[isalist] Re: ISA 2006 & Websense
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 29 May 2009 09:16:52 -0400
Thanks for your input, it helps getting an inside view from someone who is
actually using the product, rather than depending upon the marketing
documentation. For now, I think I'll put everything on that one server, and
if it looks like it is struggling I'll put a secondary server up to handle the
database. Maybe TMG will arrive and save the day! *grin*
We went over the redundancy issue in detail several times now and they/we have
decided it was acceptable to experience a few hours of outage rather than to
pay for another server. The server itself is pretty good, just about
everything in it is redundant, so the odds of actual total hardware failure is
awfully low. I just save the configuration backups so I can re-install the
software pretty quickly if needed.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
Sent: Friday, May 29, 2009 8:40 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2006 & Websense
That one server is going to be fine for 900 users browsing at the same time,
but......
Aren't you going to have any kind of redundancy?
To directly answer your questions:
1) No, is not going to be excessive.
2) Everything means (policy server, filtering server, ISA CSS and ISA
service)? ISA is going to be the most difficult part I guess, websense is
really easy to move, but always will be a downtime (minimum, but downtime
anyway).
In any case, I would never put just 1 server if uptime is critical. If you can
live with internet down for a good amount of hours while you configure a new
server in case of a severe failure, then go ahead, if not I would say "fight
for more hardware"
Regards
Diego R. Pietruszka
MIS - Shift Manager
MSC (USA) - Interlink Transport Technologies
Direct Phone: (908)605-4147
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: Friday, May 29, 2009 8:20 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: ISA 2006 & Websense
Well, we have about 5000 "potential" users, but probably only a max of about
900 online at any given time.
I guess the two questions I would have on this would be:
1. Do you feel like that would be an excessive amount of users for a
single ISA server on an ML370 G4 (students do browse at a frenzied rate)?
2. If I did put everything on that one server, how difficult would it be
to move portions of it to a separate server later if the load was too high?
Thanks for your response! Having never installed the software, I'm not sure
how it behaves.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
Sent: Friday, May 29, 2009 8:08 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2006 & Websense
No, you don't have to split the websense services.
If you have an small network, and you would like to have all the websense
services plus ISA on the same box, that is valid and can be done.
On my case we don't have a huge amount of users (1500 in total), but we have a
good amount of offices and ISAs arrays on different areas of the network.
Having the Websense policy server on a separate box, allow us to service all
our 6 arrays of ISA/Websense facing internet. The poicy server is doing at the
same time the function of ISA CSS.
Regards
Diego R. Pietruszka
MIS - Shift Manager
MSC (USA) - Interlink Transport Technologies
Direct Phone: (908)605-4147
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: Friday, May 29, 2009 7:38 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2006 & Websense
So both of you found you had to run two servers for this? How much of a load
does it add?
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
Sent: Friday, May 29, 2009 7:13 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2006 & Websense
I'm using Websense with ISA as well without any problem, I'm running ISAS 2006
enterprise and Websense 6.3.
Just install websense integrated with ISA and allow the bunch of ports it need
to the policy server as Andrew said and you will be up and running in no time.
Regards
Diego R. Pietruszka
MIS - Shift Manager
MSC (USA) - Interlink Transport Technologies
Direct Phone: (908)605-4147
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Andrew Hodgson
Sent: Friday, May 29, 2009 4:47 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2006 & Websense
Hi,
Running ISA 2006 with Websense 7.0.1.
Install went very well, no major issues.
You need to allow ISA server to communicate via a firewall rule to the Websense
policy server on the Websense specific ports.
All clients are proxy clients so I can't use the Websense protocol filtering
definitions, though these are blocked via another firewall anyway.
I am not using any of the identification agents, using transparent
authentication via the ISA Websense plugin - all clients must authenticate to
the proxy.
Thanks.
Andrew.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: 28 May 2009 17:25
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] ISA 2006 & Websense
Anyone have Websense up and running with ISA2006? I'm setting up a new server,
and looking at installing that software now.
[cid:image001.jpg@01C9E03D.2A588140]
allpay achieved PCI DSS and ISO 27001 certification in 2008
Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
Telephone: 0844 225 5729, Fax: 0844 557 8350.
Website: www.allpay.net Email: enquiries@xxxxxxxxxx<mailto:enquiries@xxxxxxxxxx>
This email, and any files transmitted with it, is confidential and intended
solely for the use of the individual or entity to whom it is addressed. If you
have received this email in error please notify the allpay Information Security
Manager at the number above.
Other related posts:
