SymcEncrMgmtServer 332 Installguide En

  • View
    219

  • Download
    0

Embed Size (px)

Text of SymcEncrMgmtServer 332 Installguide En

  • 8/10/2019 SymcEncrMgmtServer 332 Installguide En

    1/58

    Symantec Encryption ManagementServer

    Installation Guide

    3.3

  • 8/10/2019 SymcEncrMgmtServer 332 Installguide En

    2/58

  • 8/10/2019 SymcEncrMgmtServer 332 Installguide En

    3/58

    The software described in this book is furnished under a license agreement and may be used only inaccordance with the terms of the agreement.

    Version 3.3.2. Last updated: January 2014.

    Legal Notice

    Copyright (c) 2014 Symantec Corporation. All rights reserved.

    Symantec, the Symantec Logo, the Checkmark Logo, Norton Zone, PGP, Pretty Good Privacy, and the PGPlogo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and othercountries. Java is a registered trademark of Oracle and/or its affiliates. Other names may be trademarks oftheir respective owners.

    This Symantec product may contain third party software for which Symantec is required to provideattribution to the third party ("Third Party Programs"). Some of the Third Party Programs are available underopen source or free software licenses. The License Agreement accompanying the Licensed Software does notalter any rights or obligations you may have under those open source or free software licenses. For moreinformation on the Third Party Programs, please see the Third Party Notice document for this Symantecproduct that may be available at http://www.symantec.com/about/profile/policies/eulas/, the Third PartyLegal Notice Appendix that may be included with this Documentation and/or Third Party Legal NoticeReadMe File that may accompany this Symantec product.

    The product described in this document is distributed under licenses restricting its use, copying, distribution,and decompilation/reverse engineering. No part of this document may be reproduced in any form by anymeans without prior written authorization of Symantec Corporation and its licensors, if any.

    THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONSAND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR APARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCHDISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FORINCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR

    USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TOCHANGE WITHOUT NOTICE.

    The Licensed Software and Documentation are deemed to be commercial computer software as defined inFAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial ComputerSoftware - Restricted Rights" and DFARS 227.7202, et seq. Commercial Computer Software and CommercialComputer Software Documentation, as applicable, and any successor regulations. Any use, modification,reproduction release, performance, display or disclosure of the Licensed Software and Documentation by theU.S. Government shall be solely in accordance with the terms of this Agreement.

    Symantec Corporation350 Ellis StreetMountain View, CA 94043

    Symantec Home Page(http://www.symantec.com)

    http://www.symantec.com/about/profile/policies/eulas/http://www.symantec.com/http://www.symantec.com/http://www.symantec.com/about/profile/policies/eulas/
  • 8/10/2019 SymcEncrMgmtServer 332 Installguide En

    4/58

  • 8/10/2019 SymcEncrMgmtServer 332 Installguide En

    5/58

    Contents

    About the Symantec Encryption Management Server Installation Guide 1

    What is Symantec Encryption Management Server? 1

    Symantec Encryption Management Server Product Family 2

    Who Should Read This Guide 2Common Criteria Environments 2

    Using the Symantec Encryption Management Server with the Command Line 3Symbols 3Getting Assistance 3

    Getting product information 4Technical Support 4

    Contacting Technical Support 5

    Licensing and registration 5

    Customer service 5

    Support agreement resources 6

    Add the Symantec Encryption Management Server to Your Network 7

    Server Placement 7Gateway Placement 7

    Internal Placement 8Mail Relay 9

    Microsoft Exchange Server 9

    Lotus Domino Server 10

    Installation Overview 10

    About Open Ports 15

    TCP Ports 15

    UDP Ports 16

    About Naming your Symantec Encryption Management Server 19

    How to Name Your Symantec Encryption Management Server 19

    Naming Methods 20

    About Installing Symantec Encryption Management Server 21

    Installation Considerations 21

    System Requirements 22Symantec Encryption Management Server on a VMware ESX Virtual Machine 22

    Installing VMware Tools for Symantec Encryption Management Server 23Symantec Encryption Management Server on a VMware vSphere System 24

