PGP Universal Server Administrator's Guide 3.2
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Version 3.2.0. Last updated: July 2011. Legal Notice Copyright (c) 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. Commercial Computer Software and Commercial Computer Software Documentation, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 Symantec Home Page (http://www.symantec.com) Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1
Contents Introduction What is PGP Universal Server? PGP Universal Server Product Family Who Should Read This Guide Common Criteria Environments Improvements in this Version of PGP Universal Server Using the PGP Universal Server with the Command Line Symbols Getting Assistance Getting product information Technical Support Contacting Technical Support Licensing and registration Customer service Support agreement resources The Big Picture Important Terms PGP Products PGP Universal Server Concepts PGP Universal Server Features PGP Universal Server User Types Installation Overview About Integration with Symantec Protection Center Before You Integrate with Protection Center About Open Ports TCP Ports UDP Ports About Naming your PGP Universal Server How to Name Your PGP Universal Server Naming Methods Understanding the Administrative Interface System Requirements Logging In The System Overview Page Managing Alerts Logging In For the First Time Administrative Interface Map Icons 13 13 14 14 14 14 15 16 16 16 17 17 18 18 18 19 19 19 20 21 22 23 28 28 31 31 32 33 33 34 35 35 35 36 37 38 38 39
ii Contents Licensing Your Software Overview Licensing a PGP Universal Server License Authorization Licensing the Mail Proxy Feature Licensing PGP Desktop Operating in Learn Mode Purpose of Learn Mode Checking the Logs Managing Learn Mode Managed Domains About Managed Domains Adding Managed Domains Deleting Managed Domains Understanding Keys Choosing a Key Mode For Key Management Changing Key Modes How PGP Universal Server Uses Certificate Revocation Lists Key Reconstruction Blocks Managed Key Permissions Managing Organization Keys About Organization Keys Organization Key Inspecting the Organization Key Regenerating the Organization Key Importing an Organization Key Organization Certificate Inspecting the Organization Certificate Exporting the Organization Certificate Deleting the Organization Certificate Generating the Organization Certificate Importing the Organization Certificate Renewing the Organization Certificate Additional Decryption Key (ADK) Importing the ADK Inspecting the ADK Deleting the ADK External User Root Key Generating the External User Root Key Importing the External User Root Key Deleting the External User Root Key 45 45 45 45 45 46 47 47 48 48 49 49 50 50 51 51 53 54 54 55 57 57 57 58 58 59 60 60 61 61 61 62 62 63 64 64 64 65 65 65 66
Contents iii External User Root Certificate Generating the External User Root Certificate Importing the External User Root Certificate Deleting the External User Root Certificate Verified Directory Key Importing the Verified Directory Key Inspecting the Verified Directory Key Deleting the Verified Directory Key Administering Managed Keys Viewing Managed Keys Managed Key Information Email Addresses Subkeys Certificates Permissions Attributes Symmetric Key Series Symmetric Keys Custom Data Objects Exporting Consumer Keys Exporting the Managed Key of an Internal User Exporting the Managed Key of an External User Exporting PGP Verified Directory User Keys Exporting the Managed Key of a Managed Device Deleting Consumer Keys Deleting the Managed Key of an Internal User Deleting the Managed Key of an External User Deleting the Key of a PGP Verified Directory User Deleting the Managed Key of a Managed Device Approving Pending Keys Revoking Managed Keys Managing Trusted Keys and Certificates Overview Trusted Keys Trusted Certificates Adding a Trusted Key or Certificate Inspecting and Changing Trusted Key Properties Deleting Trusted Keys and Certificates Searching for Trusted Keys and Certificates 66 66 67 67 68 68 68 69 71 71 72 74 74 75 75 76 76 78 79 80 80 81 81 81 82 82 82 83 83 83 84 87 87 87 87 88 88 89 89 Managing Group Keys 91 Overview Establishing Default Group Key Settings Adding a Group Key to an Existing Group Creating a New Group with a Group Key Removing a Group Key from a Group Deleting a Group Key 91 91 92 92 93 93
iv Contents Revoking a Group Key Exporting a Group Key Setting Mail Policy Overview How Policy Chains Work Mail Policy and Dictionaries Mail Policy and Key Searches Mail Policy and Cached Keys Migrating Settings from Version 2.0.x About Restoring Mail Policy Rules Understanding the Pre-Installed Policy Chains Mail Policy Outside the Mailflow Using the Rule Interface The Conditions Card The Actions Card Building Valid Chains and Rules Using Valid Processing Order Creating Valid Groups Creating a Valid Rule Managing Policy Chains Mail Policy Best Practices Restoring Mail Policy to Default Settings Editing Policy Chain Settings Adding Policy Chains Deleting Policy Chains Exporting Policy Chains Printing Policy Chains Managing Rules Adding Rules to Policy Chains Deleting Rules from Policy Chains Enabling and Disabling Rules Changing the Processing Order of the Rules Adding Key Searches Choosing Condition Statements, Conditions, and Actions Condition Statements Conditions Actions Working with Common Access Cards Applying Key Not Found Settings to External Users Overview Bounce the Message PDF Messenger PDF Messenger Secure Reply Working with Passphrases Certified Delivery with PDF Messenger Send Unencrypted Smart Trailer PGP Universal Web Messenger Changing Policy Settings 94 94 95 95 95 96 97 97 97 98 104 105 105 106 108 108 109 110 111 112 112 112 112 113 114 114 115 115 115 115 116 116 116 117 117 118 122 134 135 135 135 136 136 137 137 138 138 140 141
Contents v Changing User Delivery Method Preference Using Dictionaries with Policy Overview Default Dictionaries Editing Default Dictionaries User-Defined Dictionaries Adding a User-Defined Dictionary Editing a User-Defined Dictionary Deleting a Dictionary Exporting a Dictionary Searching the Dictionaries Keyservers, SMTP Archive Servers, and Mail Policy Overview Keyservers Adding or Editing a Keyserver Deleting a Keyserver SMTP Servers Adding or Editing an Archive Server Deleting an Archive Server Managing Keys in the Key Cache Overview Changing Cached Key Timeout Purging Keys from the Cache Trusting Cached Keys Viewing Cached Keys Searching the Key Cache Configuring Mail Proxies Overview PGP Universal Server and Mail Proxies Mail Proxies in an Internal Placement Mail Proxies in a Gateway Placement Changes in Proxy Settings from PGP Universal Server 2.0 to 2.5 and later Mail Proxies Page Creating New or Editing Existing Proxies Creating or Editing a POP/IMAP Proxy Creating or Editing an Outbound SMTP Proxy Creating or Editing an Inbound SMTP Proxy Creating or Editing a Unified SMTP Proxy 141 143 143 144 145 146 146 147 147 148 148 151 151 151 152 154 154 154 155 157 157 157 157 158 158 159 161 161 161 162 163 164 165 165 165 167 169 170 Email in the Mail Queue 175 Overview Deleting Messages from the Mail Queue 175 175
vi Contents Specifying Mail Routes Overview Managing Mail Routes Adding a Mail Route Editing a Mail Route Deleting a Mail Route Customizing System Message Templates Overview Templates and Message Size PDF Messenger Templates Templates for New PGP Universal Web Messenger Users Editing a Message Template Managing Groups Understanding Groups Sorting Consumers into Groups Everyone Group Excluded Group Policy Group Order Migrate Groups from PGP Universal Server 2.12 SP4 Setting Policy Group Order Creating a New Group Deleting a Group Viewing Group Members Manually Adding Group Members Manually Removing Members from a Group Group Permissions Adding Group Permissions Deleting Group Permissions Setting Group Membership Searching Groups Creating Group Client Installations How Group Policy is Assigned to PGP Desktop Installers When to Bind a Client Installation Creating PGP Desktop Installers Managing Devices Managed Devices Adding and Deleting Managed Devices Adding Managed Devices to Groups Managed Device Information Deleting Devices from PGP Universal Server Deleting Managed Devices from Groups WDE Devices (Computers and Disks) WDE Computers WDE Disks 177 177 178 178 178 179 181 181 181 182 183 183 185 185 185 186 186 186 187 187 187 188 188 188 189 190 190 190 191 192 193 193 194 195 199 199 200 200 202 205 206 207 207 208
