Information Systems Services. SafeGuard Enterprise. enc. Device Encryption (DE) Installation V1.00 11/11/2010



Similar documents
SafeGuard Enterprise 5.50 Installation

SafeGuard Easy Administrator help. Product version: 6 Document date: February 2012

SafeGuard Enterprise Web Helpdesk

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

Sophos SafeGuard Disk Encryption, Sophos SafeGuard Easy Demo guide

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

SafeGuard Easy upgrade guide. Product version: 7

SafeGuard Enterprise upgrade guide. Product version: 7

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

SafeGuard Enterprise upgrade guide. Product version: 6.1

SafeGuard Easy startup guide. Product version: 7

How to Encrypt your Windows 7 SDS Machine with Bitlocker

SafeGuard Enterprise Installation guide. Product version: 6.1

Full Disk Encryption Agent Reference

DPMS2 McAfee Endpoint Encryption New Installation

Check Point FDE integration with Digipass Key devices

4cast Server Specification and Installation

Richmond Systems. SupportDesk Quick Start Guide

Use Enterprise SSO as the Credential Server for Protected Sites

SafeGuard Enterprise Installation guide. Product version: 7

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Sophos Cloud Migration Tool Help. Product version: 1.0

Utimaco SafeGuard Easy Installation Instructions for Notre Dame installer v2.5

Windows Symantec Encryption Desktop (PGP) Install Guide. Symantec Encryption Desktop (PGP) Windows system requirements

MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER

StruxureWare Power Monitoring In-Place Upgrade Guide SQL Server Standard Edition Only

SafeGuard Enterprise Installation guide

Hiva-network.com. Microsoft_70-680_v _Kat. Exam A

ScoMIS Encryption Service

Course 50322B: Configuring and Administering Windows 7

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Quick Start Guide. Version R91. English

1. System Requirements

DataTraveler Secure - Privacy Edition

SafeGuard Enterprise User help. Product version: 7

Retrospect 7.7 User s Guide Addendum

SafeGuard Enterprise Installation Best Practice

VMware Mirage Web Manager Guide

Symantec Endpoint Encryption (SEE Client) Installation Instructions. Version 8.2

Acronis Backup & Recovery 10 Advanced Server SBS Edition. Installation Guide

Windows XP Exchange Client Installation Instructions

Sophos SafeGuard Native Device Encryption for Mac Administrator help. Product version: 7

Installing and Configuring WhatsUp Gold

ADSelfService Plus: 3rd party Winlogon Client Software Support

McAfee Endpoint Encryption for PC 7.0

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Acronis Backup & Recovery 10 Workstation. Installation Guide

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

Citrix EdgeSight for Load Testing Installation Guide. Citrix EdgeSight for Load Testing 3.8

BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011

SafeGuard Enterprise Installation best practice

SQL 2014 Configuration Guide

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

White Paper. Software version: 5.0

SafeGuard Enterprise Installation guide. Product version: 6 Document date: February 2012

Moving the TRITON Reporting Databases

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

SafeGuard Enterprise User help. Product version: 6 Document date: February 2012

Password Manager Windows Desktop Client

Team Foundation Server 2013 Installation Guide

Synchronizer Installation

Microsoft Corporation. Project Server 2010 Installation Guide

EventTracker: Support to Non English Systems

Configuring and Administering Windows 7

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

How To Synchronize the easystore to the AD

University of Rochester Sophos SafeGuard Encryption for Windows Support Guide

SafeGuard Enterprise User help. Product version: 6.1

McAfee Endpoint Encryption Hot Backup Implementation

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Yale Software Library

ScoMIS Encryption Service

Symantec Endpoint Encryption Full Disk

Networking Best Practices Guide. Version 6.5

IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a)

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Moving the Web Security Log Database

