loaded on the appliance for yourconvenience: Websense Web Security core components, including: Policy Database Policy Broker Policy Server Filtering Service Network Agent Directory Agent User Service TRITON - Web Security Websense Content Gateway Content Gateway ManagerOther components must be installed on a management server.See the V-Series Getting Started Guide and Quick Start (on the CD inside the shippingbox) for specifics about V-Series hardware setup and appliance configuration. Set upthe appliance before you set up the management server.Installing required components off the appliance 7
Installing Required Components off the V-Series ApplianceDetails needed for each management serverThe off-appliance Web Security and Data Security components can be installed on thesame management server if you use VMware.A management server machine is typically shipped with V-Series Evaluations. Thatsecond server contains 2 VMs, one with an installer for Websense Web Securitycomponents that run off the appliance, and one containing an installer for WebsenseData Security components. Setup for the VMs is described below.Web Security VM summary Host name: WSS75 OS: Windows Server 2003 SP2 Standard 32-bit User name: administrator Password: W3bs3ns345 Microsoft SQL Server name: WSS75 Authentication mode: Mixed mode SA password: W3bs3ns345 Web Security Installer location: C:\WSS75\Data Security VM summary Hostname: DSS75 OS: Windows Server 2003 SP2 Enterprise 32bit Username: administrator Password: W3bs3ns345 Data Security Installer location: C:\DSS75\ Oracle installation files location: C:\DSS75\database 10g\Setting up the Management Server (ESXi) machineThe steps below show you how to customize the management server to prepare for theEvaluation: You must assign a password to the root account. You must set up a management IP address for the ESXi server.By default, the management IP address is dynamically obtained using DCHP.However, we recommend that you set up a static IP address.Complete these steps to configure the ESXi platform for your Evaluation:1. Rack and power the management server.2. Connect the server to a KVM (mouse and keyboard).3. Connect network interface C to the network.8 Websense Web Security Gateway Anywhere Evaluations
Installing Required Components off the V-Series Appliance4. Specify the passwood for the root account:a. Press F2 on the main console page (see bottom left):b. When prompted for Authentication, move the cursor to Login Name andenter root.c. Move the cursor to Password and enter W3bs3ns345.d. Press Enter to confirm your entries and move to the System Customizationmenu.Installing required components off the appliance 9
Installing Required Components off the V-Series Appliance5. On the System Customization menu:a. Move the cursor to Configure Management Network and press Enter:b. Move the cursor to Network Adapters and press Enter:10 Websense Web Security Gateway Anywhere Evaluations
Installing Required Components off the V-Series Appliancec. Use the Space bar to select the device vmnic0. Status for this device shouldshow as Connected. Press Enter to confirm the setting and return to theConfigure Management Network menu.6. On the Configure Management Network menu, set up the static IP address:a. Move the cursor to IP Configuration and press Enter.b. On the screen that appears, select Set static IP address and then enter thefollowing information: (Management) IP AddressSubnet MaskDefault Gatewayc. Press Enter to confirm the settings and return to the Configure ManagementNetwork menu.Installing required components off the appliance 11
Installing Required Components off the V-Series Appliance7. On the Configure Management Network menu, move the cursor toDNS Configuration and press Enter.a. Configure static DNS information by entering the following: Primary DNS server addressAlternate DNS server addressHostname (fully qualified)b. Press Enter to confirm the settings and return to the Configure ManagementNetwork menu.8. Press Esc to exit.9. When asked to Confirm your settings, select Y to save the configuration.12 Websense Web Security Gateway Anywhere Evaluations
Installing Required Components off the V-Series ApplianceChanging the ESXi management password (optional)1. From the main console page, press F2.2. Enter the Login Name as root and the Password as W3bs3nse345 (if you arecurrently using the default). Press Enter to start configuration.3. Move the cursor to Configure Password and press Enter.Installing required components off the appliance 13
Installing Required Components off the V-Series Appliance4. Enter the Old Password, the New Password, and the Confirm Password:5. Press Enter to save the new password.6. Press Esc to finish and return to the main console.Preparing a computer to access the ESXi management server1. Add the ESXi server into your DNS server.2. Select a computer from which you will access the ESXi server.3. In the Internet browser on the chosen computer, type the IP address or name of theESXi server.4. Ignore the HTTPS alarm. The ESXi server Home Page is displayed.5. Click Download vSphere Client.14 Websense Web Security Gateway Anywhere Evaluations
Installing Required Components off the V-Series Appliance6. Save the installer onto a local drive to execute later, or Run it immediately.7. Follow the installation instructions to complete the vSphere Client setup.8. After client installation and setup, start vSphere Client.9. Enter the ESXi server IP address or name, the User name (root), and Password(either W3bs3ns345 or your customized password, if you changed from thedefault):10. Click Login to access the ESXi management server.11. When you see the Security Warning, check the box marked Install this certificateand do not . . . and then click the Ignore button to continue:Installing required components off the appliance 15
Installing Required Components off the V-Series Appliance12. On the Inventory pane (see below), double-click the ESXi server IP address orname.13. Two virtual machines are then listed on screen:a. WSS75 (Websense Web Security)b. DSS75 (Websense Data Security Suite)14. Select the name of the machine you wish to set up, and then click the Console tabon the right-hand pane.15. Click Ctrl Alt Insert to begin.16. Enter the User name and Password as specified above, to log in.16 Websense Web Security Gateway Anywhere Evaluations
Installing Required Components off the V-Series ApplianceEstablishing a static IP address for each VMEach VM on the management server needs a static IP address. (Note: Changing thehostname of the VMs is not recommended.)Follow these steps to assign an IP address for one VM:1. Log on to the ESXi server with vSphere Client.2. On the Inventory pane, double-click the ESXi server IP address or name.3. Select the name of the VM you wish to set up, and then click the Console tabon the right-hand pane.4. Click the Start button and navigate to the Windows Control Panel.5. Open the Windows Control Panel and choose Network Connections Local Area Connection.6. Click Properties, and then select Internet Protocol (TCP/IP).7. Then click Properties again.8. Check Use the following IP address, and then enter the IP address, Subnetmask, default gateway, preferred DNS server, and Alternate DNS serveraccording to your network environment.9. Click OK and then OK again, to save the settings.10. Add the machine WWS75 to Active Directory if Websense transparent IDagents are required on that VM.11. Repeat these steps for the second VM, if you plan to use both.12. Proceed to install the software components, as described below.Installing required components off the appliance 17
Installing Required Components off the V-Series ApplianceInstalling components on the management serverFor Evaluations, the off-appliance Web Security and Data Security components areinstalled on the same management server with VMware.On one VM image on the management server (VM named WWS75), you will installthe following Websense Web Security components: TRITON - Web Security (manager) Log Server Sync Service Linking Service Transparent identification agents DC Agent Logon Agent eDirectory Agent RADIUS AgentOn the second VM image on the management server (VM named DSS75), you willinstall the Websense Data Security Management Server. This includes: Policy Engine Crawler PreciseID Fingerprint Repository Forensics Repository18 Websense Web Security Gateway Anywhere Evaluations
Installing Required Components off the V-Series ApplianceInstalling components on virtual machinesThe Data Security VM includes Data Security Management Server, TRITON - DataSecurity, and Oracle database management software. The Web Security VM includes:TRITON - Web Security, Log Service, Websense transparent ID agents, LinkingService, Sync Service, and Microsoft SQL Server management software. Following isthe profile:Your management server for evaluations is already preconfigured with the two VirtualMachines (VMs).Each VM contains one installation program. One installer is used to install Websense Web Security off-appliance components. The other is used to install Data Security components.Database management software The Data Security installer places required database management software ontothe appropriate VM for use with Data Security during evaluation. The Web Security installer places required database management software ontothe appropriate VM for use with Web Security during evaluation.Installing required components off the appliance 19
Installing Required Components off the V-Series ApplianceThis is what a Web Security Gateway Anywhere deployment might look like whendeployed on a V-Series appliance in a small network. Note that TRITON - WebSecurity may also be installed on the Windows server.Installing Web Security components on a VMAccess the VM for Web security. The basic steps you need to perform are:1. Ensure that the V-Series appliance is set up, has network interfaces configured,and that all software modules on the appliance are running.2. Verify that you can ping from this VM to the IP address of the P1 and C networkinterfaces.3. Synchronize your VM system time with the time on the V-Series appliance.4. Extract the installer files. To do so, double-click the installer file, and click Runwhen prompted.The installer files are extracted to a temporary directory. Once the installer hascompleted, this directory is deleted. Launching setup.exe starts the installer.After extraction, the installation program starts automatically.5. On the Introduction screen, click Next.6. On the Subscription Agreement screen, choose to accept the terms of theagreement and then click Next.20 Websense Web Security Gateway Anywhere Evaluations
Installing Required Components off the V-Series Appliance7. On the Installation Type screen, select Custom and click Next.8. On the Select Components screen, choose the following components to install,and then click Next: Log Server Sync Service Linking Service TRITON - Web Security Optionally, one of the following transparent identification agents: DC AgentLogon AgenteDirectory AgentRADIUS Agent9. Enter the IP address and port of the policy server when prompted. This is the IPaddress of the appliance C interface. The default port is 55806. Click Next.10. Enter the same IP address for the policy broker location.11. Specify the database user name (sa) and password, and click Next.12. Enter the IP address and port for the filtering service. In appliance configurations,this is also the C interface IP. The default port is 15868.13. Specify the IP address for the Log Database location (Microsoft SQL Servermachine).14. When prompted, provide a user name and password for an administrator with userdirectory access.15. Keep the default directory path and click Next.16. On the Pre-Installation Summary screen, verify the information shown.17. Click Next to start the installation. An Installing progress screen is display
Mar 30, 2010 · Web Security Gateway Anywhere includes Websense Web Security and Websense Content Gateway as well as hybrid Web and DLP features. Because it includes the real-time analytics of the Websense Content Gateway, you can can protect your users from Web 2.0 threats no matter where
