Sophos SafeGuard Disk Encryption for Mac and the Casper Suite



Similar documents
Administering FileVault 2 on OS X Lion with the Casper Suite. Technical Paper July 2012

Administering Parallels Desktop 7 for Mac with the Casper Suite. Technical Paper November 2012

Administering Adobe Creative Cloud for Enterprise with the Casper Suite v9.0 or Later. Technical Paper October 2013

Administering FileVault 2 on OS X Mavericks with the Casper Suite v9.2 or Later. Technical Paper October 2013

QuickStart Guide for Client Management. Version 8.7

QuickStart Guide for Managing Computers. Version 9.2

NetBoot/SUS Appliance User Guide. Version 1.0

QuickStart Guide for Mobile Device Management

Simplifying Device Enrollment and Content Distribution Using the Device Enrollment Program, the Volume Purchase Program, and the Casper Suite

QuickStart Guide for Mobile Device Management. Version 8.6

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.2

JAMF Software Server Installation and Configuration Guide for Windows. Version 9.3

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

QuickStart Guide for Managing Mobile Devices. Version 9.2

Generating and Renewing an APNs Certificate. Technical Paper May 2012

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.0

Sophos Anti-Virus for Mac OS X network startup guide

JAMF Software Server Installation Guide for Windows. Version 8.6

How To Package In Composer (Amd64)

NetBoot/SUS Server User Guide. Version 2.0

Casper Suite Administrator s Guide. Version 9.0

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.0

JAMF Software Server Installation Guide for Linux. Version 8.6

Sophos SafeGuard Native Device Encryption for Mac Administrator help. Product version: 7

Sophos Anti-Virus for Mac OS X network startup guide. For networked Macs running Mac OS X

Casper Suite Release Notes. Version 9.1

SCCM Plug-in User Guide. Version 3.41

Casper Suite Administrator s Guide. Version 9.2

The safer, easier way to help you pass any IT exams. Exam : 9L OS X Server Essentials 10.8 Exam. Title : Version : Demo 1 / 6

SCCM Plug-in User Guide. Version 2.21

Sophos SafeGuard Native Device Encryption for Mac quick startup guide. Product version: 7

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

HDA Integration Guide. Help Desk Authority 9.0

Remote Administration

Sophos SafeGuard Disk Encryption for Mac Startup guide

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

User's Manual. Intego Remote Management Console User's Manual Page 1

HDAccess Administrators User Manual. Help Desk Authority 9.0

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Sophos Endpoint Security and Control standalone startup guide

Using the IPMI interface

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

Using Firefly Media Server with Roku SoundBridge. For Mac OS X and 10.4.x

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012

AVG Business SSO Partner Getting Started Guide

About DropSend. Sending Files with DropSend

Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4

Apple Security Checklist Companion A practical guide for automating security standards in the Apple Enterprise with the Casper Suite

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

owncloud Configuration and Usage Guide

How to install and use the File Sharing Outlook Plugin

Sentral servers provide a wide range of services to school networks.

Quadro Configuration Console User's Guide. Table of Contents. Table of Contents

IIS, FTP Server and Windows

VMware vcenter Operations Manager for Horizon Supplement

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

FileMaker Server 14. FileMaker Server Help

NTP Software QFS for NAS, NetApp Edition Installation Guide

Sophos Cloud Migration Tool Help. Product version: 1.0

NETWRIX EVENT LOG MANAGER

MacScan. MacScan User Guide. Detect, Isolate and Remove Spyware

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

WinTask x64 Scheduler for Windows 7 64 bit, Windows 8/ bit and Windows 2008 R2 64 bit. Scheduler Quick Start Guide

Installing and Configuring vcloud Connector

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

PaperClip. em4 Cloud Client. Setup Guide

New Boundary Technologies, Inc Godward Street N.E. Suite 3100 Minneapolis, MN 55413

NETWRIX EVENT LOG MANAGER

Xserve Apple Xserve Diagnostics User Guide. For Version 3X104

Upgrading Redwood Engine Software. Version 2.0.x to 3.1.0

Snow Inventory. Installing and Evaluating

Xythos on Demand Quick Start Guide For Xythos Drive

AppleShare Client User s Manual

ADOBE DRIVE CC USER GUIDE

FileMaker Server 8. Administrator s Guide

VMware Identity Manager Administration

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

StarWind iscsi SAN Software: Using StarWind with VMware ESX Server

Your First App Store Submission

How to generate an APNs Certificate to use the Apple MDM protocol via the portal

Installing and Configuring vcenter Support Assistant

Trend Micro KASEYA INTEGRATION GUIDE

DeployStudio Server Quick Install

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Apple Server Diagnostics User Guide. For Version 3X106

