DC Agent deployment overview

To enable transparent user identification with DC Agent:

1. Install DC Agent and User Service. To ensure a smooth DC Agent installation:
   • Make sure the Windows Computer Browser service is running on the server. (Dnsquery will locate other controllers and pull information from them.)
   • Run the installer with an account that has both local and domain administrator privileges.
2. Use the Forcepoint Security Manager to configure your product to communicate with DC Agent (see Configure DC Agent settings).

   Optionally, also configure your software to prompt users for logon information if transparent identification fails or is not available. See the Administrator Help for details.

3. Use the Security Manager to identify directory clients for policy enforcement.

If your network is very large (10,000+ users or 30+ domain controllers), you may benefit from installing DC Agent on multiple machines, particularly if you have different domains in separate subnets. This way, you have ample space for files that are continually populated with user information, and the user identification process is faster.

In most cases, you need only 1 Filtering Service that communicates with every instance of DC Agent in your network. If you have installed multiple Filtering Services for load-balancing purposes, each Filtering Service must be able to communicate with every DC Agent.

Typically, User Service is installed on the same machine as Policy Server. User Service can be installed separately, as long as there is 1 instance of User Service for each instance of Policy Server.

DC Agent uses TCP (Transmission Control Protocol) to transmit data. When user data is sent to Filtering Service, roughly 80 bytes is transmitted per user name/IP address pair. The table below shows average quantities of data transferred per day, by number of users.