Demo Lab Guide Data Protection Encryption DDP

Similar documents
Demo KACE K1000 System Management Appliance

Demo Lab Guide OS 9 Emulator

KACE K2000 System Deployment Appliance Demo Guide

Demo Lab Guide TechDirect

Once a USB drive has been inserted into an encrypted machine, the Dell Data Protection software will recognize the unencrypted device.

Demo Lab Guide OpenManage Essentials

Demo Lab Guide Compellent

Demo Lab Guide vworkspace

Securing Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.

UNIVERSITY OF EXETER BITLOCKER USER GUIDE

Step 1: Adding Darwin to your computer

Mozy. Administrator Guide

ZENworks 2017 Full Disk Encryption Pre-Boot Authentication Reference. December 2016

Agent and Agent Browser. Updated Friday, January 26, Autotask Corporation

Desktop Application Reference Guide For Windows and Mac

Accessing the CAES Office of Communication File Sharing Services

Demo Lab Guide OpenManage Network Manager

Immersion Day. Getting Started with Windows Server on. Amazon EC2. Rev

ROCK-POND REPORTING 2.1

ALTIRIS SECURITY SOLUTION 6.1 FOR HANDHELDS ADMINISTRATOR GUIDE

Demonstration Instructions

Sophos Central Device Encryption. Administrator Guide

Demo Lab Guide Network Function Virtualization

New Dropbox Users (don t have a Dropbox account set up with your Exeter account)

ForeScout Extended Module for IBM BigFix

Risk Intelligence. Quick Start Guide - Data Breach Risk

Why Implement Endpoint Encryption?

Table of Contents. Table of Figures. 2 Wave Systems Corp. Client User Guide

McAfee File and Removable Media Protection Product Guide

ForeScout Extended Module for IBM BigFix

ZENworks 2017 Update 1 Full Disk Encryption Pre-Boot Authentication Reference. July 2017

JAMS 7.X Getting Started Guide

VMware Horizon Workspace Security Features WHITE PAPER

Integrating Password Management with Enterprise Single Sign-On

SafeGuard Enterprise. user help. Product Version: 8.1

Enable the Always Offline Mode to Provide Faster Access to Files

Demo Lab Guide ImageAssist

ForeScout Extended Module for Carbon Black

Immersion Day. Getting Started with Windows Server on Amazon EC2. June Rev

VMware AirWatch: Directory and Certificate Authority

Evaluation Guide Host Access Management and Security Server 12.4 SP1 ( )

USING DROPBOX TO TRANSFER FILES

GRS Enterprise Synchronization Tool

Getting Started with Soonr

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

SecureFactors. Copyright SecureFactors Corp ver 1.0a

Using SimplySecure to Deploy, Enforce & Manage BitLocker

Anchor User Guide. Presented by: Last Revised: August 07, 2017

Operator s Manual. FreshStart Automated Drive Replacement Tool by CyberSpa LLC. All rights reserved.

MicroStrategy Academic Program

ForeScout Extended Module for VMware AirWatch MDM

SMARTCRYPT CONTENTS POLICY MANAGEMENT DISCOVERY CLASSIFICATION DATA PROTECTION REPORTING COMPANIES USE SMARTCRYPT TO. Where does Smartcrypt Work?

Make security part of your client systems refresh

Secret Server Demo Outline

Application Notes for Virsae Service Management for Unified Communications with Avaya Aura System Manager - Issue 1.0

VNC Connect security whitepaper. VNC Connect. Instant support FAQs

Installing and Configuring Citrix XenApp 6.5 (Part 1)

Data Breach Risk Scanning and Reporting

Forescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2

Contents. Getting Started...1. Managing Your Drives...9. Backing Up & Restoring Folders Synchronizing Folders...52

Operator s Manual. For FreshStart Service Providers by CyberSpa LLC. All rights reserved.

Sync User Guide. Powered by Axient Anchor

ForeScout CounterACT. Single CounterACT Appliance. Quick Installation Guide. Version 8.0

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Application Notes for Virsae Service Management for Unified Communications with Avaya Session Border Controller for Enterprise - Issue 1.

Sophos Enterprise Console Help. Product version: 5.3

DSS User Guide. End User Guide. - i -

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

JAMS 7.X Getting Started Guide

Table of Contents. VMware AirWatch: Technology Partner Integration

Virtual Computer Lab (VCL)

Ekran System v Program Overview

Windows Intune Trial Guide Getting the most from your Windows Intune trial. Simplify PC management. Amplify productivity.

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

Table of Contents HOL-1757-MBL-6

Lesson 3: Identifying Key Characteristics of Workgroups and Domains

Guide to your CGIAR Network account Self Service tool

Horizon Workspace Administrator's Guide

SelectSurvey.NET AWS (Amazon Web Service) Integration

Your . A setup guide. Last updated March 7, Kingsford Avenue, Glasgow G44 3EU

ZENworks 2017 What s New Reference. December 2016

Remote Access User Guide for Mac OS (Citrix Instructions)

VMware Horizon Client v4.7 Release Notes

Enter your Appserv username and password to sign in to the Website

SafeGuard Enterprise user help. Product version: 8.0

Getting Started with ESX Server 3i Installable Update 2 and later for ESX Server 3i version 3.5 Installable and VirtualCenter 2.5

EM L04 Using Workflow to Manage Your Patch Process and Follow CISSP Best Practices

User Guide. Version R94. English

Cmpt 101 Lab 1 - Outline

Freshservice Discovery Probe User Guide

SafeGuard Easy Demo guide. Product version: 6 Document date: February 2012

Qbox User Manual. Version 7.1

Cigati Outlook Recovery. (Version 18.0)

Then she types out her username and password and clicks on Sign In at the bottom.

Getting Started with ESX Server 3i Embedded ESX Server 3i version 3.5 Embedded and VirtualCenter 2.5

Frequently Asked Questions. Question # Page #

Using the Vita Group Citrix Portal

MOVE BEYOND GPO FOR NEXT-LEVEL PRIVILEGE MANAGEMENT

Streamline IT with Secure Remote Connection and Password Management

ProDVX Lite Signage Player

Transcription:

Demo Lab Guide Data Protection Encryption DDP Product Domain: Cloud Client Computing Author: David Aherne Version: 1.01

Table of Contents 1 Product Overview... 3 1.1 Lab Preparation Considerations and Caveats... 3 2 Introduction... 5 2.1 Lab Topology and Essential Information... 5 2.1.1 Dell Data Protection Features... 6 2.1.2 Lab Addressing and Login Details... 6 3 Demo Environment... 8 3.1 Where to begin the demo... 8 3.2 Controlling access to DDPE features... 8 3.3 Setting encryption policies... 9 3.4 Removable media... 11 3.5 Recovery... 13 3.6 Reporting... 15

1 Product Overview Dell Data Protection Encryption (DDPE) protects data at rest on laptops/desktops (including selfencrypting drives and BitLocker), smartphones and tablets, removable drives and in the cloud (currently Dropbox and Box.net). Organizations use DDPE to meet compliance requirements (HIPAA/HITECH, PCI, etc.) and to secure the intellectual property that resides in these locations. There are four major workflows for any encryption solution: Develop encryption policies and deploy to endpoints Central escrow of key material Recovery of data during forensics or break/fix workflows Reporting for compliance or audits Why DDPE? Many customers have an encryption solution in place today. These customers feel an enormous amount of pain with their legacy solutions systems management tasks, such as patch management and software distribution tasks can be impacted, end users are often locked out of their systems due to password sync ing problems and recovering encrypted data is very time-consuming all of this means more helpdesk calls and more downtime for users. DDPE software encryption provides: Transparency to the end-user No impact to patch management, software distribution and other endpoint management tasks (works very well with Dell KACE) Quick recovery workflows that do not leave data unencrypted Central key escrow/management Central reporting for audits/compliance 1.1 Lab Preparation Considerations and Caveats It is in your best interests to ensure the demo environment you will be demonstrating is clean & tidy before you begin. For this reason we would recommend, where possible, you log in to your demo at least 15 minutes prior to delivery and check the following; 1. Familiarize yourself with the environment during this time and check any specific features you are expecting to demo. 2. Most importantly, be crystal clear with yourself on what it is you plan to show. A full demo of every feature described below (with questions) can take several hours. If you only have a 3 Dell Demo Center https://demos.dell.com Dell Inc., 2016

short time slot be sure to focus on the key points that address the customer s pain points and will drive value home to them. 3. Ensure that you have scheduled the demo for sufficient time so as not to have the demo end before you are finished with the customer. 4 Dell Demo Center https://demos.dell.com Dell Inc., 2016

2 Introduction In this guide you will find the Dell Data Protection demo that is available at https://demos.dell.com. The guide details the demo options available to the user enabling the demonstration and learning about Dell Data Protection. The guide also provides steps by step instruction on how to use Dell Data Protection. The guide and demo are focused on the following elements:- Providing a facility to enable engineers to work with Dell Data Protection and the various configuration options Provides an example setup on how to use Dell Data Protection 2.1 Lab Topology and Essential Information The diagram provides detail on the setup of the demonstration environment. The environment provided is self-contained and has a number of virtual machines images provided for use. 5 Dell Demo Center https://demos.dell.com Dell Inc., 2016

2.1.1 Dell Data Protection Features Dell Data Protection offers the following features: - Platform to control, manage and protect your laptops, desktops, removable media, smartphones, tablets, self- encrypting drives, BitLocker and even data in the cloud. All management-related protocols and features such as simple network management protocol (SNMP), telnet, secure shell (SSH) - DDPE Policy based encryption on Windows 7 64Bit with the Demonstration capability of the External Media Shield (EMS)Optics emulation - Limited by the Demo environment the following features Cloud,IOS, Android, Mac, SED, and Dell FVE security are not currently available for client demonstration, 2.1.2 Lab Addressing and Login Details Please pay attention to the login details provided. These are essential for the successful completion of the lab. The information will be required during various phases on of the lab. 6 Dell Demo Center https://demos.dell.com Dell Inc., 2016

The following tables provides login credentials for all elements needed to complete the lab: System Username Password DDPE Management Console DDPE Compliance Reporter demouser reportadmin password password 7 Dell Demo Center https://demos.dell.com Dell Inc., 2016

3 Demo Environment The demo environment allows you to show all aspects of the DDPE console, including central management, recovery and compliance reporting. Two virtual clients are also available, one encrypted with DDPE and the other encrypted with BitLocker, but managed by DDPE. A limitation of the virtual clients is that the USB drives cannot be reconnected once they are disconnected. When providing a demo, you can show the workflow of a user first connecting a removable drive and you can show copying data to the drive. However you cannot show what happens the next time a user connects the USB drive to their system. Demonstration of encryption for Dropbox and Box.net, as well as smartphones (ios and Android) is not available, however the policy configuration for these capabilities can be show in the console. 3.1 Where to begin the demo When first starting the demo, make sure that Enterprise is selected under Protect & Manage on the lefthand column of the web console. Note that the dashboards in the middle pane provide administrators with a tactical view of their encrypted endpoints. Also note that these dashboards are drillable, you can click on a number under Protected, as an example, and see more detail regarding the endpoints. (Note: click on Enterprise in the left-hand column to return to the original dashboard view). 3.2 Controlling access to DDPE features Now click on Administrators in the left-hand column. Administrators will login to the web console using their standard AD credentials, however rights to things like key material, reports or the ability to modify encryption policies are governed by the roles selected here. In most organizations, you will have security administrators that are responsible for setting encryption policy and involved in forensics activities. Operational administrators and even frontline helpdesk personnel can be locked out of setting/viewing policies but can still assist in certain data recovery 8 Dell Demo Center https://demos.dell.com Dell Inc., 2016

workflows. (Note: if you want to review the details of the listed roles before a demo, click on the? icon in the top right hand corner of the webconsole and search for roles). 3.3 Setting encryption policies Now click on Enterprise in the left-hand column and then the Security Policies tab in the middle pane. Discuss how DDPE ships with several pre-defined templates designed to meet certain regulatory requirements such as HIPAA or PCI right out of the box. These templates can be modified or you also have the option of building your own policies from the ground up. The key point is that customers do not have to spend a lot of time managing these policies. Click on the Override button in the top right-hand corner. 9 Dell Demo Center https://demos.dell.com Dell Inc., 2016

This is where you can customize a template or build your own encryption policies. Click on the Shield for Windows drop-down box (to the right of Policy Category) and discuss how policies for all of the platforms we support can be set in one place. This includes Windows, Mac, ios, Android, removable drives, self-encrypting drives, BitLocker and cloud storage services Box.net and Dropbox. Start with the Shield for Windows policies and expand the Fixed Storage section. Emphasize that by default DDPE encrypts data across the entire drive, with the exception of a handful of files needed to boot Windows. However, DDPE differentiates itself from legacy encryption solutions by utilizing multiple keys to secure the data. With DDPE, when users are sitting at the Windows login prompt, data is still encrypted. The key for this data (referred to as the common key) is only unlocked by a domain authenticated user. The benefit to this approach is that nothing changes as far as how the user logs in or accesses their data. Also it is providing a higher level of security to the data organizations want to protect the most. 10 Dell Demo Center https://demos.dell.com Dell Inc., 2016

3.4 Removable media To do this complete demo, you will need to have a physical system (or a virtual machine that allows you to connect and disconnect USB drives). This is currently not available in the demo center virtual environment. Discuss how many of the big data breaches over the last 18 months have been related to removable drives (Kaiser Permanente, Sutter Health, State of Alaska these are all organizations that were not DDPE customers prior to the reported breaches, but are now). Discuss how many organizations don t address removable media because existing solutions are too much of a barrier to end users. For instance, BitLocker-to-go requires the user to completely reformat the drive they connect (this involves also copying existing data on the drive to the local system and then copying it back). This can be very time-consuming and frustrating for users. DDPE stays out of the way of the end user as much as possible. Start in the console, expanding the Removable Storage section. Do not go through every policy, instead focus on a few key policies and the user experience. The policies to summarize are: EMS Access to Unshielded Media EMS Scan External Media 11 Dell Demo Center https://demos.dell.com Dell Inc., 2016

EMS Access Encrypted Data on unshielded Device With the policies that you see in this screenshot, DDPE will not encrypt any existing data on the drive. Users can still access encrypted data on non-corporate machines by entering a secondary password, however whenever a user connects the device to their corporate machine, they can access their encrypted data without entering any additional passwords. Now transition to a client system. When connecting to Windows7.rdp, you will see two identical prompts. This prompt is what a user sees when they first connect an external drive. (Note: there are two prompts because two USB drives are connected to the virtual client. If you don t see any prompts, use the formatusb - shortcut batch file on the desktop. When it completes, you will see the prompts appear). Walk through one of the prompts, noting that the user has access to the drive in the matter of a few minutes. At this point you can copy files to the drive and they will automatically be encrypted. If you have access to a physical system or a virtual machine that allows you to connect and disconnect removable drives, I recommend starting the client-side demo by connecting a drive that was already connected to the system and prepared for encryption. Have encrypted files already on the drive. The goal here is that the prospect sees how easy it is for users to access their data on the drive no passwords or special software are needed when the user is logged in with their AD credentials. 12 Dell Demo Center https://demos.dell.com Dell Inc., 2016

When you connect the thumb drive, you will see a pop-up window above the system tray. Note that the keys to the encrypted data are unlocked by the users AD credentials. At this point the user can interact with drive just like they did prior to encryption being in place. They can use copy and paste, drag and drop, etc. and the data is seamlessly encrypted behind the scenes. The benefits to the DDPE solution are: Any thumb drive can be encrypted It does not force the user to re-format the drive, which is both time-consuming and potentially destructive to existing data If you allow it via policy (which most organization do), users can still access encrypted data on non-corporate machines using a secondary password If the users forget their secondary password, they can reset it themselves on the corporate machine or through assistance by the helpdesk 3.5 Recovery During a demo you will typically not show an actual recovery, however you need to explain the two methods for recovering data with DDPE. The primary reason for needing to recover data is break/fix of the users system for instance the system board on their laptop dies but administrators still need to copy user data from the hard drive. The first (and less commonly used) method is referred to as permanent recovery. In this case the administrator wants to take the hard drive out of the users old laptop and put it into a new laptop chassis with similar/identical hardware. If they try this without the key bundle for the drive, the encryption keys remain locked and the system will not boot. 13 Dell Demo Center https://demos.dell.com Dell Inc., 2016

To unlock the drive on the new laptop, the administrator must download the keys for that drive from the Endpoint Detail screen of the affected system. The new laptop can be booted into a pre-boot environment and the downloaded key bundle copied to the root of the drive. Once completed, they system can be rebooted and allowed to boot normally. The DDPE drivers consume the bundle, validate that the keys are correct and the system boots to the normal Windows login prompt. The user can now login normally. The second method is referred to as temporary recovery. In this scenario, the administrator wants to take the users old hard drive, put it in a USB enclosure, and connect it to their own system in order to retrieve the users data. Of course without the keys, the data is still encrypted on the attached drive. The administrator can then launch a DDPE utility on their system to temporarily unlock the keys for the users drive. This utility requires credentials with rights to access key material out of the database. While the utility is open, the administrator can copy the users data, unencrypted, to whatever location they like (network share, external drive, new system). However, as soon as the utility is closed, the keys are immediately locked again. 14 Dell Demo Center https://demos.dell.com Dell Inc., 2016

The benefits to this approach are: Most of our competitors require a complete decryption of the drive, which is both timeconsuming more downtime for the user and error-prone. With DDPE, you have access to encrypted data in a matter of minutes. From a security perspective, you don t have to worry about data in the clear. If the drive is not wiped or disposed of properly, administrators are not left with unencrypted data floating around the environment 3.6 Reporting DDPE reports allow customers to meet compliance audits or demonstrate safe harbor privileges in the event of a lost endpoint or external drive. These reports ship with the product and do not require any customization or configuration by administrators. 15 Dell Demo Center https://demos.dell.com Dell Inc., 2016

Click on the Reports folder at the top of the left hand column. This will list all of the default DDPE reports. Click on the Shield Detail report. Note that the fields in the report are customizable. Also the reports can automatically be e-mailed out. Access to reports is controlled by the same administrative roles described earlier. Click on Run Reports to show the results of the report. Note fields like Policy Proxy Sync, which shows when the system last checked in and the Protected field which shows the current encryption state per the configured policies. 16 Dell Demo Center https://demos.dell.com Dell Inc., 2016

In the demo environment, the EMS Event report will be empty when starting a demo the first time. For this reason, you can simply note that all removable media activity is logged once the DDPE agent is in place. If you want to show a report with data in it, you can use the RDP link to access Windows7 before you start the demo and the walk through steps outlined in the removable media section of this guide. Once complete, you need to run Check for Policy Updates from the DDPE system tray icon. This sends the logged USB activity to the server. After this is done, use the formatusb - shortcut batch file to reset the USB drives. 17 Dell Demo Center https://demos.dell.com Dell Inc., 2016

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback