Sensors
Fortra Cloud Email Protection relies on a Sensor to receive a copy of all messages sent inbound into your organization. Installing a Sensor is the first critical step toward realizing the value of Cloud Email Protection.
The purpose of the Sensor is to collect per-message information from your organization’s inbound email stream and to relay that information to the Cloud Email Protection cloud for analysis. That information includes:
- Message metadata
- Attachments (when enabled)
- URLs (when enabled)
The Sensor is secure, lightweight (requiring minimal resources), and optimized for high performance. It plays a key role in enforcing malicious messages.
NOTE: Sensors can accept messages that are up to 100 MB in size. If you have attachment scanning enabled (see Attachment and URI Analysis), the total size of a message and its attachments, including any overhead required for encoding, must not be more than 100 MB for the Sensor to accept the message.
Placing Sensors In Your Infrastructure
You have two basic choices about where to place Sensors:
- You can provision host systems in your own environment for running Sensors, a configuration generally recommended only when you're also running your own Exchange server because you typically want the Sensor close to your mail store for better efficiency. But it also requires that you explicitly update your Sensor instances when updates are available and add Sensors manually when your mail load increases.
- You can have Cloud Email Protection host Sensors on your behalf in an administratively separate, secure cloud, which is the recommended configuration when you're using any cloud service, such as Office 365 and Gsuite. Hosted Sensors are not only updated as necessary by Fortra Cloud Email Protection, hosted Sensor capacity is also scaled by CEP as necessary. (Contact your Fortra Cloud Email Protection sales engineer for more information on CEP-hosted Sensors.)
If you provision your own Sensor, you should connect and integrate it in a place in your infrastructure where it can receive copies of messages that get delivered internally – after other scanning (anti-spam, anti-virus, anti-malware) has taken place on messages. The Sensor for Cloud Email Protection should only “see” messages that have passed through these filters and that are deemed worthy of delivery.
If you have a hosted email infrastructure (such as Google Apps or Microsoft Office 365), the same theory applies: you will direct a copy of your mail stream to the Cloud Email Protection Sensor after all other filtering and scanning has taken place.
Fortra Cloud Email Protection supports Sensors configured as dual-delivery, deployed as Cloud Email Protection-hosted or on-premises, as follows:
Dual-Delivery Sensors | |
---|---|
Fortra Cloud Email Protection-Hosted (preferred) | Provides the highest-performance option of dual-delivery with the robustness of Fortra Cloud Email Protection-managed scaling and updating of Sensors. This combination is the preferred option. |
On-Premises | Provides the highest-performace option of dual-delivery, but Sensor and Sensor host updates are performed by customer. Typically used when security rules preclude email traffic from being sent outside the email infrastructure. |
For on-premises Sensors, you can configure and use a bare-metal machine or run the Sensor software in a virtual machine. For the latter, you can configure the virtual machine manually or download a pre-configured virtual machine package.
If you run your on-premises Sensors on bare metal or your own virtual machine, all Sensor operation is performed through a command line, which requires you to access the machine from a secure shell (ssh). If you use the pre-configured virtual machine package, a character-based front end provides easy access to Sensor information and to its control commands.
TIP: Initial Sensor configuration, including its IP address, NTP, DNS, and password, is performed by a VMWare admin via the VMWare console before you can access the Sensor via ssh.