McAfee Data Protection for Cloud 1.0.1

Similar documents
McAfee Rogue Database Detection For use with epolicy Orchestrator Software

McAfee Boot Attestation Service 3.5.0

Migration Guide. McAfee File and Removable Media Protection 5.0.0

Boot Attestation Service 3.0.0

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Host Intrusion Prevention 8.0

McAfee Endpoint Security

Best Practices Guide. Amazon OpsWorks and Data Center Connector for AWS

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee File and Removable Media Protection 6.0.0

Cloud Workload Discovery 4.5.1

McAfee Change Control and McAfee Application Control 8.0.0

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee epolicy Orchestrator Software

McAfee Management of Native Encryption 3.0.0

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

Addendum. McAfee Virtual Advanced Threat Defense

Data Loss Prevention Discover 11.0

McAfee File and Removable Media Protection Installation Guide

McAfee SiteAdvisor Enterprise 3.5.0

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee MVISION Endpoint 1808 Installation Guide

McAfee Endpoint Security for Servers Product Guide

McAfee Client Proxy Product Guide

McAfee MVISION Endpoint 1811 Installation Guide

McAfee Policy Auditor 6.2.2

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

Installation Guide. McAfee Web Gateway Cloud Service

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Change Control and McAfee Application Control 6.1.4

Product Guide Revision A. McAfee Client Proxy 2.3.2

McAfee Active Response 2.0.0

McAfee Content Security Reporter 2.6.x Migration Guide

McAfee Client Proxy Installation Guide

Installation Guide. McAfee Web Gateway. for Riverbed Services Platform

Migration Guide. McAfee Content Security Reporter 2.4.0

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

McAfee epolicy Orchestrator 5.9.1

McAfee MVISION Mobile epo Extension Product Guide

McAfee Cloud Workload Security Product Guide

Scripting Guide. McAfee Drive Encryption 7.2.0

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

McAfee Network Security Platform 8.3

Product Guide Revision A. Intel Security Controller 1.2

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee MVISION Mobile Microsoft Intune Integration Guide

Firewall Enterprise epolicy Orchestrator

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

Product Guide. McAfee Plugins for Microsoft Threat Management Gateway Software

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter 2.6.x Installation Guide

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Rogue System Detection 5.0.5

McAfee Enterprise Mobility Management 12.0 Software

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee Rogue System Detection 5.0.0

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security Threat Prevention Installation Guide - macos

McAfee Network Security Platform 9.1

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

McAfee Network Security Platform

Addendum. McAfee Virtual Advanced Threat Defense

McAfee Application Control Windows Installation Guide

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

Installation Guide. McAfee epolicy Orchestrator Software. Draft for Beta

McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

McAfee Network Security Platform 8.1

McAfee Investigator Product Guide

Hardware Guide. McAfee MVM3200 Appliance

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

McAfee Performance Optimizer 2.1.0

Installation Guide. McAfee Enterprise Mobility Management 10.1

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee epo Deep Command 1.0.0

McAfee. Deployment and User Guide. epo 4 / Endpoint Encryption

McAfee MVISION Mobile Silverback Integration Guide

Product Guide. McAfee SiteAdvisor Enterprise 3.5 Patch2

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee MVISION Mobile MobileIron Integration Guide

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

McAfee File and Removable Media Protection Product Guide

McAfee Network Security Platform 8.3

McAfee MVISION Mobile Citrix XenMobile Integration Guide

Product Guide. McAfee Web Gateway Cloud Service

Archiving Service. Exchange server setup (2010) Secure Gateway (SEG) Service Administrative Guides

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Reference Guide. McAfee Application Control 7.0.0

Product Guide Revision A. McAfee Customer Submission Tool 2.4.0

McAfee Application Control Linux Product Guide. (McAfee epolicy Orchestrator)

Product Guide Revision A. Endpoint Intelligence Agent 2.2.0

Release Notes. McAfee Active Response Content Update

Transcription:

Product Guide McAfee Data Protection for Cloud 1.0.1 For use with McAfee epolicy Orchestrator

COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence, McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Data Protection for Cloud 1.0.1 Product Guide

Contents Preface 5 About this guide.................................. 5 Audience.................................. 5 Conventions................................. 5 Find product documentation.............................. 6 1 Introduction 7 Why you need Data Protection for Cloud......................... 7 How we protect your cloud volumes........................... 7 Components and what they do............................. 7 Product features.................................. 8 2 Installation 9 System requirements................................ 9 Installing the product................................ 9 Download and install the product extensions.................... 9 Install the product through McAfee epo Software Manager.............. 10 Register an AWS account.............................. 11 Registered AWS account details......................... 13 Deploy the software to client systems......................... 14 Uninstall the software................................ 15 Uninstall the software from managed client systems................ 15 Uninstall the extension............................ 16 3 Encrypting your volumes 17 Preset options................................... 17 Encrypt volumes.................................. 17 Refresh status of volumes.............................. 18 View encryption history............................... 19 4 Reports and dashboards 21 Reports...................................... 21 Queries and reports.............................. 21 Run a query................................. 21 Public Cloud dashboard............................... 22 View the dashboard................................. 23 Index 25 McAfee Data Protection for Cloud 1.0.1 Product Guide 3

Contents 4 McAfee Data Protection for Cloud 1.0.1 Product Guide

Preface This guide provides the information you need to work with your McAfee product. Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Conventions This guide uses these typographical conventions and icons. Book title, term, emphasis Bold User input, code, message Interface text Hypertext blue Title of a book, chapter, or topic; a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; a code sample; a displayed message. Words from the product interface like options, menus, buttons, and dialog boxes. A link to a topic or to an external website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. McAfee Data Protection for Cloud 1.0.1 Product Guide 5

Preface Find product documentation Find product documentation After a product is released, information about the product is entered into the McAfee online Knowledge Center. Task 1 Go to the Knowledge Center tab of the McAfee ServicePortal at http://support.mcafee.com. 2 In the Knowledge Base pane, click a content source: Product Documentation to find user documentation Technical Articles to find KnowledgeBase articles 3 Select Do not clear my filters. 4 Enter a product, select a version, then click Search to display a list of documents. 6 McAfee Data Protection for Cloud 1.0.1 Product Guide

1 Introduction 1 McAfee Data Protection for Cloud encrypts data to protect it from data theft and data loss, exclusively for the public cloud environment. Contents Why you need Data Protection for Cloud How we protect your cloud volumes Components and what they do Product features Why you need Data Protection for Cloud The public cloud environment is exposed to many vulnerabilities including data theft and loss of data. Data Protection for Cloud safeguards your data from these critical risks. How we protect your cloud volumes Data Protection for Cloud creates a new encrypted volume, copies the content from the old volume to the new volume, and detaches the old volume using AWS API that are registered, and managed by McAfee epolicy Orchestrator (McAfee epo ) software. Data Protection for Cloud supports Amazon EBS (Elastic Block Store) volumes only. Components and what they do Each component performs specific functions to discover, manage, and encrypt your cloud volumes. Data Protection for Cloud The encryption application allows you to encrypt your EBS volumes of the registered AWS cloud account with the AWS Application Programming Interface (API). Amazon Web Services Amazon Web Services is a collection of web services that make up the cloud computing solution offered by Amazon. Amazon Web Services provides a reliable, scalable, low-cost infrastructure platform in the cloud environment. Data Center Connector for AWS The Data Center Connector for AWS allows you to register AWS account information and manage the cloud volumes. McAfee Data Protection for Cloud 1.0.1 Product Guide 7

1 Introduction Product features epolicy Orchestrator McAfee epo provides a scalable platform for centralized policy management and enforcement of your security products and the systems where they reside. It also provides comprehensive reporting and product deployment capabilities, all through a single point of control. Product features These features protect data volumes present in the registered AWS public cloud account. Volume encryption Data Protection for Cloud creates a new encrypted volume, copies the content from the old volume to the new volume, and deletes the old volume using AWS API. You can also retain the old volume. This feature is fully functional with clients from a different VPC/ Region/ AWS account. Encryption status Data Protection for Cloud provides detailed encryption status of the data volumes in real time. Encryption history Encryption history shows the status of all past encryption actions and their results up to the present date and time. Volume details The volume details page provides detailed information about the registered cloud volumes. Details about both encrypted and non-encrypted volumes in your environment can be obtained. Public cloud dashboard This dashboard displays the status and number of encrypted volumes, and the non-encrypted volumes in the form of widgets. One widget provides encryption details per cloud volume, and the other widget provides encryption details per cloud VM. Status update The Refresh Status option provides the latest information about the volumes from client systems. This feature is fully functional with clients from a different VPC/ Region/ AWS account. 8 McAfee Data Protection for Cloud 1.0.1 Product Guide

2 Installation 2 Install Data Protection for Cloud on the McAfee epo server, and deploy the software to the client systems. Contents System requirements Installing the product Register an AWS account Deploy the software to client systems Uninstall the software System requirements Make sure that your system environment meets these requirements and that you have administrator rights. Component Version Operating systems Microsoft Windows Windows 2008, Windows 2008 R2, Windows 2012, Windows 2012 R2 McAfee epo 4.6.8, 5.1, 5.3 McAfee Agent 4.8, 5.0.1 AWS extension 3.6.1 Linux (HVM) and (PV) RHEL 6, 6.x, 7, SLES 11, 12, Ubuntu server 12, 14, 15, Amazon Linux 14, Oracle Linux 6, CENT 7 We recommend installing the latest version of Bash. For details about system requirements and instructions for setting up the McAfee epo environment, see the product documentation for your version of McAfee epo. Installing the product You have two methods to install the product through McAfee epo. You can download and install the extensions, or you can install the product through Software Manager. Download and install the product extensions Download and install the McAfee Public Cloud Server Security suite or the McAfee Server Security Advanced suite on the McAfee epo server. The suites consists of both the product extensions and the product deployment packages. McAfee Data Protection for Cloud 1.0.1 Product Guide 9

2 Installation Installing the product These are the components that make up both the suites: Public Cloud Security extension Amazon 3.6.1 extension Data Protection for Cloud 1.0.1 extension Data Protection for Cloud 1.0.1 deployment package (Windows) Data Protection for Cloud 1.0.1 deployment package (Linux) Task 1 From the McAfee download site (http://www.mcafee.com/us/downloads/), use your grant number and click McAfee Public Cloud Server Security suite or the McAfee Server Security Advanced suite. 2 From the list, download the software package (Public Cloud Server Security or the Server Security Advanced) for your version of McAfee epo. The packages are: Public_Cloud_Security_ePO_4.6.x.zip. Public_Cloud_Security_ePO_5.x.zip. 3 Log on to the McAfee epo server as an administrator. 4 Select Menu Software Extensions Install Extension. 5 Browse to and select the extension file, then click OK. For McAfee epo 4.6.8, unzip Public_Cloud_Security_ePO_4.6.x.zip and install the extension Public_Cloud_Security_Extensions_ePO_4.6.x.zip. You must extract and check in the software deployment packages separately. For details about how to check in the software deployment packages to McAfee epo 4.6.x, see the documentation or Help for that version of McAfee epo. For McAfee epo 5.x, install Public_Cloud_Security_ePO_5.x.zip. The software deployment packages are automatically checked in to the Master Repository. The Install Extension page displays the installed extension's name and version details. The Public Cloud Security package is installed. Install the product through McAfee epo Software Manager You can install the product using the Software Manager of McAfee epo. Task For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Software Software Manager. 3 From the Product Categories list, select the Data Protection for Cloud extensions from Software (By Label) Endpoint Security Management Extension, then click Check in. The product is installed through Software Manager. 10 McAfee Data Protection for Cloud 1.0.1 Product Guide

Installation Register an AWS account 2 Register an AWS account Using Data Center Connector for AWS, register an AWS account with McAfee epo so that McAfee epo communicates with the AWS cloud. Before you begin Make sure that you have your AWS account and its details ready. AWS users must have an access key ID and a secret access key set up for them in the AWS console. AWS users must have at least read-only permissions for the EC2 (Elastic Cloud Compute) web service. If you are using McAfee Data Protection for Cloud, you must be a power user so that you can create, attach, detach, or delete any volume. To create power users and to assign a power user policy to an user in AWS, see this McAfee KnowledgeBase article: KB83814 The Registered Cloud Accounts option is available only after installing the Data Center Connector extension. Task For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Configuration Registered Cloud Accounts, then click Actions Add Cloud Account to open the Add Cloud Account page. McAfee Data Protection for Cloud 1.0.1 Product Guide 11

2 Installation Register an AWS account 3 From the Choose Connector drop-down list on the Description page, select Amazon Web Service, then click OK. 4 On the AWS Account Details page, type these details: Name Type a name for the AWS account in McAfee epo. Account names can include characters a-z, A Z, 0 9, and [_.-], without space. Access Key Id Type the access key ID used by AWS connector to log on to AWS. Secret Access Key Type the secret access key used by AWS connector to log on to AWS. Each user can be configured to have an Access Key ID and Secret Access key in the AWS console. Tags List of McAfee epo tags that are applied on VMs discovered for this AWS account. Tag name can include characters a-z, A Z, 0 9, and [_.-], with space. For details about tag usage, see the product documentation for your version of McAfee epo. Sync interval (In Minutes) Specify the interval for McAfee epo to AWS synchronization. 5 Enable the GovCloud option if the AWS account belongs to the AWS GovCloud (US) region. For other users, leave it deselected. 6 Click Validate Parameters to validate the account details and verify the connection to the AWS cloud. 12 McAfee Data Protection for Cloud 1.0.1 Product Guide

Installation Register an AWS account 2 7 (Optional) Deploy McAfee Agent to the registered VMs, select Auto deploy McAfee Agent on VMs, and type the credentials to deploy the McAfee Agent package. Make sure that the McAfee epo server and the VMs in the AWS cloud can communicate with each other. 8 Click Save to register the cloud account. This action registers the AWS cloud and imports all discovered VMs, which are unmanaged, into the System Tree. The instances are imported with the structure and hierarchy of the AWS cloud. The VMs that are already added and managed by McAfee epo are retained with the existing policy settings. The connector adds the virtualization properties for these VMs. 9 View the imported VMs: select Menu Systems System Tree in McAfee epo. After the discovery, you can find your AWS account under the group AWS. The virtual machines from AWS are logically grouped with the hierarchy AWS Cloud account name Region Avalibilty zone instances. If you create a custom group below the AWS account group and move an availability zone to that group, then this change is not preserved. After the subsequent sync, the availability zone is restored to its original location. All VMs under the custom group are moved to their original position. The custom group remains in its place and is empty. Registered AWS account details After configuring and registering the AWS account with McAfee epo, the account details of the registered AWS accounts are displayed in McAfee epo. Property Name Type Last Successful Sync Description Name of the AWS account. Type of Data Center Connector. Displays the date and time when the last successful synchronization between McAfee epo and AWS occurred. McAfee Data Protection for Cloud 1.0.1 Product Guide 13

2 Installation Deploy the software to client systems Property Last Sync Status Total VMs Running VMs Managed VMs Auto Deploy MA Tags Actions Description Displays the last synchronization status, including Sync Scheduled, Success, In Progress, and Failure. Hover your mouse over this property to know the start and end times of your account synchronization. If your account synchronization is in progress, you can see the sync start time. Displays the number of VMs discovered for this account. Displays the number of VMs that are up and running in this account. Displays the number of VMs that are managed by McAfee epo. Specifies if the administrator has enabled the Auto deploy McAfee Agent task for the registered AWS account. Displays the tags of the VMs. You can edit, delete, and synchronize the AWS account using McAfee epo. When you delete an account, you have these options: Delete System Tree group corresponding to this account Deletes all virtual machines and groups from this account. Delete Tags Deletes the McAfee epo tags for this account. If you do not select any of these options, this action deletes only the account details. You can retrieve the details of the registered Data Center by running the Data Centers query under Menu Reporting Queries and Reports McAfee Groups Data Center. You can use the Automatic Responses feature of McAfee epo to log events in the Audit Log. You can also configure automatic email responses, if there are any synchronization status changes for any cloud account. From Menu Automation Automatic Responses, you can select Cloud Account Sync Failure Event or Cloud Account Sync Success Event to trigger an action. Your response can include these actions Create issue or Send Email. For details about automatic responses, see Events and Responses in the product guide for your version of McAfee epo. Deploy the software to client systems The McAfee epo infrastructure allows you to deploy the Data Protection for Cloud to your managed systems from a central location. Before you begin You must have administrator rights to perform this task. Task For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Policy Client Task Catalog, select McAfee Agent for the product and Product Deployment for the task type, and select DPC_Deployment_Task_For_Windows_1.0.1 for Windows or DPC_Deployment_Task_For_Linux_1.0.1 for Linux. 14 McAfee Data Protection for Cloud 1.0.1 Product Guide

Installation Uninstall the software 2 3 On the Client Task Catalog page: a Under Products and components, select McAfee Data Protection for Cloud <build number> to specify the version of the product to be deployed for Windows or Linux. b c Set the action to Install, then select the language of the package and the branch. (Windows only) Next to Options, select if you want to run this task for every policy enforcement process, then click Save. 4 Select Menu Systems System Tree Systems. 5 Select the system where you want to deploy the product, then click Actions Agent Modify tasks on a single system. 6 Click Actions New Client Task Assignment. For McAfee epo 5.1, you can use the default task. For McAfee epo 4.6.x, continue with the procedure to create a client task of your own. 7 On the Select Task page: a Select McAfee Agent as the product and Product Deployment as the task type, then select the task you created for deploying the product. b c d Next to Tags, select the platforms where you want to deploy the packages, then click Next. Send this task to all computers and Send this task to only computers that have the following criteria links are displayed. Select the links to configure their criteria. On the Schedule page, select whether the schedule is enabled, specify the schedule details, then click Next. 8 Review the summary, then click Save. Uninstall the software Uninstall Data Protection for Cloud from the managed client systems and remove the extension from the McAfee epo server. Uninstall the software from managed client systems Create a client task on the McAfee epo to remove Data Protection for Cloud from the managed client systems. Task For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Systems Section System Tree, then select a group or systems. 3 Select the Assigned Client Tasks tab, then click New Client Task Assignment. McAfee Data Protection for Cloud 1.0.1 Product Guide 15

2 Installation Uninstall the software 4 Complete these options, then click Create New Task. Select McAfee Agent for the product. Select Product Deployment for the task type. 5 On the Client Task Catalog page: a Type a name for the task. b c Select Windows or Linux as the target platform. In Products and components, select Data Protection for Cloud (Windows) <build_number> or Data Protection for Cloud (Linux) <build_number>, select Remove as action, then click Save. 6 On the Client Task Assignment Builder page: a Select the task, then click Next. b c Schedule the task to Run immediately. Click Next to view a summary of the task, then click Save. 7 In the System Tree, select the systems or groups where you assigned the task, then click Wake Up Agents. 8 Select Force complete policy and task update, then click OK. Uninstall the extension Uninstall the software extension from the McAfee epo server. Task For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Software Extensions. 3 In the left pane, select Data Center Security group, then select Data Protection for Cloud and click Remove. 4 Select Force removal, bypassing any checks or errors, then click OK. The software extension is uninstalled. Encryption history is removed when the Data Protection for Cloud extension is removed from McAfee epo. Do not manually remove the product packages from Master Repository if you are using Public_Cloud_Security_ePO_5.x.zip. The product extensions and packages are removed automatically when the meta extension is uninstalled. 16 McAfee Data Protection for Cloud 1.0.1 Product Guide

3 Encrypting 3 your volumes Encrypt your attached volumes and view the encryption status and results through the Encryption History feature. Contents Preset options Encrypt volumes Refresh status of volumes View encryption history Preset options The product interface provides preset options to show the attached volumes of different categories and criteria. The preset options are: All Data Volumes (Default) Lists all data volumes from the selected region and zone of the registered cloud account. Root volumes are not shown when this preset option is used. All Volumes Lists all volumes from the selected region and zone of the registered cloud account. Not Encrypted Lists the volumes from the selected region and zone of the registered cloud account that can be encrypted, but are not encrypted. This category includes: Volumes that are qualified for an encryption. Volumes where, Data Protection for Cloud is not found in their client systems, that cannot be encrypted even after Data Protection for Cloud is installed on the client system. Encrypted Lists the encrypted volumes from the selected region and zone of the registered cloud account. Cannot Encrypt Lists the volumes from the selected region and zone of the registered cloud account where encryption is not possible because: Volumes are multi-partitioned. Volumes are an unsupported AWS instance type. Volumes are root volumes. Encrypt volumes You can start encrypting the volumes when the installation is complete, and the AWS accounts are registered. McAfee Data Protection for Cloud 1.0.1 Product Guide 17

3 Encrypting your volumes Refresh status of volumes Task For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Systems Section Data Protection for Cloud. This page displays all regions and zones from the registered AWS cloud account under the Volume Tree. 3 From the Volume Tree, select any of the regions, and then select a zone listed under the registered AWS cloud account name. You can view the volumes by selecting the regions or the zones displayed under the AWS account. Selecting a region shows all volumes of all available zones under that region. Data Protection for Cloud lists the status of your volumes based on these preset options. All Data Volumes (Default) Encrypted All Volumes Cannot Encrypt Not Encrypted 4 Encrypt volumes that are listed under Not Encrypted. a b Under Preset, select Not Encrypted to list the non-encrypted volumes. From the list, select the volumes that you want to encrypt. 5 Click Actions, then select Encrypt Volume. Encrypt Volume is enabled only when you select a volume. 6 (Optional) From the message that is displayed, select Retain original unencrypted volume as a backup. The newly created volumes and detached volumes are tagged with a unique ID. 7 Select a key from the Master Key list (Only "Enabled" keys from a selected region are displayed), then click OK. You can create and customize the keys with your AWS account on the AWS console. These keys allow you to configure access permissions and usage rights. The Encryption Status of the volume is now changed to Encrypted. The encryption progress is shown as a percentage under the Details column from the Data Protection for Cloud (DPC) main page. You can also view the encryption details from the Encryption History page. Refresh status of volumes You can refresh the status of all volumes attached to the client systems and get the latest information. 18 McAfee Data Protection for Cloud 1.0.1 Product Guide

Encrypting your volumes View encryption history 3 Task For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Systems Section Data Protection for Cloud. The Data Protection for Cloud page displays all regions and zones from the registered AWS cloud account under the Volume Tree. 3 Select the volumes of the client systems to be refreshed by selecting the region or zone, then click Refresh Status from the same page or from Actions. The Refresh Status option is enabled only when you select a volume. The volume status of the client systems is refreshed and the latest information is updated. View encryption history You can see the encryption results and the post-encryption status of all volumes that were encrypted. Task For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Open the Encryption History page using one of these methods: Select Menu Systems Section Encryption History. From the Data Protection for Cloud (DPC) page, select Encryption History. This page provides all necessary information about the past encryption action up to the present date and time. McAfee Data Protection for Cloud 1.0.1 Product Guide 19

3 Encrypting your volumes View encryption history 20 McAfee Data Protection for Cloud 1.0.1 Product Guide

4 Reports 4 and dashboards Dashboards, which are comprised of monitors, help you track the real-time encryption status of the volumes and instances. Contents Reports Public Cloud dashboard View the dashboard Reports You can use predefined queries, edit them, or create queries from events and properties stored in the McAfee epo database. You can't edit predefined queries in McAfee epo version 5.1 and later. To create custom queries, your assigned permission set must include the ability to create and edit private queries. Queries and reports Run predefined queries to generate reports, or change them to generate custom reports. Query Data Protection Per Cloud VM Data Protection Per Cloud Volume Description A pie chart of encrypted and non-encrypted VM. A pie chart of encrypted and non-encrypted volumes from the registered cloud account. Run a query Run queries to generate reports based on data from Data Protection for Cloud. Task For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Reporting Queries & Reports. 3 From McAfee Groups in the Groups pane, select the Public Cloud group. 4 Select a query from the Queries list, then click Actions Run. 5 Select the item in the results list to view the details. McAfee Data Protection for Cloud 1.0.1 Product Guide 21

4 Reports and dashboards Public Cloud dashboard Public Cloud dashboard The dashboard displays a monitor based on the default Data Protection for Cloud software queries. The Public Cloud dashboard is added to your McAfee epo server when you install the Public Cloud Security package. Dashboards The dashboard shows the encryption status of the volumes, whether they are encrypted or not encrypted. It also shows the number of volumes that are encrypted and not encrypted. The two main Data Protection for Cloud monitors are Data Protection Per Cloud Volume and Data Protection Per Cloud VM. This widget provides information that includes attached, unattached, root, and data volumes. If all data volumes in a system are encrypted, the system is considered to be encrypted. If a system has only one encrypted volume, the system is considered to be encrypted. If there is one or more unencrypted data volumes in a system, the system is considered to be unencrypted. 22 McAfee Data Protection for Cloud 1.0.1 Product Guide

Reports and dashboards View the dashboard 4 View the dashboard You can monitor the status of the data volumes from a registered AWS cloud account, in the form of widgets from the Public Cloud dashboard. Task For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Reporting Dashboards, then select Public Cloud from the dashboard selection list. You can see the default monitors for Data Protection for Cloud. You can view the encrypted and non-encrypted volume details by clicking the Data Protection for Cloud widgets. McAfee Data Protection for Cloud 1.0.1 Product Guide 23

4 Reports and dashboards View the dashboard 24 McAfee Data Protection for Cloud 1.0.1 Product Guide

Index A about this guide 5 accounts, registering 11 AWS 11 AWS (Amazon Web Services) account 11 AWS account editing and deleting 13 registering 11 C components 9 connector, choosing 11 conventions and icons used in this guide 5 D dashboard 22 displaying AWS details 13 protection status 11 tags 13 documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 E encryption history 8 performing encryption 17 status 8 volume encryption 17 encryption history 19 F features 8 H history 19 I installation checking in 9 deploying software to client systems download site 9 extensions 9 requirements 9 Software Manager 10 M McAfee ServicePortal, accessing 6 P presets all volumes 17 cannot encrypt 17 encrypted 17 not encrypted 17 public cloud dashboard 22 public cloud security 9 R refresh status 8 reports and queries 21 requirements 9 S ServicePortal, finding product documentation 6 status encryption 22 refresh 18 T tags defining 11 deleting 13 technical support, finding product information 6 V virtual machines trust status 11 McAfee Data Protection for Cloud 1.0.1 Product Guide 25

Index virtual properties, displaying 11 volume encryption 8 volumes refresh 18 26 McAfee Data Protection for Cloud 1.0.1 Product Guide

0-00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback