pgpUniversal_320_adminguide_en.pdf - PGP Universal Server Administrator's Guide 3.2 The software described in this book is furnished under a license

pgpUniversal_320_adminguide_en.pdf - PGP Universal Server...

This preview shows page 1 out of 398 pages.

You've reached the end of your free preview.

Want to read all 398 pages?

Unformatted text preview: PGP Universal Server Administrator's Guide 3.2 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Version 3.2.0. Last updated: July 2011. Legal Notice Copyright (c) 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. “Commercial Computer Software and Commercial Computer Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 Symantec Home Page ( ) Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1 Contents Introduction What is PGP Universal Server? PGP Universal Server Product Family Who Should Read This Guide Common Criteria Environments Improvements in this Version of PGP Universal Server Using the PGP Universal Server with the Command Line Symbols Getting Assistance Getting product information Technical Support Contacting Technical Support Licensing and registration Customer service Support agreement resources The Big Picture Important Terms PGP Products PGP Universal Server Concepts PGP Universal Server Features PGP Universal Server User Types Installation Overview About Integration with Symantec Protection Center Before You Integrate with Protection Center About Open Ports TCP Ports UDP Ports About Naming your PGP Universal Server 13 13 14 14 14 14 15 16 16 16 17 17 18 18 18 19 19 19 20 21 22 23 28 28 31 31 32 33 How to Name Your PGP Universal Server Naming Methods 33 34 Understanding the Administrative Interface 35 System Requirements Logging In The System Overview Page Managing Alerts Logging In For the First Time Administrative Interface Map Icons 35 35 36 37 38 38 39 ii Contents Licensing Your Software Overview Licensing a PGP Universal Server License Authorization Licensing the Mail Proxy Feature Licensing PGP Desktop 45 45 45 45 45 46 Operating in Learn Mode 47 Purpose of Learn Mode Checking the Logs Managing Learn Mode 47 48 48 Managed Domains About Managed Domains Adding Managed Domains Deleting Managed Domains Understanding Keys Choosing a Key Mode For Key Management Changing Key Modes How PGP Universal Server Uses Certificate Revocation Lists Key Reconstruction Blocks Managed Key Permissions Managing Organization Keys About Organization Keys Organization Key Inspecting the Organization Key Regenerating the Organization Key Importing an Organization Key Organization Certificate Inspecting the Organization Certificate Exporting the Organization Certificate Deleting the Organization Certificate Generating the Organization Certificate Importing the Organization Certificate Renewing the Organization Certificate Additional Decryption Key (ADK) Importing the ADK Inspecting the ADK Deleting the ADK External User Root Key Generating the External User Root Key Importing the External User Root Key Deleting the External User Root Key 49 49 50 50 51 51 53 54 54 55 57 57 57 58 58 59 60 60 61 61 61 62 62 63 64 64 64 65 65 65 66 Contents External User Root Certificate Generating the External User Root Certificate Importing the External User Root Certificate Deleting the External User Root Certificate Verified Directory Key Importing the Verified Directory Key Inspecting the Verified Directory Key Deleting the Verified Directory Key Administering Managed Keys Viewing Managed Keys Managed Key Information Email Addresses Subkeys Certificates Permissions Attributes Symmetric Key Series Symmetric Keys Custom Data Objects Exporting Consumer Keys Exporting the Managed Key of an Internal User Exporting the Managed Key of an External User Exporting PGP Verified Directory User Keys Exporting the Managed Key of a Managed Device Deleting Consumer Keys Deleting the Managed Key of an Internal User Deleting the Managed Key of an External User Deleting the Key of a PGP Verified Directory User Deleting the Managed Key of a Managed Device Approving Pending Keys Revoking Managed Keys Managing Trusted Keys and Certificates Overview Trusted Keys Trusted Certificates Adding a Trusted Key or Certificate Inspecting and Changing Trusted Key Properties Deleting Trusted Keys and Certificates Searching for Trusted Keys and Certificates Managing Group Keys Overview Establishing Default Group Key Settings Adding a Group Key to an Existing Group Creating a New Group with a Group Key Removing a Group Key from a Group Deleting a Group Key 66 66 67 67 68 68 68 69 71 71 72 74 74 75 75 76 76 78 79 80 80 81 81 81 82 82 82 83 83 83 84 87 87 87 87 88 88 89 89 91 91 91 92 92 93 93 iii iv Contents Revoking a Group Key Exporting a Group Key Setting Mail Policy Overview How Policy Chains Work Mail Policy and Dictionaries Mail Policy and Key Searches Mail Policy and Cached Keys Migrating Settings from Version 2.0.x About Restoring Mail Policy Rules Understanding the Pre-Installed Policy Chains Mail Policy Outside the Mailflow Using the Rule Interface The Conditions Card The Actions Card Building Valid Chains and Rules Using Valid Processing Order Creating Valid Groups Creating a Valid Rule Managing Policy Chains Mail Policy Best Practices Restoring Mail Policy to Default Settings Editing Policy Chain Settings Adding Policy Chains Deleting Policy Chains Exporting Policy Chains Printing Policy Chains Managing Rules Adding Rules to Policy Chains Deleting Rules from Policy Chains Enabling and Disabling Rules Changing the Processing Order of the Rules Adding Key Searches Choosing Condition Statements, Conditions, and Actions Condition Statements Conditions Actions Working with Common Access Cards Applying Key Not Found Settings to External Users Overview Bounce the Message PDF Messenger PDF Messenger Secure Reply Working with Passphrases Certified Delivery with PDF Messenger Send Unencrypted Smart Trailer PGP Universal Web Messenger Changing Policy Settings 94 94 95 95 95 96 97 97 97 98 104 105 105 106 108 108 109 110 111 112 112 112 112 113 114 114 115 115 115 115 116 116 116 117 117 118 122 134 135 135 135 136 136 137 137 138 138 140 141 Contents Changing User Delivery Method Preference Using Dictionaries with Policy Overview Default Dictionaries Editing Default Dictionaries User-Defined Dictionaries Adding a User-Defined Dictionary Editing a User-Defined Dictionary Deleting a Dictionary Exporting a Dictionary Searching the Dictionaries Keyservers, SMTP Archive Servers, and Mail Policy Overview Keyservers Adding or Editing a Keyserver Deleting a Keyserver SMTP Servers Adding or Editing an Archive Server Deleting an Archive Server Managing Keys in the Key Cache Overview Changing Cached Key Timeout Purging Keys from the Cache Trusting Cached Keys Viewing Cached Keys Searching the Key Cache Configuring Mail Proxies Overview PGP Universal Server and Mail Proxies Mail Proxies in an Internal Placement Mail Proxies in a Gateway Placement Changes in Proxy Settings from PGP Universal Server 2.0 to 2.5 and later Mail Proxies Page Creating New or Editing Existing Proxies Creating or Editing a POP/IMAP Proxy Creating or Editing an Outbound SMTP Proxy Creating or Editing an Inbound SMTP Proxy Creating or Editing a Unified SMTP Proxy Email in the Mail Queue Overview Deleting Messages from the Mail Queue 141 143 143 144 145 146 146 147 147 148 148 151 151 151 152 154 154 154 155 157 157 157 157 158 158 159 161 161 161 162 163 164 165 165 165 167 169 170 175 175 175 v vi Contents Specifying Mail Routes Overview Managing Mail Routes Adding a Mail Route Editing a Mail Route Deleting a Mail Route Customizing System Message Templates Overview Templates and Message Size PDF Messenger Templates Templates for New PGP Universal Web Messenger Users Editing a Message Template Managing Groups Understanding Groups Sorting Consumers into Groups Everyone Group Excluded Group Policy Group Order Migrate Groups from PGP Universal Server 2.12 SP4 Setting Policy Group Order Creating a New Group Deleting a Group Viewing Group Members Manually Adding Group Members Manually Removing Members from a Group Group Permissions Adding Group Permissions Deleting Group Permissions Setting Group Membership Searching Groups Creating Group Client Installations How Group Policy is Assigned to PGP Desktop Installers When to Bind a Client Installation Creating PGP Desktop Installers Managing Devices Managed Devices Adding and Deleting Managed Devices Adding Managed Devices to Groups Managed Device Information Deleting Devices from PGP Universal Server Deleting Managed Devices from Groups WDE Devices (Computers and Disks) WDE Computers WDE Disks 177 177 178 178 178 179 181 181 181 182 183 183 185 185 185 186 186 186 187 187 187 188 188 188 189 190 190 190 191 192 193 193 194 195 199 199 200 200 202 205 206 207 207 208 Contents Searching for Devices Administering Consumer Policy Understanding Consumer Policy Managing Consumer Policies Adding a Consumer Policy Editing a Consumer Policy Deleting a Consumer Policy Making Sure Users Create Strong Passphrases Understanding Entropy Using the Windows Preinstallation Environment X.509 Certificate Management in Lotus Notes Environments Trusting Certificates Created by PGP Universal Server Setting the Lotus Notes Key Settings in PGP Universal Server Technical Deployment Information Offline Policy Using a Policy ADK Out of Mail Stream Support Enrolling Users through Silent Enrollment Silent Enrollment with Windows Silent Enrollment with Mac OS X PGP Whole Disk Encryption Administration PGP Whole Disk Encryption on Mac OS X with FileVault How Does Single Sign-On Work? Enabling Single Sign-On Managing Clients Remotely Using a PGP WDE Administrator Active Directory Group Managing Clients Locally Using the PGP WDE Administrator Key Setting Policy for Clients Client and PGP Universal Server Version Compatibility Serving PGP Admin 8 Preferences Establishing PGP Desktop Settings for Your PGP Desktop Clients PGP Desktop Feature License Settings Enabling PGP Desktop Client Features in Consumer Policies Controlling PGP Desktop Components PGP Portable PGP Mobile PGP NetShare How the PGP NetShare Policy Settings Work Together Multi-user environments and managing PGP NetShare Backing Up PGP NetShare-Protected Files Using Directory Synchronization to Manage Consumers How PGP Universal Server Uses Directory Synchronization Base DN and Bind DN Consumer Matching Rules Understanding User Enrollment Methods Before Creating a Client Installer Email Enrollment 210 213 213 213 213 214 215 215 216 216 216 217 219 219 220 221 221 223 223 223 224 224 224 225 226 227 229 229 230 231 231 232 233 234 234 235 235 235 236 237 237 238 239 239 240 241 vii viii Contents Directory Enrollment Certificate Enrollment Enabling Directory Synchronization Adding or Editing an LDAP Directory The LDAP Servers Tab The Base Distinguished Name Tab The Consumer Matching Rules Tab Testing the LDAP Connection Using Sample Records to Configure LDAP Settings Deleting an LDAP Directory Setting LDAP Directory Order Directory Synchronization Settings Managing User Accounts Understanding User Account Types Viewing User Accounts User Management Tasks Setting User Authentication Editing User Attributes Adding Users to Groups Editing User Permissions Deleting Users Searching for Users Viewing User Log Entries Changing Display Names and Usernames Exporting a User’s X.509 Certificate Revoking a User's X.509 Certificate Managing User Keys Managing Internal User Accounts Importing Internal User Keys Manually Creating New Internal User Accounts Exporting PGP Whole Disk Encryption Login Failure Data Internal User Settings Managing External User Accounts Importing External Users Exporting Delivery Receipts External User Settings Offering X.509 Certificates to External Users Managing Verified Directory User Accounts Importing Verified Directory Users PGP Verified Directory User Settings Recovering Encrypted Data in an Enterprise Environment Using Key Reconstruction Recovering Encryption Key Material without Key Reconstruction Encryption Key Recovery of CKM Keys Encryption Key Recovery of GKM Keys Encryption Key Recovery of SCKM Keys Encryption Key Recovery of SKM Keys Using an Additional Decryption Key for Data Recovery 243 244 246 246 247 248 248 249 249 249 250 250 253 253 253 253 253 254 254 254 255 255 256 256 257 257 258 258 259 259 260 260 264 264 265 266 267 268 269 269 271 271 272 272 272 272 273 274 Contents PGP Universal Satellite Overview Technical Information Distributing the PGP Universal Satellite Software Configuration Key Mode PGP Universal Satellite Configurations Switching Key Modes Policy and Key or Certificate Retrieval Retrieving Lost Policies Retrieving Lost Keys or Certificates PGP Universal Satellite for Mac OS X Overview System Requirements Obtaining the Installer Installation Updates Files PGP Universal Satellite for Windows Overview System Requirements Obtaining the Installer Installation Updates Files MAPI Support External MAPI Configuration Lotus Notes Support External Lotus Notes Configuration Configuring PGP Universal Web Messenger Overview PGP Universal Web Messenger and Clustering External Authentication Customizing PGP Universal Web Messenger Adding a New Template Troubleshooting Customization Changing the Active Template Deleting a Template Editing a Template Downloading Template Files Restoring to Factory Defaults Configuring the PGP Universal Web Messenger Service Starting and Stopping PGP Universal Web Messenger Selecting the PGP Universal Web Messenger Network Interface 275 275 275 276 276 276 277 280 280 280 281 283 283 283 283 284 284 284 287 287 287 287 288 288 289 289 289 290 291 293 293 294 294 296 296 300 302 302 302 303 303 303 304 304 ix x Contents Setting Up External Authentication Creating Settings for PGP Universal Web Messenger User Accounts Setting Message Replication in a Cluster Configuring the Integrated Keyserver Overview Starting and Stopping the Keyserver Service Configuring the Keyserver Service Configuring the PGP Verified Directory Overview Starting and Stopping the PGP Verified Directory Configuring the PGP Verified Directory Managing the Certificate Revocation List Service Overview Starting and Stopping the CRL Service Editing CRL Service Settings Configuring Universal Services Protocol Starting and Stopping USP Adding USP Interfaces Managing PGP Remote Disable & Destroy for Encrypted Disks Deploying PGP RDD Network and Clustering Considerations Hardware and System Requirements Licensing PGP Remote Disable & Destroy with Intel Anti-Theft Technology Setting PGP RDD in Consumer Policies Setting Up the PGP RDD Service Managing PGP RDD Policy Starting and Stopping the PGP RDD Service PGP RDD Administrator Tasks Viewing Anti-Theft Information Managing Intel Anti-Theft Status AT Activated Decommissioned AT Deactivated Stolen Changing a Computer's Status Recovering Locked Systems Reporting and Logging System Graphs Overview 305 306 307 309 309 309 309 311 311 312 312 315 315 315 316 317 317 317 319 319 320 320 321 322 323 323 325 325 326 327 327 328 328 329 329 329 331 333 333 Contents CPU Usage Message Activity Whole Disk Encryption System Logs Overview Filtering the Log View Searching the Log Files Exporting a Log File Enabling External Logging Configuring SNMP Monitoring Overview Starting and Stopping SNMP Monitoring Configuring the SNMP Service Downloading the Custom MIB File Viewing Server and License Settings and Shutting Down Services Overview Server Information Setting the Time Licensing a PGP Universal Server Downloading the Release Notes Shutting Down and Restarting the PGP Universal Server Software Services Shutting Down and Restarting the PGP Universal Server Hardware Managing Administrator Accounts Overview Administrator Roles Administrator Authentication Creating a New Administrator Importing SSH v2 Keys Deleting Administrators Inspecting and Changing the Settings of an Administrator Configuring RSA SecurID Authentication Resetting SecurID PINs Daily Status Email Protecting PGP Universal Server with Ignition Keys Overview Ignition Keys and Clustering Preparing Hardware Tokens to be Ignition Keys Configuring a Hardware Token Ignition Key Configuring a Soft-Ignition Passphrase Ignition Key Deleting Ignition Keys 333 333 334 337 337 338 338 339 339 341 341 342 342 343 345 345 345 345 346 346 347 347 349 349 349 351 351 352 352 353 354 355 356 357 357 358 358 360 360 361 xi xii Contents Backing Up and Restoring System and User Data Overview Creating Backups Scheduling Backups Performing On-Demand Backups Configuring the Backup Location Restoring From a Backup Restoring On-Demand Restoring Configuration Restoring from a Different Version Updating PGP Universal Server Software Overview Inspecting Update Packages Setting Network Interfaces Understanding the Network Settings Changing Interface Settings Adding Interface Settings Deleting Interface Settings Editing Global Network Settings Assigning a Certificate Working with Certificates Importing an Existing Certificate Generating a Certificate Signing Request (CSR) Adding a Pending Certificate Inspecting a Certificate Exporting a Certificate Deleting a Certificate Clustering your PGP Universal Servers Overview Cluster Status Creating a Cluster Deleting Cluster Members Clustering and PGP Universal Web Messenger Managing Settings for Cluster Members Changing Network Settings in Clusters About Clustering Diagnostics Monitoring Data Replication in a Cluster Index 363 363 363 364 364 364 365 366 366 367 369 369 370 371 371 372 372 372 373 373 373 374 374 375 376 376 376 377 377 378 379 381 382 382 383 383 384 387 1 Introduction This Administrator’s Guide describes both the PGP™ Universal Server and Client software. It tells you how to get them up and running on your network, how to configure them, and how to maintain them. This section provides a high-level overview of PGP Universal Server. What is PGP Universal Server? PGP Universal Server is a console that manages the applications that provide email, disk, and network file encryption. PGP Universal Server with PGP Universal Gateway Email provides secure messaging by transparently protecting your enterprise messages with little or no user interaction. The PGP Universal Server replaces PGP Keyserver with a built-in keyserver, and PGP Admin with PGP Desktop configuration and deployment capabilities. PGP Universal Server also does the following: ƒ Automatically creates and maintains a Self-Managing Security Architecture (SMSA) by monitoring authenticated users and their email...
View Full Document

  • Fall '16
  • Olson
  • E-mail, Pretty Good Privacy, PGP Universal Satellite, PGP Universal

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture