The following diagrams provide example deployment options and indicate where the CensorNet server should be located on the network. Please contact Technical Support to discuss your implementation in more detail.

Sideways Mode

This is the traditional method of installing a web proxy server. The CensorNet server exists on the network as if it was another computer connected to the switch, with a single network card. Web traffic is redirected to the CensorNet server for inspection by configuring web browsers to use the CensorNet server as a proxy (using Group Policy or WPAD).

In this mode, unless the browser is configured to use the proxy server the connection will not be filtered and it requires that all web based applications that require filtering adhere to the HTTP proxy protocol. For applications that do not require filtering it is possible to bypass them from using the proxy at all.

Inline Mode

Inline mode turns the CensorNet server into a bridge and requires two network cards. Any web traffic that passes over the bridge, in either direction, will be filtered by CensorNet. It is therefore recommended that you position CensorNet between your main switch and Internet gateway when using inline mode. Although using two network cards, the CensorNet server will still only have one IP address used to manage the system.

Inline mode is particularly useful when you want to “catch all” web traffic on the network and filter it without needing to configure web browser proxy settings on every computer. There is no need to alter the gateway address on the computers that you want to filter.

Mixed Mode

It is possible to use a combination of sideways and inline modes where the server is configured as per the “Inline Mode” section above but there are also computers on the network that have their web browsers configured to use CensorNet as well.

High Availability Mode

CensorNet can be configured in a High Availability mode. This involves two identical CensorNet servers (physical or virtual) which perform disk replication over a gigabit backbone and use a floating IP to determine which server is active at any given time. If one of the servers detects a problem with the other, the healthy server will automatically take over and vice versa. The servers are also clever enough to automatically promote the healthy server if a critical service becomes unstable. The High Availability options do cost extra and should be discussed with the sales team.

-- TimLloyd - 06 Aug 2009