|
Generally customers benefit from ScanSafe’s Web security-as-a-service
by simply rerouting their Internet traffic without the need
for hardware or software. However, companies may wish to enforce
policy at the user or group level. In situations like this ScanSafe
offers a range of different options depending on the customer’s
individual situation.
These different options enable organizations to apply their
Web security services at a granular level to all of their employees,
regardless of whether they are in the main office, branch offices,
home offices, or mobile locations.
ScanSafe gives the administrator full management granularity
down to the individual user level for policy application, monitoring,
and reporting. User privileges may be set up through ScanCenter
policy implementations, which integrate with network user/computer
directories such as Active Directory. ScanSafe identifies end
users by merging user details from Active Directory, using LDAP
or Windows Domain integration, or by unique authentication keys.
Deployment Scenarios:
1. Internal Employees (Existing Proxy Server)
2. Internal Employees (No Proxy Server)
including port forwarding and WCCP scenarios
3. External Employees
ScanSafe Deployment Steps:
1 . Provision Service
- Provide external IP address(es)
- Configure firewall to allow access to ScanSafe on port
8080
2. Set Up nector(s)
- For management granularity
- Suitable for dynamic and static IP addresses
- Multiple Connector types may be appropriate for complex
networks
- Multiple Connectors may be appropriate for load-balancing
and fail-over purposes
- Accommodates various organizational scenarios:
3. Redirect Traffic
If management granularity is not required and external employees
are not present:
- Redirect port-forwarding firewall/transparent proxy
to ScanSafe; or
- Redirect clients to ScanSafe via PAC file, GPO, or manual
configuration
|
ScanSafe
Deployment