Crystal Reports Installation Guide

How To - Implement Single Sign On Authentication with Active Directory

Contents. VPN Instructions. VPN Instructions... 1

Diamond II v2.3 Service Pack 4 Installation Manual

Keystone 600N5 SERVER and STAND-ALONE INSTALLATION INSTRUCTIONS

Oracle Enterprise Single Sign-on Logon Manager. Installation and Setup Guide Release E

Chapter 1 Scenario 1: Acme Corporation

@ptitude Observer. Installation Manual. Part No Revision G

BSDI Advanced Fitness & Wellness Software

Implementing and Supporting Microsoft Windows XP Professional

SecureDoc for Mac v6.1. User Manual

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

How to enable Disk Encryption on a laptop

Intel Data Migration Software

How To Install Ru-Vpn On A Pc Or Macbook Or Ipad (For Macbook) With A Microsoft Macbook (For Pc) With An Ipad Or Ipa (For A Macbook). Pc (For An

Course Outline. ttttttt

Acronis Backup & Recovery 10 Server for Windows. Installation Guide

Full Disk Encryption Pre-Boot Authentication Reference

Network Connect Installation and Usage Guide

Remote Access: Internet Explorer

Transcription:

Information Systems Services SafeGuard Enterprise enc Device Encryption (DE) Installation

1. SafeGuard Configuration for Endpoint Computers In order to fully encrypt the hard drive on a client (endpoint) computer the SafeGuard Enterprise application must be installed. The procedure is straight forward but there are some prerequisites and the procedure can take several hours from start (application install) to finish (fully encrypted drive). The endpoint client is managed via the SafeGuard Management Centre. The client receives its policies from the SafeGuard Enterprise Server via the Internet. The connection may temporarily be disabled, for example during a business trip, but even so the endpoint computer is still managed by the SafeGuard Management Centre. 2. Restrictions AHCI If using Intel Advanced Host Controller Interface (AHCI) on the computer, the boot hard disk must be in Slot 0 or Slot 1. You can insert up to 32 hard disks. SafeGuard Enterprise only runs on the first two slot numbers. Dynamic and GPT disks Dynamic and GUID partition table (GPT) disks are not supported. In such cases, the installation will be terminated. If such disks can be found on the computer at a later point in time, they will not be supported. SCSI hard disks The SafeGuard Enterprise Device Encryption Client does not support systems that are equipped with hard disks attached via a SCSI bus. Restrictions for initial encryption of SafeGuard Enterprise Client (managed) Initial configuration of SafeGuard Enterprise Clients (managed) may involve the creation of encryption policies that may be distributed inside a configuration package to the SafeGuard Enterprise Clients. However, when the SafeGuard Enterprise Client is not connected to a SafeGuard Enterprise Server immediately after the configuration package is installed, but is temporarily offline, only encryption policies with the following specific settings will become immediately active on the Enterprise Client: Device protection of type volume based using the Defined Machine Key as encryption key For all other policies involving encryption with user-defined keys to become active on the Enterprise Client, the respective configuration package has to be reassigned to the Enterprise Client s OU as well. The user-defined keys will then only be created after the Enterprise Client is connected to SafeGuard Enterprise Server again. The reason is that the Defined Machine Key is directly created on the SafeGuard Enterprise Client at the first restart after installation, whereas the user-defined keys can only be created on the SafeGuard Enterprise Client after it has been registered at the SafeGuard Enterprise Server. Upgrading the Operating System Once SafeGuard Enterprise is installed, it is only possible to update the Service Pack version of the operating system. You may, for example install a Windows XP Service Pack update. However, you cannot migrate from one operation system series to a different one: for instance you cannot migrate from Windows XP to Windows Vista with SafeGuard Enterprise installed.

3. Installation Packages for SafeGuard Enterprise Clients (managed) The following table shows the available installation packages for the Enterprise Client and states how the configuration package needs to be created: Package SGxClientPreinstall.msi SGNClient.msi SGNClient_x64.msi SGNClient_withoutDE.msi Description Must be installed on the endpoint computers prior to the encryption software (mandatory). Provides endpoint computers with necessary requirements for successful installation of the encryption software. For native SafeGuard Enterprise Clients. SafeGuard Enterprise Device Encryption(DE) Volume based encryption with Poweron Authentication. SafeGuard Data Exchange Easy data exchange with removable media on all platforms without re-encryption File based encryption SafeGuard Data Exchange Easy data exchange with removable media on all platforms without re-encryption File based encryption without Power-on Authentication SGNClientRuntime.msi SGNClientRuntime_x64.msi Enterprise Client Configuration Package Runtime Client enabling booting from a secondary boot volume when multiple operating systems are installed and accessing these volumes when they are encrypted by a SafeGuard Enterprise installation on the primary volume. Available for both SafeGuard Enterprise Clients and SafeGuard Standalone Clients. Created in the SafeGuard Management Center Configuration Package Tool. 4. Setting up endpoint computers locally This chapter describes how to set up the encryption software locally at the endpoint computer. This process will install SafeGuard Enterprise in combination with SafeGuard Enterprise encryption. Note: If you wish to install SafeGuard Enterprise volume based encryption, you should make sure that no volumes have already been encrypted with BitLocker. Otherwise the system may be harmed. 3

5. Prerequisites The process of encrypting the entire hard drive places it under significant stress. To help to ensure the process completes without any errors and with minimal risk please ensure: There is a good, full and up to date backup of the data on the device to be encrypted Run a Check Disk on the drive to ensure it s healthy Defragment the drive before installing SafeGuard Enterprise (NOTE: Do not defragment the drive if it is a SSD (Solid State Disk). SSDs should never be defragmented.) If the machine is dual boot, or is currently running BitLocker, STOP and refer to the SafeGuard Enterprise documentation. The process is more complicated than is covered by this simplified documentation. SafeGuard Enterprise offers POWER ON AUTHENTICATION (POA). Ie it s the process of booting that s locked down and it s the POA login screen that controls access to the encrypted data. Users should be reminded not to suspend or lock computers with SafeGuard Enterprise installed. Access to a suspended or locked computer is only controlled by Windows authentication (the decryption process is already running in the background at this point) and local administrators can gain access to encrypted data with a Windows username and password effectively bypassing the POA security. 6. Carrying out installation Step 1 Start the preparatory installation package SGxClientPreinstall.msi. The process is very straight forward: 4

Step 2 Start the Client installation package from the product CD. 5

Accept the default on the next dialogs. 6

Select Typical install type 7

Confirm that the installation has completed successfully. Step 3 Install the configuration package on the endpoint computer. Click Next 8

The SafeGuard Enterprise client software has now been completely installed. Reboot the machine 7. First Boot Login again after the machine has rebooted. As long as there is internet connectivity the SafeGuard Enterprise client will connect to the SafeGuard server and receive its policy instructions. 9

A bubble should appear indicating that the initial synchronization is complete. Within a minute or two the encryption process should begin Progress can be monitored through the Base Encryption Viewer. This process may take several hours depending on the specification of the machine and the size of the hard drive. 10

The initial encryption process is now complete, but our work is not quite finished. 8. First Login On login the user is now presented with a new login screen. This logon (POA) is the mechanism by which access is controlled to the encrypted data. Only users that are registered with the POA can now logon to the machine; the POA passing the credentials of an authorised users to the Windows GINA. This is a change from the traditional PC configuration where a PC registered in the Leeds Active Directory could be logged in to by any Active Directory User. A machine running SafeGuard Enterprise Device Encryption can only be accessed via accounts registered in the POA. The first person to login through the POA becomes the Owner and has the ability to register other users within the POA (See section 2.4 in the User Guide). The machine s Owner can be changed within the SafeGuard management console, but by default the Owner is the first person who logs into a newly encrypted machine. 11

The SafeGuard Client will periodically synchronise to the SafeGuard Server checking for policy updates. 12