ScanSafe Managed Web Security available at ScanDefender.comScanSafe Deployment

Since 2004, ScanSafe has been trusted by some of the largest enterprises in the world to secure their networks against Web based threats. Given the wide range of network architectures and different requirements of these companies, ScanSafe has a breadth of experience in managing and supporting multiple deployment options.

Whether a business is centralized, has a highly globally distributed environment or even large volumes or remote and roaming users, ScanSafe has proven capabilities to successfully enable Web security consistently across the whole organization. ScanSafe can integrate seamlessly with existing network equipment (such as Web proxy, firewalls and routers) to forward Internet traffic to our data centers. Alternatively, ScanSafe can be deployed independently of existing equipment enabling granular Web policy and security without the need for any hardware or software installed on the network. These deployment choices enable customers to reap the benefits of utilizing the ScanSafe service without having to re-architect their network infrastructure.

While ensuring that all users can be secured, regardless of location or how they access the Internet, a key factor for deployment is to ensure that the ScanSafe service operates transparently, without interfering with the end-user experience.

Website Deployment

Generally customers benefit from ScanSafe’s Web security-as-a-service by simply rerouting their Internet traffic without the need for hardware or software. However, companies may wish to enforce policy at the user or group level. In situations like this ScanSafe offers a range of different options depending on the customer’s individual situation.

These different options enable organizations to apply their Web security services at a granular level to all of their employees, regardless of whether they are in the main office, branch offices, home offices, or mobile locations.

ScanSafe gives the administrator full management granularity down to the individual user level for policy application, monitoring, and reporting. User privileges may be set up through ScanCenter policy implementations, which integrate with network user/computer directories such as Active Directory. ScanSafe identifies end users by merging user details from Active Directory, using LDAP or Windows Domain integration, or by unique authentication keys.

Deployment Scenarios:

1. Internal Employees (Existing Proxy Server)

Internal Employees (Existing Proxy Server)

2. Internal Employees (No Proxy Server)
including port forwarding and WCCP scenarios

Internal Employees (No Proxy Server)

3. External Employees

External Employees

ScanSafe Deployment Steps:

1 . Provision Service

  • Provide external IP address(es)
  • Configure firewall to allow access to ScanSafe on port 8080

2. Set Up nector(s)

  • For management granularity
  • Suitable for dynamic and static IP addresses
  • Multiple Connector types may be appropriate for complex networks
  • Multiple Connectors may be appropriate for load-balancing and fail-over purposes
  • Accommodates various organizational scenarios:

 Set Up nector(s)

3. Redirect Traffic

Redirect Traffic

If management granularity is not required and external employees are not present:

  • Redirect port-forwarding firewall/transparent proxy to ScanSafe; or
  • Redirect clients to ScanSafe via PAC file, GPO, or manual configuration