Contents vii Searching for Devices 210 Administering Consumer Policy 213 Understanding Consumer Policy 213 Managing Consumer Policies 213 Adding a Consumer Policy 213 Editing a Consumer Policy 214 Deleting a Consumer Policy 215 Making Sure Users Create Strong Passphrases 215 Understanding Entropy 216 Using the Windows Preinstallation Environment 216 X.509 Certificate Management in Lotus Notes Environments 216 Trusting Certificates Created by PGP Universal Server 217 Setting the Lotus Notes Key Settings in PGP Universal Server 219 Technical Deployment Information 219 Offline Policy 220 Using a Policy ADK 221 Out of Mail Stream Support 221 Enrolling Users through Silent Enrollment 223 Silent Enrollment with Windows 223 Silent Enrollment with Mac OS X 223 PGP Whole Disk Encryption Administration 224 PGP Whole Disk Encryption on Mac OS X with FileVault 224 How Does Single Sign-On Work? 224 Enabling Single Sign-On 225 Managing Clients Remotely Using a PGP WDE Administrator Active Directory Group 226 Managing Clients Locally Using the PGP WDE Administrator Key 227 Setting Policy for Clients Client and PGP Universal Server Version Compatibility Serving PGP Admin 8 Preferences Establishing PGP Desktop Settings for Your PGP Desktop Clients PGP Desktop Feature License Settings Enabling PGP Desktop Client Features in Consumer Policies Controlling PGP Desktop Components PGP Portable PGP Mobile PGP NetShare How the PGP NetShare Policy Settings Work Together Multi-user environments and managing PGP NetShare Backing Up PGP NetShare-Protected Files 229 229 230 231 231 232 233 234 234 235 235 235 236 Using Directory Synchronization to Manage Consumers 237 How PGP Universal Server Uses Directory Synchronization Base DN and Bind DN Consumer Matching Rules Understanding User Enrollment Methods Before Creating a Client Installer Email Enrollment 237 238 239 239 240 241
viii Contents Directory Enrollment Certificate Enrollment Enabling Directory Synchronization Adding or Editing an LDAP Directory The LDAP Servers Tab The Base Distinguished Name Tab The Consumer Matching Rules Tab Testing the LDAP Connection Using Sample Records to Configure LDAP Settings Deleting an LDAP Directory Setting LDAP Directory Order Directory Synchronization Settings Managing User Accounts Understanding User Account Types Viewing User Accounts User Management Tasks Setting User Authentication Editing User Attributes Adding Users to Groups Editing User Permissions Deleting Users Searching for Users Viewing User Log Entries Changing Display Names and Usernames Exporting a User s X.509 Certificate Revoking a User's X.509 Certificate Managing User Keys Managing Internal User Accounts Importing Internal User Keys Manually Creating New Internal User Accounts Exporting PGP Whole Disk Encryption Login Failure Data Internal User Settings Managing External User Accounts Importing External Users Exporting Delivery Receipts External User Settings Offering X.509 Certificates to External Users Managing Verified Directory User Accounts Importing Verified Directory Users PGP Verified Directory User Settings Recovering Encrypted Data in an Enterprise Environment Using Key Reconstruction Recovering Encryption Key Material without Key Reconstruction Encryption Key Recovery of CKM Keys Encryption Key Recovery of GKM Keys Encryption Key Recovery of SCKM Keys Encryption Key Recovery of SKM Keys Using an Additional Decryption Key for Data Recovery 243 244 246 246 247 248 248 249 249 249 250 250 253 253 253 253 253 254 254 254 255 255 256 256 257 257 258 258 259 259 260 260 264 264 265 266 267 268 269 269 271 271 272 272 272 272 273 274
Contents ix PGP Universal Satellite 275 Overview Technical Information Distributing the PGP Universal Satellite Software Configuration Key Mode PGP Universal Satellite Configurations Switching Key Modes Policy and Key or Certificate Retrieval Retrieving Lost Policies Retrieving Lost Keys or Certificates PGP Universal Satellite for Mac OS X Overview System Requirements Obtaining the Installer Installation Updates Files PGP Universal Satellite for Windows Overview System Requirements Obtaining the Installer Installation Updates Files MAPI Support External MAPI Configuration Lotus Notes Support External Lotus Notes Configuration Configuring PGP Universal Web Messenger Overview PGP Universal Web Messenger and Clustering External Authentication Customizing PGP Universal Web Messenger Adding a New Template Troubleshooting Customization Changing the Active Template Deleting a Template Editing a Template Downloading Template Files Restoring to Factory Defaults Configuring the PGP Universal Web Messenger Service Starting and Stopping PGP Universal Web Messenger Selecting the PGP Universal Web Messenger Network Interface 275 275 276 276 276 277 280 280 280 281 283 283 283 283 284 284 284 287 287 287 287 288 288 289 289 289 290 291 293 293 294 294 296 296 300 302 302 302 303 303 303 304 304