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

ACTIVE DIRECTORY DEPLOYMENT

Dell KACE Integration Guide

Trend ScanMail. for Microsoft Exchange. Quick Start Guide

FileMaker Server 15. Getting Started Guide

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

PaperClip. em4 Cloud Client. Manual Setup Guide

Livezilla How to Install on Shared Hosting By: Jon Manning

Active Directory Self-Service FAQ

Specops Command. Installation Guide

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

Transcription:

Sophos SafeGuard Disk Encryption for Mac and the Casper Suite Deploying, Activating, and Reporting on Sophos SafeGuard Disk Encryption for Mac with the Casper Suite Technical Paper March 2011

JAMF Software, LLC 2011 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF Software 1011 Washington Ave. South Suite 350 Minneapolis, MN 55415 (612) 605-6625 Casper Admin, Casper Remote, the Casper Suite, JAMF Software, the JAMF Software logo, the JAMF Software Server (JSS), and the JSS Setup Utility are trademarks of JAMF Software, LLC, registered in the U.S. and other countries. Sophos and SafeGuard are registered trademarks of Sophos PLC, Sophos Group and Utimaco Safeware AG, as applicable. All other product and service names mentioned are the trademarks of their respective companies.

Contents Page 4 Introduction Target Audience What's in This Guide Important Concepts Additional Resources Page 5 Overview Page 6 Requirements Page 7 Deploying SafeGuard Uploading the SafeGuard Installer Deploying the SafeGuard Installer Page 11 Activating SafeGuard Customizing the SafeGuard Activation Script Running the SafeGuard Activation Script Page 13 Reporting on SafeGuard Creating Extension Attributes Updating Inventory Viewing Disk Encryption Status Information Creating a Smart Computer Group 3

Introduction Target Audience This guide is designed for Casper Suite administrators who plan to use Sophos SafeGuard Disk Encryption for Mac. What's in This Guide This guide provides step-by-step instructions for deploying, activating, and reporting on SafeGuard with the Casper Suite. Be sure to review the information in the Requirements section before you begin. Important Concepts Before using this guide, make sure you are familiar with the following Casper Suite-related concepts: Package and script management Deployment Extension attributes Advanced computer searches Smart computer groups Additional Resources For more information on applications, concepts, and processes related to the Casper Suite, see the Casper Suite Administrator s Guide, available for download at: http://jamfsoftware.com/resources/documentation For more information on Sophos SafeGuard Disk Encryption for Mac, go to: http://www.sophos.com/products/enterprise/encryption/disk-encryption-for-mac 4

Overview The Casper Suite is the complete solution for Mac administrators who rely on Sophos SafeGuard Disk Encryption for Mac to protect the data in their environments. In addition to deploying and updating SafeGuard, the Casper Suite offers script-based activation and disk encryption reporting to ensure that each disk is fully encrypted and compliant with security standards. 5

Requirements To administer SafeGuard using the instructions in this guide, you need : The Casper Suite v8.1 or later running in your environment Sophos SafeGuard installer media, v05.50.00 or later Access to the JAMF Software Server (JSS) Casper Admin Casper Remote Casper Suite Resource Kit, available for download at: http://www.jamfsoftware.com/downloads/resourcekit.dmg 6

Deploying SafeGuard Deploying SafeGuard involves two simple steps: 1. Uploading the SafeGuard Installer to the JSS. 2. Deploying the installer. Uploading the SafeGuard Installer First, upload the SafeGuard Installer to the JSS using the Casper Admin application. To upload the SafeGuard Installer: 1. Mount the SafeGuard Installer disk image. 2. Open Casper Admin. 3. Log in using credentials for a JSS administrator account. 4. Drag the SafeGuard Installer into Casper Admin. 5. Double-click the installer package in the list of items, and then click the Info tab. 6. Enter a new display name for the package if desired. 7. Use the Category pop-up menu to assign the package to a category. 8. Click the Options tab. 9. Assign the package a priority by choosing from the Priority pop-up menu. The recommended priority for installers is "10". For more information on priorities, see the Changing Package Attributes section in the Casper Suite Administrator s Guide. 7

