advertisement
Web Security Server Administration
Interoperability components
Web Security Help | Web Security Solutions | Version 7.8.x
Component
Directory Agent
Filtering Plug-In
Linking Service
Sync Service
Description
In Websense Web Security Gateway Anywhere deployments, collects user and group information from a supported directory service for use by the hybrid service.
When Websense software is integrated with certain firewall, proxy, cache, or similar products, a plug-in may be installed to enable communication between Filtering Service and the integration.
In Websense Web Security Gateway Anywhere deployments, or in environments that combine Websense web and data security components, gives data security software access to Master
Database categorization information and user and group information collected by User Service.
In Websense Web Security Gateway Anywhere deployments:
Sends policy updates and user and group information to the hybrid service.
Receives reporting data from the hybrid service.
For information about other components, see:
Policy enforcement and management components
User identification components
Reviewing your Web Security deployment
Web Security Help | Web Security Solutions | Version 7.8.x
Use the Status > Deployment page to review status information for each Policy
Server in your deployment, and for the components that connect to each Policy Server.
Also investigate User Service directory connection and lookup speeds.
The Deployment page includes up to 3 tabs:
Policy Server Map gives a quick graphical and tabular overview of the Policy
Server instances in your network. Click a Policy Server icon or IP address to see
the status of components associated with the selected Policy Server. See
If your deployment only has one Policy Server, this tab is not displayed.
Component List provides a table listing the Web Security components in your
network, and allows administrators with appropriate permissions to stop or start components. See
.
376
Websense Web Security Solutions
Web Security Server Administration
Directory Performance provides information about connection and lookup
speeds for each LDAP-based directory server that User Service queries for user
Evaluating directory performance
.
If User Service is not installed, or if your organization uses Windows Active
Directory in mixed mode, this tab is not displayed.
Using the Policy Server map
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
Websense Web Security components
In multiple Policy Server deployments, the Policy Server Map tab of the Status >
Deployment page gives a graphical representation of all of your Policy Server instances.
All additional Policy Server instances are shown connected to the central or base
Policy Server for your deployment.
Each Policy Server is represented by a server tower or appliance icon with markers that describe its Policy Broker connection.
A legend underneath the map explains the icons.
Position the mouse over a Policy Server instance to see its full IP address and description, the IP address of the Policy Broker that it is currently connected to, and the Policy Broker mode (standalone, primary, or replica).
Configuration changes can be written to a standalone or primary Policy Broker, but replica Policy Broker instances are read-only.
Under the map, a table lists the IP address, description, Policy Broker IP address, key type, and current status of each Policy Server instance.
Click a Policy Server icon in the map or IP address in the table to see a list of the components (like Filtering Service, Log Server, and User Service) associated with the selected Policy Server instance. Note that in some cases, a single component name
(like Real-Time Monitor) is used to represent multiple, interdependent services (like
RTM Client, RTM Server, and RTM Database).
For each component, the list displays its name, IP address or hostname, version, and status.
The status column displays one of the following icons:
A green icon with a check mark indicates that the Policy Server and its associated components are all running.
Web Security Help
377
Web Security Server Administration
A red icon with an “x” indicates that the Policy Server or at least one of its associated components is stopped.
A yellow icon with an exclamation mark indicates that the Websense Control
Service instance on the Policy Server machine is not available, so status information is not available for that Policy Server and its associated components.
For administrators with permissions to start and stop component services or demons, the table also includes a start or stop link.
In some cases, a single entry in the list may represent multiple services. In these cases, all of the services that make up the component are started or stopped when the link is clicked.
An additional link offers the option to show all health alerts associated with the selected Policy Server within the Components pop-up window.
Using the component list
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
Websense Web Security components
Troubleshooting tips and tools
The Component List tab of the Status > Deployment page displays a table showing the Web Security components deployed in your network. For each component, the table shows its:
Name
IP address or hostname
Policy Broker IP address or hostname
Version
Status:
A green icon with a check mark indicates that the components is running.
A red icon with an “x” indicates that the component is stopped.
A yellow icon with an exclamation mark indicates that the Websense Control
Service is not running, so status information is not available.
For administrators with permissions to start and stop component services or demons, the table also includes a start or stop link.
To export the component data for manipulation in a third-party spreadsheet or reporting tool, the Export to CSV link above the table.
378
Websense Web Security Solutions
Web Security Server Administration
Evaluating directory performance
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
User configuration and identification issues
When User Service is installed and configured to connect to an LDAP-based directory service, the Directory Performance tab of the Status > Deployment page displays a table showing directory server performance statistics during the selected period (the last hour, by default).
Select a different Time period to see longer-term or more recent data. (The available time periods are last 24 hours, last hour, or last 5 minutes.)
The table contains a separate row for each directory server that User Service has attempted to connect to during the selected period. Each row shows:
The IP address of the Directory Host machine
The Operation type (bind or lookup)
The Average, Most Recent, and Maximum times for each type of operation during the selected period. The time is shown in milliseconds.
The number of attempts User Service made to perform each operation for the specified directory
The number of times the operation failed
Click a Directory Host entry for more information about the performance of that directory since midnight, over the last hour, and during the most recent 5-minute period (see
Review directory server details
If users in your organization are experiencing browsing delays or sometimes receiving the incorrect policy (especially applied to the first web request of the day, or after a long period without browsing), use the directory performance statistics to identify underperforming directories. If there are persistent problems with specific directory hosts, you may need to take steps to improve:
Network connections between User Service and the directory
Memory, disk, or CPU speed on the directory server machine
Problems affecting multiple directories may indicate network, DNS, or other configuration issues.
Web Security Help
379
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project