x Contents Setting Up External Authentication Creating Settings for PGP Universal Web Messenger User Accounts Setting Message Replication in a Cluster Configuring the Integrated Keyserver Overview Starting and Stopping the Keyserver Service Configuring the Keyserver Service Configuring the PGP Verified Directory Overview Starting and Stopping the PGP Verified Directory Configuring the PGP Verified Directory Managing the Certificate Revocation List Service Overview Starting and Stopping the CRL Service Editing CRL Service Settings Configuring Universal Services Protocol Starting and Stopping USP Adding USP Interfaces Managing PGP Remote Disable & Destroy for Encrypted Disks Deploying PGP RDD Network and Clustering Considerations Hardware and System Requirements Licensing PGP Remote Disable & Destroy with Intel Anti-Theft Technology Setting PGP RDD in Consumer Policies Setting Up the PGP RDD Service Managing PGP RDD Policy Starting and Stopping the PGP RDD Service PGP RDD Administrator Tasks Viewing Anti-Theft Information Managing Intel Anti-Theft Status AT Activated Decommissioned AT Deactivated Stolen Changing a Computer's Status Recovering Locked Systems Reporting and Logging System Graphs Overview 305 306 307 309 309 309 309 311 311 312 312 315 315 315 316 317 317 317 319 319 320 320 321 322 323 323 325 325 326 327 327 328 328 329 329 329 331 333 333
Contents xi CPU Usage Message Activity Whole Disk Encryption System Logs Overview Filtering the Log View Searching the Log Files Exporting a Log File Enabling External Logging Configuring SNMP Monitoring Overview Starting and Stopping SNMP Monitoring Configuring the SNMP Service Downloading the Custom MIB File Viewing Server and License Settings and Shutting Down Services Overview Server Information Setting the Time Licensing a PGP Universal Server Downloading the Release Notes Shutting Down and Restarting the PGP Universal Server Software Services Shutting Down and Restarting the PGP Universal Server Hardware Managing Administrator Accounts Overview Administrator Roles Administrator Authentication Creating a New Administrator Importing SSH v2 Keys Deleting Administrators Inspecting and Changing the Settings of an Administrator Configuring RSA SecurID Authentication Resetting SecurID PINs Daily Status Email 333 333 334 337 337 338 338 339 339 341 341 342 342 343 345 345 345 345 346 346 347 347 349 349 349 351 351 352 352 353 354 355 356 Protecting PGP Universal Server with Ignition Keys 357 Overview Ignition Keys and Clustering Preparing Hardware Tokens to be Ignition Keys Configuring a Hardware Token Ignition Key Configuring a Soft-Ignition Passphrase Ignition Key Deleting Ignition Keys 357 358 358 360 360 361
xii Contents Backing Up and Restoring System and User Data Overview Creating Backups Scheduling Backups Performing On-Demand Backups Configuring the Backup Location Restoring From a Backup Restoring On-Demand Restoring Configuration Restoring from a Different Version Updating PGP Universal Server Software Overview Inspecting Update Packages Setting Network Interfaces Understanding the Network Settings Changing Interface Settings Adding Interface Settings Deleting Interface Settings Editing Global Network Settings Assigning a Certificate Working with Certificates Importing an Existing Certificate Generating a Certificate Signing Request (CSR) Adding a Pending Certificate Inspecting a Certificate Exporting a Certificate Deleting a Certificate Clustering your PGP Universal Servers Overview Cluster Status Creating a Cluster Deleting Cluster Members Clustering and PGP Universal Web Messenger Managing Settings for Cluster Members Changing Network Settings in Clusters About Clustering Diagnostics Monitoring Data Replication in a Cluster Index 363 363 363 364 364 364 365 366 366 367 369 369 370 371 371 372 372 372 373 373 373 374 374 375 376 376 376 377 377 378 379 381 382 382 383 383 384 387
1 Introduction This Administrator s Guide describes both the PGP Universal Server and Client software. It tells you how to get them up and running on your network, how to configure them, and how to maintain them. This section provides a high-level overview of PGP Universal Server. What is PGP Universal Server? PGP Universal Server is a console that manages the applications that provide email, disk, and network file encryption. PGP Universal Server with PGP Universal Gateway Email provides secure messaging by transparently protecting your enterprise messages with little or no user interaction. The PGP Universal Server replaces PGP Keyserver with a built-in keyserver, and PGP Admin with PGP Desktop configuration and deployment capabilities. PGP Universal Server also does the following: Automatically creates and maintains a Self-Managing Security Architecture (SMSA) by monitoring authenticated users and their email traffic. Allows you to send protected messages to addresses that are not part of the SMSA. Automatically encrypts, decrypts, signs, and verifies messages. Provides strong security through policies you control. PGP Universal Satellite, a client-side feature of PGP Universal Server, does the following: Extends security for email messages to the computer of the email user. Allows external users to become part of the SMSA. If allowed by an administrator, gives end users the option to create and manage their keys on their computers. PGP Desktop, a client product, is created and managed through PGP Universal Server policy and does the following: Creates PGP keypairs. Manages user keypairs. Stores the public keys of others. Encrypts user email and instant messaging (IM). Encrypts entire, or partial, hard drives. Enables secure file sharing with others over a network.
14 Introduction PGP Universal Server Product Family PGP Universal Server Product Family PGP Universal Server functions as a management console for a variety of encryption solutions. You can purchase any of the PGP Desktop applications or bundles and use PGP Universal Server to create and manage client installations. You can also purchase a license that enables PGP Universal Gateway Email to encrypt email in the mailstream. The PGP Universal Server can manage any combination of the following PGP encryption applications: PGP Universal Gateway Email provides automatic email encryption in the gateway, based on centralized mail policy. This product requires administration by the PGP Universal Server. PGP Desktop Email provides encryption at the desktop for mail, files, and AOL Instant Messenger traffic. This product can be managed by the PGP Universal Server. PGP Whole Disk Encryption provides encryption at the desktop for an entire disk. This product can be managed by the PGP Universal Server. PGP NetShare provides transparent file encryption and sharing among desktops. This product can be managed by the PGP Universal Server. Who Should Read This Guide This Administrator s Guide is for the person or persons who implement and maintain your organization s PGP Universal Server environment. These are the PGP Universal Server administrators. This guide is also intended for anyone else who wants to learn about how PGP Universal Server works. Common Criteria Environments To be Common Criteria compliant, see the best practices in PGP Universal Server 2.9 Common Criteria Supplemental. These best practices supersede recommendations made elsewhere in this and other documentation. Improvements in this Version of PGP Universal Server PGP Universal Server 3.2 introduces the following new and improved features:
Introduction Using the PGP Universal Server with the Command Line 15 X.509 certificates are available to your external users through the PGP Universal Web Messenger interface. External users download the certificates, add them to their mail clients, and use them to communicate securely with users in your managed domain. The PGP Universal Server user interface and all end user documentation have been rebranded to include the Symantec logo and colors. The product name remains the same. We improved performance and page load times for many parts of the interface. You can now allow your external users to securely reply to PDF Messenger messages. You can now monitor the how well data is being replicated throughout your cluster members. After you migrate to PGP Universal Server 3.2.0, you can verify whether your backup/restore or PUP update was successful. You can now require users to authenticate at the PGP BootGuard screen with their user name, domain, and passphrase. Symantec Patch Distribution Center now provides all software updates, which replaces PGP update servers. Automatic updates through the PGP update servers are no longer available. PGP Universal Server is now integrated with Symantec Protection Center, which offers a single point of administration and helps you manage PGP Universal Server and other security products. PGP Universal Server now supports group keys, which allows you to protect shared files and folders in PGP NetShare. Group keys allow you to easily add or remove group members without affecting the PGP NetShare metadata associated with the protected files and folders. You can now allow users, who use certificates or smart cards to log in to Microsoft Windows, to enroll in PGP Desktop using those certificates. Using the PGP Universal Server with the Command Line You can use the PGP Universal Server command line for read-only access to, for example, view settings, services, logs, processes, disk space, query the database, and so on. Note: If you modify your configuration using the command line, and you do not follow these procedures, your Technical Support agreement is void. Changes to the PGP Universal Server using command line must be: Authorized in writing by Technical Support. Implemented by a partner, reseller, or employee who is certified in the PGP Advanced Administration and Deployment Training. Summarized and documented in a text file in /var/lib/ovid/customization on the PGP Universal Server.
16 Introduction Symbols Changes made through the command line may not persist through reboots and may become incompatible in a future release. When troubleshooting new issues, Technical Support can require you to revert custom configurations on the PGP Universal Server to a default state. Symbols Notes, Cautions, and Warnings are used in the following ways. Note: Notes are extra, but important, information. A Note calls your attention to important aspects of the product. You can use the product better if you read the Notes. Caution: Cautions indicate the possibility of loss of data or a minor security breach. A Caution tells you about a situation where problems can occur unless precautions are taken. Pay attention to Cautions. Warning: Warnings indicate the possibility of significant data loss or a major security breach. A Warning means serious problems will occur unless you take the appropriate action. Please take Warnings very seriously. Getting Assistance For additional resources, see these sections. Getting product information The following documents and online help are companions to the PGP Universal Server Administrator s Guide. This guide occasionally refers to information that can be found in one or more of these sources: Online help is installed and is available in the PGP Universal Server product. PGP Universal Server Installation Guide Describes how to install the PGP Universal Server. PGP Universal Server Upgrade Guide Describes the process of upgrading your PGP Universal Server. PGP Universal Mail Policy Diagram Provides a graphical representation of how email is processed through mail policy. You can access this document via the PGP Universal Server online help. Tutorials Provides animated introductions on how to manage the mail policy feature in PGP Universal Server 2.5 and later, and how upgraded PGP Universal Server settings migrate into the new mail policy feature. You can also access all the documentation and tutorials by clicking the online help icon in the upper-right corner of the PGP Universal Server screen. PGP Universal Satellite for Windows and Mac OS X includes online help. PGP Universal Server and PGP Satellite release notes are also provided, which may have last-minute information not found in the product documentation.
Introduction Getting Assistance 17 Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec s support offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-theminute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services For information about Symantec s support offerings, you can visit our Web site at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. Contacting Technical Support Customers with a current support agreement may access Technical Support information at the following URL: www.symantec.com/business/support/ Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Product release level Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description:
18 Introduction Getting Assistance Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/business/support/ Customer service Customer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues: Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs or manuals Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan Europe, Middle-East, Africa North America, Latin America customercare_apac@symantec.com semea@symantec.com supportsolutions@symantec.com