Symantec Drive Encryption (formerly PGP Whole Disk Encryption)
Connector name |
|
Connector type | Executable |
Type (UI field value) | Symantec Drive Encryption |
Target system versions supported / tested | This connector is known to work with the following versions of Symantec Encryption products; other versions of Symantec Drive Encryption or Encryption Management Server may work.
|
Connector status / support | Customer-Verified Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system. |
Installation / setup | On boot, Symantec Drive Encryption asks for a password for the user. This connector provides a means to retrieve the WDRT (whole disk recovery token) using Phone Password Manager . If a domain account is configured for resets, nplocalr.ocx can be used to clear the Symantec Drive Encryption cached password when resets occur with the Change passwords (PSS) module. |
Symantec Drive Encryption is a member of the Symantec Encryption Desktop family of products.
The following Bravura Security Fabric operations are supported by this connector (depending on your product license and version):
reset hard drive encryption password
Challenge-response - generate an unlock code to recover control of a machine after reboot
List:
accounts
The operations are made through the Administration URL and interactions with the web site. Each target account for Symantec Drive Encryption is the combination of domain account and whole disk encrypted.
See also
Bravura Security Fabric ships with nplocalr.ocx, which is designed to update locally protected resources. It can be used to clear Symantec Drive Encryption cache passwords so that the new password can be used on the next start-up of the PGP client.
The nplocalr.ocx control is installed using the Password Manager Local Reset Extension installer as of Bravura Pass version 9.0.4. For versions 9.0.3 or earlier, nplocalr.ocx is located in \<instance>\wwwdocs\.
See Self Service Anywhere in the Bravura Security Fabric documentation for more information about nplocalr.
Preparation
Before you can target Symantec Drive Encryption, you must:
Ensure the Bravura Security Fabric server can access the administration URL.
Install SSL certificates for the Administrative URL Bravura Security Fabric server.
Set up a target system administrator.
Optional: Configure Symantec Drive Encryption clients to use domain credentials.
Log onto Windows with the psadmin account at least once.
No client software is required.
Setting up a target system administrator
Bravura Security Fabric uses a designated account on Symantec Drive Encryption to perform Bravura Security Fabric operations. Create an account with appropriate permissions if one does not already exist.
A WDRT Only Administrator role is sufficient to provide the operations available.
Using domain credentials
Symantec Drive Encryption can be configured to use domain credentials with each client to allow easier auto-association with Active Directory accounts.
The following steps describe how to configure Symantec Drive Encryption to use domain credentials:
On the Symantec Encryption Management server, go to Consumers and click Directory Synchronization.
Click Enable to enable Directory Synchronization.
After enabling, click Add LDAP Directory....
Fill in the required information for the Active Directory server.
Click Test Connection and ensure connection test is successful.
Click Settings and enable Enroll clients using directory authentication.
Open the policy and click Edit.
Under General, check off Enable Silent Enrollment.
Create a new group and select the policy in the previous step for Consumer Policy.
During the download of Symantec Encryption Desktop client, set Preset Policy Group as the group created in previous step.
After installation, select Always allow for this site for the Symantec alert.
Log in with the domain credentials, this will enroll the client with the Symantec Drive Encryption server.
Targeting Symantec Drive Encryption clients
For each Symantec Drive Encryption system, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems):
Type is Symantec Drive Encryption .
Address uses the following options:
Server The server’s host name or IP address.
(key: server)
Port The TCP port number.
(key: port)
Connection over SSL Switch connection over SSL protocol. Default is "true".
(key: ssl)
Validate the server’s certificate when connecting determines whether to validate the server’s security certificate for SSL connection. Default is "true".
(key: checkCert)
HTTP Network Proxy specifies a proxy URL to use for connecting.
(key: proxy)
The address is entered in KVGroup syntax:
{server=<server name>;port=<port>;[proxy=<URL>;][ssl=<true|false>;][checkCert=<true|false>;]}Administrator ID and Password is the login ID and password for the target system administrator.
The full list of target parameters is explained in Target System Options.
Troubleshooting
The Administrative URL is encrypted with SSL.
If the listing fails to authenticate, check the following:
The certificate is trusted on the Bravura Security Fabric server.
The certificate name matches the server configured for the target.
If the listing fails to connect to the target, check that the HTTP proxy for the local psadmin account is correct if required.