http://docs.trendmicro.com/en-us/enterprise/cloud-app-encryption-foroffice-365.aspx

Similar documents

Trend Micro Encryption Gateway 5

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Copyright 2012 Trend Micro Incorporated. All rights reserved.



Copyright 2013 Trend Micro Incorporated. All rights reserved.




Core Protection for Virtual Machines 1

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.


Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.




Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.





Server Installation Guide ZENworks Patch Management 6.4 SP2



Resonate Central Dispatch


Hosted Security 2.0 Quick Start Guide

Setting up Microsoft Office 365

F-Secure Messaging Security Gateway. Deployment Guide

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Introduction to the EIS Guide

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index

Oracle Cloud E

Setting up Microsoft Office 365

Basic Exchange Setup Guide

Trend Micro Worry-Free Remote Manager Agent Installation Guide

Table of Contents. Preface. Chapter 1: Getting Started with Endpoint Application Control. Chapter 2: Updating Components

How To Integrate Hosted Security With Office 365 And Microsoft Mail Flow Security With Microsoft Security (Hes)


PrintRover Cloud. Administrator Manual

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

Managing Qualys Scanners


Kaspersky Security Center Web-Console

Kaspersky Security Center Web-Console

for Small and Medium Business Quick Start Guide

Worry-FreeTM. Business Security Standard and Advanced Editions. Installation and Upgrade Guide. Administrator s Guide

Cisco Collaboration with Microsoft Interoperability

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

Oracle Cloud. Creating a Business Intelligence Cloud Extract E

Hosted Security Quick Start Guide

EMC Data Domain Management Center

Nasuni Management Console Guide

USER CONFERENCE 2011 SAN FRANCISCO APRIL Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB

DameWare Server. Administrator Guide

IM Security for Microsoft Office Communications Server 1 Instant Protection for Instant Messaging

KeyAdvantage System DMS Integration. Software User Manual

Basic Exchange Setup Guide

Installing and Configuring vcenter Multi-Hypervisor Manager

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

Using Exclaimer Signature Manager with Office 365

Setup Guide Revision B. McAfee SaaS Archiving for Microsoft Exchange Server 2010

How To Install A Safesync On A Server

NovaBACKUP Remote Workforce Version 12.5 Cloud Restore

TestDirector Version Control Add-in Installation Guide

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

SOA Software API Gateway Appliance 7.1.x Administration Guide

HP ARCHIVING SOFTWARE FOR EXCHANGE

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide

Parallels Plesk Control Panel

Parallels Panel. Parallels Small Business Panel 10.2: User's Guide. Revision 1.0

Spambrella SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Introduction to Mobile Access Gateway Installation

Deploying F5 to Replace Microsoft TMG or ISA Server

SafeNet Authentication Service

Cisco UCS Director Payment Gateway Integration Guide, Release 4.1

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Integration Service Database. Installation Guide - Oracle. On-Premises

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Exchange Server Hybrid Deployment for Exchange Online Dedicated

HOW TO CONFIGURE SQL SERVER REPORTING SERVICES IN ORDER TO DEPLOY REPORTING SERVICES REPORTS FOR DYNAMICS GP

Deploying the BIG-IP LTM system and Microsoft Windows Server 2003 Terminal Services

TIBCO ActiveMatrix BPM Integration with Content Management Systems Software Release September 2013

Policy Based Encryption E. Administrator Guide

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Policy Based Encryption E. Administrator Guide

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Cloud. Hosted Exchange Administration Manual

Installing and Configuring vcloud Connector

LifeSize Control Installation Guide

Enterprise Vault Installing and Configuring

How To Back Up Your Pplsk Data On A Pc Or Mac Or Mac With A Backup Utility (For A Premium) On A Computer Or Mac (For Free) On Your Pc Or Ipad Or Mac On A Mac Or Pc Or

Transcription:

Trend Micro Incorporated reserves the right to make changes to this document and to the cloud service described herein without notice. Before installing and using the cloud service, review the readme files, release notes, and/or the latest version of the applicable documentation, which are available from the Trend Micro website at: http://docs.trendmicro.com/en-us/enterprise/cloud-app-encryption-foroffice-365.aspx 2015 Trend Micro Incorporated. All Rights Reserved.Trend Micro, the Trend Micro t- ball logo, and Cloud App Encryption are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Document Part No.: APEM06857_150121 Release Date: February 2015 Protected by U.S. Patent No.: Patents pending.