    Installation Materials 24Installation Options 24

    Set Up after "noautopart" Install 27

    Hardware 28

    System Information 28

    Connecting to the Symantec Encryption Management Server 28

  • 8/10/2019 SymcEncrMgmtServer 332 Installguide En

    6/58

    ii Contents

    About Setting Up Symantec Encryption Management Server 31

    The Setup Assistant 31

    Configuring Symantec Encryption Management Server With the Setup Assistant 32

    Configuring a New Installation 33

    Configuring a Cluster Member 36

    Restore From a Server Backup 37

    Migrate Keys from a PGP Keyserver 37

    Configuration Examples 39

    Internal Placement Configuration 39Gateway Placement Configuration 40

    Non-mailstream Placement Configuration 41

    Cluster Configuration 42

    Clustered Proxy and Keyserver Configuration 43

    Gateway Cluster with Load Balancer 44

    Gateway and Internal Placement Cluster 46

    Encircled Configuration 47Large Enterprise Configuration 48Spam Filters and Symantec Encryption Management Server 49Microsoft Exchange Server with Symantec Encryption Client Software 50Lotus Domino Server with Symantec Encryption Client Software 51

    Unsupported Configurations 51Multiple GatewayPlaced Servers 51

  • 8/10/2019 SymcEncrMgmtServer 332 Installguide En

    7/58

    1

    About the Symantec EncryptionManagement Server Installation Guide

    The Symantec Encryption Management Server Installation Guideprovides importantSymantecEncryption Management Server concepts and presents a high-leveloverview of the tasks required to install, set up, and use Symantec EncryptionManagement Server. This guide provides information about how your SymantecEncryption Management Server processes email, which helps you integrate yourSymantec Encryption Management Servers into your network. There is alsoinformation on using MicrosoftExchange Server and LotusDominoServer withSymantec Encryption Satellite.

    What is Symantec Encryption Management Server?SymantecEncryption Management Server, Powered by PGP Technology is a consolethat manages the applications that provide email, disk, and network file encryption.Symantec Encryption Management Server with Symantec Gateway Email Encryptionprovides secure messaging by transparently protecting your enterprise messages withlittle or no user interaction.

    Symantec Encryption Management Server also does the following:

    Automatically creates and maintains a Self-Managing Security Architecture(SMSA) by monitoring authenticated users and their email traffic.

    Allows you to send protected messages to addresses that are not part of the SMSA.

    Automatically encrypts, decrypts, signs, and verifies messages.

    Provides strong security through policies you control.

    Symantec Encryption Satellite, a client-side feature of Symantec EncryptionManagement Server, does the following:

    Extends security for email messages to the computer of the email user.

    Allows external users to become part of the SMSA.

    If allowed by an administrator, gives end users the option to create and managetheir keys on their computers.

    Symantec Encryption Desktop, a client product, is created and managed throughSymantec Encryption Management Server policy and does the following:

    Creates PGP keypairs.

    Manages user keypairs.

    Stores the public keys of others.

    Encrypts user email.

    Encrypts entire, or partial, hard drives.

    Enables secure file sharing with others over a network.

  • 8/10/2019 SymcEncrMgmtServer 332 Installguide En

    8/58

    2 About the Symantec Encryption Management Server Installation Guide

    Symantec Encryption Management Server Product Family

    Symantec Encryption Management Server Product FamilySymantec Encryption Management Server functions as a management console for avariety of encryption solutions. You can purchase any of the Symantec EncryptionDesktop applications or bundles and use Symantec Encryption Management Server tocreate and manage client installations. You can also purchase a license that enablesSymantec Gateway Email Encryption to encrypt email in the mailstream.

    The Symantec Encryption Management Server can manage any combination of thefollowing Symantec encryption applications:

    Symantec Gateway Email Encryptionprovides automatic email encryption in thegateway, based on centralized mail policy.

    This product requires administration by the Symantec Encryption ManagementServer.

    Symantec Desktop Email Encryption provides encryption at the desktop for mailand files.

    This product can be managed by the Symantec Encryption Management Server.

    Symantec Drive Encryptionprovides encryption at the desktop for an entire disk.

    This product can be managed by the Symantec Encryption Management Server.

    Symantec File Share Encryptionprovides transparent file encryption and sharingamong desktops.