I need a little advice on the best way forward here. Currently we have a Web Security 7.1 set up as follows:
Server 1: Win2003: Policy Broker & Policy Server. Also Filtering service and ISA2006
Server 2: Win2003, (domain controller): Log server with MSDE database
Server 3: Win2003: Filtering service and ISA2006
Servers 4&5: As per server 3 but located remotely, communicating with Policy Server over our WAN.
I know that I need to upgrade the operating systems, upgrade ISA to TMG, upgrade the database. I also wich to migrate the policy settings, rather than have to recreate the policy.
So, the anticipated solution is:
Install Websense (policy broker, policy server, log server, user service) on a new Win2008R2 server, along with the SQL server 2008R2 Express database.
Remove all Websense functionality from Server 2.
Replace servers 1, 3, 4 and 5 with Win2008R2 servers with Forefront TMG, & the ISAPI plug-in.
So my simple questions are: "Is the proposed structure OK?" and "What is the best route to this final configuration which will preserve existing settings and minimise down time?"