This documentation introduces the main features of the cloud service and/or provides installation instructions for a production environment. Read through the documentation before installing or using the cloud service. Detailed information about how to use specific features within the cloud service may be available at the Trend Micro Online Help Center and/or the Trend Micro Knowledge Base. Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro document, please contact us at docs@trendmicro.com. Evaluate this documentation on the following site: http://docs.trendmicro.com/en-us/survey.aspx

Table of Contents Preface Preface... iii Documentation... iv Audience... iv Document Conventions... v About Trend Micro... vi Chapter 1: Introduction Cloud App Encryption... 1-2 Supported Encryption Key Server Topologies... 1-2 Supported Third-Party KMIP Vendors... 1-4 Chapter 2: Integration Important Note... 2-2 Public Certificate Example... 2-2 Integrating with Cloud App Encryption for Office 365... 2-4 Chapter 3: Key Maintenance Destroying Keys... 3-2 Destroying the Encryption Key... 3-2 Unreachable Keys... 3-3 Appendix A: Additional Resources Index Console and Proxy Addresses by Region... A-2 i

Trend Micro Cloud App Encryption for Office 365 Third-Party KMIP Server Integration Guide Index... IN-1 ii

Preface Preface Welcome to the Trend Micro Cloud App Encryption Third-Party KMIP Server Integration Guide. This guide explains how to integrate a Key Management Interoperability Protocol (KMIP) server from a third-party vendor with Cloud App Encryption for Office 365 in the cloud. iii

Trend Micro Cloud App Encryption for Office 365 Third-Party KMIP Server Integration Guide Documentation The documentation set for Cloud App Encryption for Office 365 includes the following: TABLE 1. Product Documentation DOCUMENT Cloud App Encryption Key Server Deployment Guide Third-Party KMIP Server Integration Guide Online Help Support Portal DESCRIPTION Explains how to deploy Cloud App Encryption Key Server in your environment on-premises and then integrate with Cloud App Security for Office 365 in the cloud. Explains how integrate a third-party Key Management Interoperability Protocol (KMIP) server with Cloud App Security for Office 365 in the cloud. Web-based documentation that is accessible from the Cloud App Encryption management console. The Online Help contains explanations of Cloud App Encryption components and features, as well as procedures needed to configure Cloud App Encryption. The Support Portal is an online database of problemsolving and troubleshooting information. It provides the latest information about known product issues. To access the Support Portal, go to the following website: http://esupport.trendmicro.com View and download Cloud App Encryption documentation from the Trend Micro Documentation Center: http://docs.trendmicro.com/en-us/enterprise/cloud-app-security-for-office-365.aspx Audience The Cloud App Encryption for Office 365 documentation is written for IT administrators and security analysts. The documentation assumes that the reader has an in-depth knowledge of networking and information security, including the following topics: iv

Preface Network topologies Email routing SMTP Encryption fundamentals The documentation does not assume the reader has any knowledge of sandbox environments or threat event correlation. Document Conventions The documentation uses the following conventions: TABLE 2. Document Conventions CONVENTION UPPER CASE Bold Italics Monospace Navigation > Path Note DESCRIPTION Acronyms, abbreviations, and names of certain commands and keys on the keyboard Menus and menu commands, command buttons, tabs, and options References to other documents Sample command lines, program code, web URLs, file names, and program output The navigation path to reach a particular screen For example, File > Save means, click File and then click Save on the interface Configuration notes Tip Recommendations or suggestions v

Trend Micro Cloud App Encryption for Office 365 Third-Party KMIP Server Integration Guide CONVENTION Important DESCRIPTION Information regarding required or default configuration settings and product limitations WARNING! Critical actions and configuration options About Trend Micro As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With over 20 years of experience, Trend Micro provides top-ranked client, server, and cloud-based solutions that stop threats faster and protect data in physical, virtual, and cloud environments. As new threats and vulnerabilities emerge, Trend Micro remains committed to helping customers secure data, ensure compliance, reduce costs, and safeguard business integrity. For more information, visit: http://www.trendmicro.com Trend Micro and the Trend Micro t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. vi

Chapter 1 Introduction 1-1

Trend Micro Cloud App Encryption for Office 365 Third-Party KMIP Server Integration Guide Cloud App Encryption Trend Micro Cloud App Encryption keeps Office 365 data private through independent email encryption. By integrating cloud-to-cloud with Microsoft Office 365, Cloud App Encryption requires no email traffic rerouting and transparently preserves user and administrative functionality. Supported Encryption Key Server Topologies Setting up the key management environment is the primary task after subscribing to the Cloud App Encryption service. Cloud App Encryption offers flexible encryption key management options. TABLE 1-1. Encryption Key Management Options OPTION Trend Micro Key Management Service Trend Micro Cloud App Encryption Key Server Third-party KMIP server DESCRIPTION Key Management Service and Cloud App Encryption seamlessly integrate in the cloud without additional configurations. Key Management Service runs separately from Cloud App Encryption in the Trend Micro Munich, Germany data center that meets highly secure compliance standards NIST 800-57 and PCI_DSS_v3. Cloud App Encryption Key Server maintains the encryption key in your network on-premises with functionality to back up and restore encryption keys, if needed. At any time your security staff can destroy the encryption key to prevent access to encrypted data in the Office 365 cloud. Third-party KMIP server support applies to organizations that already have KMIP servers in place and prefer to maintain existing key management. The network topology depends on the KMIP server architecture requirements. Refer to the third-party documentation for more information. 1-2

Introduction WARNING! Cloud App Encryption cannot change the encryption key server after integrating with a key management solution. This is by design for encryption key security. Make sure to read through the key server topologies carefully. FIGURE 1-1. Cloud: Trend Micro Key Management Service 1-3

Trend Micro Cloud App Encryption for Office 365 Third-Party KMIP Server Integration Guide FIGURE 1-2. On-Premises: Cloud App Encryption Key Server / Third-Party KMIP Server Supported Third-Party KMIP Vendors Cloud App Encryption supports the following KMIP vendors: Cryptsoft clients and servers Dell servers HP servers Project 6 Research clients 1-4

Introduction SafeNet servers Thales servers Vormetric servers Learn more about KMIP interoperability between client and server systems. Refer to the associated vendor documentation for instructions a configuring a thirdparty KMIP server. 1-5

Chapter 2 Integration 2-1

Trend Micro Cloud App Encryption for Office 365 Third-Party KMIP Server Integration Guide Important Note If the external KMIP server (Cloud App Encryption Key Server or a third-party KMIP server) goes down and cannot communicate with Cloud App Encryption for Office 365, encryption and decryption stop. Email messages remain in whatever encrypted or decrypted state they were when the server stopped communication. Supported Third-Party KMIP Vendors Cloud App Encryption supports the following KMIP vendors: Cryptsoft clients and servers Dell servers HP servers Project 6 Research clients SafeNet servers Thales servers Vormetric servers Learn more about KMIP interoperability between client and server systems. Refer to the associated vendor documentation for instructions a configuring a thirdparty KMIP server. Public Certificate Example The highlighted content in the following image represents the public certificate information required to configure encryption. 2-2

Integration FIGURE 2-1. Highlighted Content Required for Encryption 2-3

Trend Micro Cloud App Encryption for Office 365 Third-Party KMIP Server Integration Guide Integrating with Cloud App Encryption for Office 365 Refer to the associated vendor documentation for instructions on configuring a thirdparty KMIP server. Procedure 1. Log on to Cloud App Encryption for Office 365. See Console and Proxy Addresses by Region on page A-2. 2. Go to Encryption. 3. Select Maintain encryption keys in your own network. 4. Specify the server settings. OPTION FQDN or IP address Port Public server certificate Client certificate DESCRIPTION Specify the KMIP server's fully-qualified domain name or IP address. Specify the port used to connect to the KMIP server. The default port is 9023. Copy the contents of the certificate file. Make sure to only include the certificate information and not the private key. Refer to the third-party KMIP server documentation to locate the certificate file. Download the Trend Micro client certificate and install it on the KMIP server. 5. Click Generate Key. 2-4

Chapter 3 Key Maintenance 3-1

Trend Micro Cloud App Encryption for Office 365 Third-Party KMIP Server Integration Guide Destroying Keys Destroying the encryption key has a significant impact. Destroyed encryption keys can never be restored and email messages remain in their encrypted state forever. Users will be unable to decrypt and read email messages with the revoked encryption key. Destroy the encryption key if your organization plans to stop using Office 365 and wants to keep encrypted email messages in the cloud that can never be decrypted. Destroying encryption keys has the same affect as decommissioning a KMIP server. Cloud App Encryption for Office 365 may malfunction if you do not provide a new encryption key after destroying the existing key. Destroying encryption keys from a third-party server causes Cloud App Encryption for Office 365 to immediately stop encrypting or decrypting email messages. Destroying the Encryption Key Procedure 1. Log on to Cloud App Encryption for Office 365. 2. Go to Encryption. 3. Select Maintain encryption keys in your own network. 4. Click Destroy Key. WARNING! Clicking Destroy Key permanently deletes the encryption key. This cannot be undone. Encrypted email messages will remain in an encrypted state forever. 5. At the warning message, type your password and then click Destroy Key. 3-2

Key Maintenance Unreachable Keys If the external KMIP server (Cloud App Security Key Server or a third-party KMIP server) goes down and cannot communicate with Cloud App Encryption for Office 365, encryption and decryption stop. Email messages remain in whatever encrypted or decrypted state they were when the server stopped communication. 3-3

Appendix A Additional Resources A-1

Trend Micro Cloud App Encryption for Office 365 Third-Party KMIP Server Integration Guide Console and Proxy Addresses by Region The email proxy address for MAPI, EAS, and OWA connections and the administrative console depends on the AWS datacenter for the region. The following table explains the email proxy and administrative console addresses by region. TABLE A-1. Console Addresses by Region REGION DATACENTER LOCATION ADDRESS Europe Ireland admin-eu.tmcae.trendmicro.com North America Oregon admin.tmcae.trendmicro.com TABLE A-2. Email Proxy Addresses by Region REGION DATACENTER LOCATION ADDRESS Europe Ireland EAS: easeu.tmcae.trendmicro.com MAPI: mapieu.tmcae.trendmicro.com OWA: owaeu.tmcae.trendmicro.com North America Oregon EAS: eas.tmcae.trendmicro.com MAPI: mapi.tmcae.trendmicro.com OWA: owa.tmcae.trendmicro.com TABLE A-3. Autodiscover Proxy Addresses by Region REGION DATACENTER LOCATION ADDRESS Europe Ireland http://autodiscovereu.tmcae.trendmicro.com North America Oregon http:// autodiscover.tmcae.trendmicro. com A-2

Index IN-1

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information