Boundary Encryption.cloud Deployment Process Overview
Boundary Encryption.cloud Deployment Process Overview Documentation version: 1.0 Legal Notice Legal Notice Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Clients are advised to seek specialist advice to ensure that they use the Symantec services in accordance with relevant legislation and regulations. Depending on jurisdiction, this may include (but is not limited to) data protection law, privacy law, telecommunications regulations, and employment law. In many jurisdictions, it is a requirement that users of the service are informed of or required to give consent to their email being monitored or intercepted for the purpose of receiving the security services that are offered by Symantec. Due to local legislation, some features that are described in this documentation are not available in some countries. Configuration of the Services remains your responsibility and entirely in your control. In certain countries it may be necessary to obtain the consent of individual personnel. Symantec advises you to always check local legislation prior to deploying a Symantec service. should understand your company s requirements around electronic messaging policy and any regulatory obligations applicable to your industry and jurisdiction. Symantec can accept no liability for any civil or criminal liability that may be incurred by you as a result of the operation of the Service or the implementation of any advice that is provided hereto. The documentation is provided "as is" and all express or implied conditions, representations, and warranties, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement, are disclaimed, except to the extent that such disclaimers are held to be legally invalid. Symantec Corporation shall not be liable for incidental or consequential damages in connection with the furnishing, performance, or use of this documentation. The information that is contained in this documentation is subject to change without notice. Symantec may at its sole option vary these conditions of use by posting such revised terms to the Web site.
Technical support If you need help on an aspect of the security services that is not covered by the online Help or administrator guides, contact your IT administrator or Support team. To find your Support team's contact details in the portal, click Support > Contact us.
Boundary Encryption.cloud deployment overview This document includes the following topics: About Boundary Encryption.cloud Boundary Encryption.cloud over Secure Connect implementation process Boundary Encryption.cloud with an external third party implementation process About Boundary Encryption.cloud Email Boundary Encryption.cloud ensures the complete confidentiality of email communications and all the information they contain. It achieves this confidentiality by setting up unbreachable private email networks linking you and or between you and your nominated partners. Every single email that is sent or received through these networks is fully and securely encrypted. The application of the encryption remains unseen to both sender and recipient. The service is based on the use of TLS to encrypt the email connection between mail servers. Boundary Encryption.cloud can be put in place between: r organization and the infrastructure via Secure Connect and the external third parties that you want to set up secure business-to-business email with. can define and manage a bespoke secure community for email exchange, based on a clearly-defined and automatically enforced encryption policy.
6 Boundary Encryption.cloud deployment overview Boundary Encryption.cloud over Secure Connect implementation process The relationship with an external third party (Business Partner) is held by you, the client. All communication is with you, the client, unless the business partner is another client. A Boundary Encryption.cloud Specialist is available to guide you through all stages of the implementation process. See Boundary Encryption.cloud over Secure Connect implementation process on page 6. See Boundary Encryption.cloud with an external third party implementation process on page 8. Boundary Encryption.cloud over Secure Connect implementation process To be set up for Boundary Encryption.cloud between you and the infrastructure with Secure Connect, you need the following documents. should receive these in your welcome pack. Table 1-1 Documents Provisioning and other implementation documentation Action Pre-qualification form Client Boundary Encryption.cloud MTA Setup Guide Provides us with the technical details of your email environment A guide to configuring TLS and installing certificates. The MTA Setup Guide provides the certificate requirements, methods of authentication, and authorized vendors. Boundary Encryption.cloud MTA Setup Guide Boundary Encryption.cloud FAQs Frequently asked questions about the Boundary Encryption.cloud service. Boundary Encryption.cloud FAQs The following steps summarize the implementation process: 1. Complete and return the pre-qualification form. 2. Prepare your gateway for TLS enforcement. 3. We test your gateway and certification. 4. The Boundary Encryption.cloud engineers build the configuration. 5. We confirm that the service is ready.
Boundary Encryption.cloud deployment overview Boundary Encryption.cloud over Secure Connect implementation process 7 The implementation process is described in detail in the following table. Table 1-2 Who Boundary Encryption.cloud over Secure Connect implementation process Step Complete the Pre-qualification form Client form and return it to us Prepare your gateway for TLS enforcement For full details, see Boundary Encryption.cloud.cloud MTA Setup Guide The domains that are involved on your side of the TLS enforcement must be present on our infrastructure. The enforcement is held on your domain configuration. This step enables us to access your domains. The certificate name must match either the DNS Mailhost that we connect to or the 250 banner that is presented back from your MTA. We can provide troubleshooting advice on preparing your gateway. If the gateway is not ready, no enforcement is put in place until all testing has been completed and the requirements met. We only put the enforcement in place when all testing is complete to ensure that mail flow is not disrupted. Mail continues to flow using opportunistic TLS until the enforcement is put in place. Confirm that your gateway is ready for TLS enforcement. Email us at CLD_Encryptech@symantec.com. We test the inbound TLS on the gateway(s) that you have specified on the Pre-qualification form Client. We look for a TLS-enabled gateway by looking for starttls to be offered. We check that the correct certification is presented. If these are present, we ask you to confirm that you want us to enable outbound TLS from you to us. Confirm that you want the TLS enforcement to commence. Email us at CLD_Encryptech@symantec.com. When you have confirmed that you want the TLS enforcement to commence, the request is sent to the Boundary Encryption.cloud engineers. The Boundary Encryption.cloud engineers build the configuration. When complete, your Boundary Encryption.cloud service starts. The Boundary Encryption.cloud engineers confirm to your named contact that the configuration is complete.
8 Boundary Encryption.cloud deployment overview Boundary Encryption.cloud with an external third party implementation process Table 1-2 Who Boundary Encryption.cloud over Secure Connect implementation process (continued) Step r contact lets you know that the configuration has been built and that the Boundary Encryption.cloud service is now in operation. See About Boundary Encryption.cloud on page 5. Boundary Encryption.cloud with an external third party implementation process To be set up for Boundary Encryption.cloud between you and an external third party, you need the following documents. should receive these in your welcome pack. The required documents are listed in the following table. Table 1-3 Documents Provisioning and other documentation Action Pre-qualification form Client Pre-qualification form Business Partner Boundary Encryption MTA Setup Guide Provides us with the technical details of your email environment Provides us with the technical details of your business partner's email environment A guide to configuring TLS and installing certificates. The certificate requirements, methods of authentication, and authorized vendors are covered in the MTA guide and on the forms that accompany this guide. Boundary Encryption MTA Setup Guide Boundary Encryption FAQs Frequently asked questions about the Boundary Encryption service. Boundary Encryption FAQs The following steps summarize the implementation process: 1. Send the external third party a pre-qualification form to complete and return to you. 2. Complete and return your pre-qualification form and the third party's pre-qualification form.
Boundary Encryption.cloud deployment overview Boundary Encryption.cloud with an external third party implementation process 9 3. Prepare your gateway for TLS enforcement. 4. The third party prepares their gateway for TLS enforcement. 5. We test your gateway and certification and the third party's gateway and certification. 6. The Boundary Encryption.cloud engineers build your configuration and the third party's configuration. 7. We confirm that the service is ready. The implementation process is described in the following table. Table 1-4 Boundary Encryption.cloud between an external third party implementation process Who r business partner r business partner Step Send the Pre-qualification form - Business Partner to your third-party company to complete. The business partner completes the Pre-qualification form - Business Partner and returns it to you. Complete the Pre-qualification form Client form and return it to us with the completed Pre-qualification form - Business Partner Prepare your gateway for TLS enforcement. r business partner prepares their gateway for TLS enforcement. For full details, see Boundary Encryption.cloud.cloud MTA Setup Guide. The domains that are involved on both sides of the TLS enforcement must be present on our infrastructure. The enforcement is held on your domain configuration and on your business partner's domain configuration. This step enables us to access your and your business partner's domains. The certificate name must match either the DNS Mailhost that we connect to or the 250 banner that is presented back from your MTA. We can provide troubleshooting advice on preparing the gateways. No enforcement is put in place until both of the gateways are ready. We only put the enforcement in place when all testing is complete to ensure that mail flow is not disrupted. Mail continues to flow using opportunistic TLS until the enforcement is put in place. Confirm that your gateway is ready for TLS enforcement. Email us at CLD_Encryptech@symantec.com.
10 Boundary Encryption.cloud deployment overview Boundary Encryption.cloud with an external third party implementation process Table 1-4 Boundary Encryption.cloud between an external third party implementation process (continued) Who r business partner Step Inform your business partner to confirm to us that their gateway is ready for TLS enforcement. They should email us at CLD_Encryptech@symantec.com. r business partner confirms that their gateway is ready for TLS enforcement. We test the inbound TLS on the gateways that are specified on the Pre-qualification form Client and on the Pre-qualification form Business Partner. We look for a TLS-enabled gateway by looking for starttls to be offered. We check that the correct certification is presented. If these are present, we ask you to confirm that you want us to enable outbound TLS from you to us. Confirm that you want the TLS enforcement to commence. Email us at CLD_Encryptech@symantec.com. When you have confirmed that you want the TLS enforcement to commence, the request is sent to the Boundary Encryption.cloud engineers. The Boundary Encryption.cloud engineers build the configuration. When complete, your Boundary Encryption.cloud service starts. The Boundary Encryption.cloud engineers confirm to your named contact that the configuration is complete. r contact lets you know that the configuration has been built and that the Boundary Encryption.cloud service is now in operation. Let your business partner know that the Boundary Encryption.cloud service is now in operation. See About Boundary Encryption.cloud on page 5.