multiple sites, 1 broker with many policy servers

Reply

PatrickA replied on 19 Oct 2010 6:47

rated by 0 users

I get this during the install, it crashes saying,

websense web security was installed on your system. however, there were several issues with the installation. see the details below for your own records of if you wish to contact technical support.

choose next/done to exit the installer.

the following components have failed to install correctly;

policy server: package deployment failed; wbsn.policyserver

1:com.websense.conf.exception.ConfigurationRuntimeException:

com.websense.config.exception.ConfigException:

com.websense.config.exception.WebsenseinstallerException;

package deployment failed; wbsn.policyserver

Reply

mlpotgieter replied on 19 Oct 2010 10:36 PM

rated by 0 users

I have just gone through the same situation although with only 2 remote sites. I eventually installed the policy server first and then added the other components one at a time to narrow down what was the problem.

I think the issue is latency because I got different results all the time, however after installing just the policy server on a remote site and getting the same error as you, the installation is still working fine. So I would ignore that error and see how it works. I am also using centralised logging and that is working fine.

Reply

PatrickA replied on 20 Oct 2010 5:39

rated by 0 users

so for us even installing just the policy server doesn't work.

what we've noticed is that when the latency or ping time from policy server to broker is more than 30ms it crashes... when it's smaller than 30ms the installation will work.

ex: I install a test broker in boston and a test policy server in NY and it works. now if my policy server is in France it will fail, if it's in china it will fail if it's in Canada it will work because ping time from policy server to broker is 16ms...

so we've never even been able to install the policy server alone.

to me this is just insane... I see no reason why there should be a very good latency between the policy server and broker there is no need even on a slow circuit the broker can still transfer information to the policy servers... but I may be wrong and this may have nothing to do with latency.......

I have a websense engineer that's going to call me today and try to install the policy server for me in France... hopefully he can figure this out otherwise we'll have to do all our remote installs without policy servers, just have the policy server/broker on the same machine and all remote have just filtering which wasn't my plan. I wanted all remotes to also have a policy server.

Reply

mlpotgieter replied on 20 Oct 2010 6:14

rated by 0 users

I also got that error message after I installed just the policy server. However when i looked at the services the policy server service was there and running. Despite the error all was/is working fine.

Anyway I would be very interested on the outcome of your session with the Websense Engineer, please post the outcome.

Reply

Roger G. replied on 8 Dec 2010 5:38

rated by 0 users

Hi PatrickA , I have the same problem. I have tried to install a Policy Server in Brazil and bind them with a Policy Broker in Austria --> same errors!!

Have you heard anything from support?

Thanks
Tyr-Roger

Reply

Sajith Rahman replied on 15 Dec 2010 4:13

rated by 0 users

Even am also facing same issues, while installing Policy server+Filtering server in remote locations.

As per the above conversations i understand that if we install policy server alone and later install filtering service. hope it will work.... Pls confirm,

or did anybody has support feedback on this...??

Reply

Sajith Rahman replied on 15 Dec 2010 4:26

rated by 0 users

Hi Patrick,

Even i have the similer problem.

Have you got any update on this from websense engineer.,,?

Pls help.

Thanks,

Sajith

Reply

Roger G. replied on 15 Dec 2010 4:41

rated by 0 users

Hi all,

I have an answer from the support - see below. They told me, that if you have a RTT mor than 60ms from your Policy-Server to your Policy Broker it is not supported and in most cases also not working. I am a little confused, because there is no hint in any documentation about this issue!

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Hi Roger,

I can see what the problem is here now. This amount of latency is far too much for the Policy Server to Policy Broker communications.

We do not recommend the Policy Server --> Broker be anything more than 60 m/s! So your ping times are nearly 10 times this number. This is not going to work.

I think the only solution for you is going to be installing the Policy Broker and Policy Database on this same server, and have all the components running on the same box. Or at least install the Broker and Database on a server which is local to the Policy Server machine.

Either way, it is not possible for our components to work together with 400-500 m/s latency between them.

Please let me know if I can assist you any further with the deployment of these components.


Thanks,
Mike
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Reply

mlpotgieter replied on 15 Dec 2010 10:49

rated by 0 users

I have installed the policy servers after hours when WAN activity was low. All the above posts seem to explain my problems. Sometimes the Policy Server would install and other times not. I never checked the RRT as I did not expect it to be a problem, but I suspect my WAN latency must have been borderline. My installation is working fine now.

Reply

eLagano replied on 23 Aug 2011 12:59 PM

rated by 0 users

Where are Websense Support/Development folks? Do they read this thread at all? If there is indeed a requirement to have RTT <= 60ms between Policy Broker and any Policy Server in my deployment, then this needs to be documented somewhere. In fact this requirement makes entire Web Security 7.6 useless for our enterprise. Does Websense want me to start looking elsewhere?