10. Select the Requires Reboot option. 11. If you plan to deploy the package during imaging, select the This package must be installed to the boot volume at imaging time checkbox. 12. Click the OK button. 13. Type Command + S to save your changes, and then quit the application. Deploying the SafeGuard Installer There are several ways to deploy the SafeGuard Installer: Using a policy Using Casper Remote During imaging Using the Self Service application Deploying the SafeGuard Installer using a policy, Casper Remote, or during imaging automatically updates inventory in the JSS when the software is installed. For instructions on making the SafeGuard Installer available through Self Service, see the Making Policies Available Through Self Service section in the Casper Suite Administrator s Guide. To deploy SafeGuard using a policy: 1. Log in to the JSS with a web browser. 8

2. Click the Management tab. 3. Click the Policies link. 4. Click the Create Policy button in the toolbar. 5. Verify that the Install or uninstall a package option is selected and click Continue. 6. Follow the onscreen instructions to configure the rest of the policy. 7. On the Conclusion pane, click the Edit Manually button. 8. Click the Reboot tab. 9. In the If Nobody is Logged In pane, select the Reboot immediately option. 10. In the If Anybody is Logged In pane, select the Reboot option. 11. Choose "Currently Selected Startup Disk (No Bless)" from the Reboot To pop-up menu. 12. Click Save. The installer is deployed to computers in the scope the next time they check in with the JSS. To deploy SafeGuard using Casper Remote: 1. Open Casper Remote. 2. Log in using credentials for a JSS administrator account. 3. On the Computers tab, locate the computers you want to deploy the package to and select the checkbox next to each one. 4. Click the Packages tab. 9

5. In the Packages list, locate the SafeGuard Installer and select the checkbox next to it. 6. Click the Reboot tab. 7. In the If nobody is logged In pane, select the Reboot immediately option. 8. In the If anybody is logged In pane, select the Reboot option. 9. Choose "Currently Selected Startup Disk (No Bless)" from the Reboot To pop-up menu. 10. Click Go to initiate the deployment. To deploy SafeGuard during imaging: Note: To deploy a package during imaging, you must have the This package must be installed to the boot volume at imaging time option selected for the package in Casper Admin. For more information on selecting this option, see the instructions in "Uploading the SafeGuard Installer" section in this document. 1. Open Casper Admin. 2. Log in using credentials for a JSS administrator account. 3. Drag the SafeGuard Installer from the list of packages to the configuration you plan to use for imaging in the sidebar. 4. Type Command + S to save your changes, and then quit the application. The installer is deployed the next time the configuration is used to image computers. Casper Imaging automatically detects that the package requires a reboot and reboots the computers after SafeGuard is installed. 10

Activating SafeGuard There is a script in the Casper Suite Resource Kit that allows you to configure settings for and activate SafeGuard on remote computers. This section explains how to activate SafeGuard using the following steps: 1. Customize the SafeGuard activation script. 2. Upload the script to the JSS. 3. Run the script using a policy. Customizing the SafeGuard Activation Script There are several parameters that you can customize in the SafeGuard activation script. Customizing these parameters allows you to: Create a SafeGuard administrator account used strictly for managing SafeGuard disk encryption settings. Specify credentials for a local administrator account. Specify the drive you want to encrypt. To customize the SafeGuard activation script: 1. Open the Casper Suite Resource Kit. If you do not have the Resource Kit, you can download it from: http://www.jamfsoftware.com/downloads/resourcekit.dmg 2. Go to Remote Management > Disk Encryption > Sophos. 3. Open the activatesophossafeguard.sh script with a text editor. 4. Specify the following parameters: sgusername - User name for the SafeGuard administrator account sgpassword - Password for the SafeGuard administrator account localadmin - User name for a local administrator account or an existing SafeGuard account localpassword - Password for a local administrator account or an existing SafeGuard account 11

drivetoencrypt - UUID or index of the partition you want to encrypt To encrypt the system drive, type system as the parameter. To encrypt all partitions, type all as the parameter. 5. Save your changes, and then quit the application. Running the SafeGuard Activation Script Upload the SafeGuard activation script to the JSS and then create a policy to run it. To upload the SafeGuard activation script: 1. Open Casper Admin. 2. Log in using credentials for a JSS administrator account. 3. Drag the SafeGuard activation script into Casper Admin. 4. Double-click the script in the list of items, and then click the Info tab. 5. Use the Category pop-up menu to assign the script to a category. 6. Click OK. 7. Type Command+S to save your changes, and then quit the application. To run the SafeGuard activation script using a policy: 1. Log in to the JSS with a web browser. 2. Click the Management tab. 3. Click the Policies link. 4. Click the Create Policy button. 5. Select the Run a script option and click Continue. 6. Follow the onscreen instructions to configure the rest of the policy. The script runs on computers in the scope the next time they check in with the JSS. 12

Reporting on SafeGuard After deploying SafeGuard, you can generate reports to track the following information: Computers that have SafeGuard installed Computers that have SafeGuard activated Disk encryption progress This section explains how to report on SafeGuard using the following steps: 1. Create extension attributes to collect disk encryption status information. 2. Update inventory in the JSS. 3. View disk encryption status information. 4. Create a smart computer group to track disk encryption status. Creating Extension Attributes First, create extensions attributes to collect disk encryption status information from computers that have SafeGuard installed. There are two extension attribute templates for disk encryption status built right into the JSS, allowing you to create extension attributes quickly and easily: SafeGuard Encryption Status - Reports on whether or not a disk is encrypted SafeGuard Encryption Percentage - Reports on what percentage of a disk is encrypted To create extension attributes for SafeGuard: 1. Log in to the JSS with a web browser. 2. Click the Settings tab. 3. Click the Inventory Options link. 4. Click the Inventory Collection Preferences link. 5. Click the Extension Attributes tab. 6. Click the Add Extension Attribute From Template link. 13

7. Click the disclosure triangle next to the Disk Encryption template and click the Add link across from one of the following templates: SafeGuard - Encryption Status SafeGuard - Encryption Percentage 8. Enter the credentials for a SafeGuard administrator account, and then click OK. 9. Click the Save button. Updating Inventory The JSS must have up-to-date inventory information to generate accurate reports. Computers automatically update inventory according to the inventory frequency you configured when you set up the JSS. You can also use Casper Remote to update inventory on the fly. To update inventory using Casper Remote: 1. Open Casper Remote. 2. Log in using credentials for a JSS administrator account. 3. On the Computers tab, select the checkbox next to the computers that have SafeGuard installed. 4. Click the Advanced tab. 5. Select the checkbox labeled Update Inventory. 6. Click Go to initiate the inventory update. 7. When the update is complete, quit the application. Viewing Disk Encryption Status Information To view disk encryption status information for multiple computers, perform an advanced computer search for computers that have SafeGuard installed. You can save this search so that you can perform it again in the future. Note: To view disk encryption status information for a single computer, perform a simple computer search. Then, click the Details link across from the computer in the search results to view the information. To view disk encryption status information: 1. Log in to the JSS with a web browser. 2. Click the Inventory tab. 14

3. Click the Advanced Search link. 4. Enter a name for the report, such as SafeGuard Disk Encryption Status. 5. Select the Save this Report checkbox. 6. Click the Display Fields tab. 7. Select the checkbox next to the SafeGuard extension attribute(s) that you created. 8. Click Search to view the search results. Creating a Smart Computer Group Smart computer groups allow you to automatically track and group clients as they move from one stage of the disk encryption process to the next. For example, if you create a smart computer group for computers that have SafeGuard installed and a smart computer group for computers that have SafeGuard activated, the computers that have SafeGuard installed automatically move to the activated group when SafeGuard is activated. You can also choose to alert administrators by email whenever the membership of a smart computer group changes. Note: To generate email notifications, you must first configure an SMTP server in the JSS and make sure that the JSS user you want to receive the notifications has email notification privileges configured on their account. For more information on enabling email notifications, see the Enabling Email Notifications section in the Casper Suite Administrator s Guide. To create a smart computer group: 1. Log in to the JSS with a web browser. 2. Click the Management tab. 3. Click the Smart Computer Groups link. 4. Click the Create Smart Group button in the toolbar. 5. Enter a name for the smart computer group in the Computer Group Name field. 6. In the list of categories, click the Add (+) button next to Extension Attributes Information. 7. Click the link for the SafeGuard extension attribute that you want to base the group on. 8. Use the Search Type pop-up menu and the Criteria text field to set values for the criteria, such as "has" and SafeGuard Installed. 9. To send an email notification when membership changes occur, select the Send Email Notification on Change checkbox. 10. Click Save. 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information