Dell Data Guardian Windows, Mac, Mobile, and Web Administrator Guide v2.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2016-2019 Dell Inc. All rights reserved.Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction................................................................................................................................. 5 Before You Begin................................................................................................................................................................... 5 Contact Dell ProSupport......................................................................................................................................................
Install Data Guardian for Web............................................................................................................................................ 28 Open the Management Console........................................................................................................................................30 Data Guardian Basic Terminal Configuration Tasks........................................................................................................ 30 Change Host Name.
1 Introduction All policy information and their descriptions are found in the AdminHelp. Topics: • • Before You Begin Contact Dell ProSupport Before You Begin 1. Before you begin, confirm the correct environment for your enterprise and complete any setup: Hosted Dell Security Center On-prem Dell Management Server A hosted Software as a Service (SaaS) solution for managing Dell An on-prem Server located within the enterprise network for Data Security software. managing Dell Data Security software.
2 Requirements Dell Server Data Guardian for Windows, Mac, and Mobile requires Security Management Server or Security Management Server Virtual v9.6 or higher. The Data Guardian web client requires Security Management Server or Security Management Server Virtual v9.8 or higher. For the purposes of this document, both Servers are referred to as Dell Server, unless a specific version needs to be cited (for example, a procedure is different using Security Management Server Virtual).
In addition, if running MSI, you must also install Visual Studio 2010 Tools for Office Runtime (x86 and x64). General prerequisite Microsoft .Net 4.7.2 (or later) is required for Data Guardian. However, this may not be pre-installed on computers shipped from the Dell factory. Also, if you are not installing on Dell hardware or are upgrading Data Guardian on older Dell hardware, you should verify which version of .
Microsoft Office • Office 365 ProPlus: versions 1705, 1708, and 1803 (Semi-Annual Channel) Data Guardian for Mac The following lists supported hardware for the Mac client. Mac Hardware • Intel Core 2 Duo, Core i3, Core i5, Core i7, or Xeon processor • 2 GB RAM • 10 GB free disk space Operating Systems The following lists supported operating systems. Mac Operating Systems • macOS Sierra 10.12.6 • macOS High Sierra 10.13.6 • macOS Mojave 10.14.4 - 10.14.
Data Guardian for Mobile Application The following lists operating systems supported with Data Guardian for Mobile. Android Operating Systems • 5.0—5.1.1 Lollipop • 6.0—6.0.1 Marshmallow • 7.0—7.1.2 Nougat • 8.0—8.1 Oreo • 9.0 Pie iOS Operating Systems • iOS 10.x—10.3.3 • iOS 11.x—11.4.1 • iOS 12.x—12.3 Chromebook Operating System Chrome OS version M53 or higher is required to run Android applications on Chrome OS.
Virtualized Environments • VMware ESXi 6.7 • • • • • • • • • 64-bit x86 CPU required Host computer with at least two cores 8 GB RAM minimum recommended An Operating System is not required See http://www.vmware.com/resources/compatibility/search.php for a complete list of supported Host Operating Systems Hardware must conform to minimum VMware requirements 4 GB minimum RAM for dedicated image resource See http://pubs.vmware.com/vsphere-67/index.
Language Support • EN - English • JA - Japanese • ES - Spanish • KO - Korean • FR - French • PT-BR - Portuguese, Brazilian • IT - Italian • PT-PT - Portuguese, Portugal (Iberian) • DE - German Requirements 11
3 Configure and Install Data Guardian on Windows Topics: • • • • • • • Data Guardian Client Registry Settings Configure an On-prem Server for Data Guardian Install Data Guardian Set GPO on Domain Controller to Enable Entitlements Uninstall Data Guardian View Reports Data Guardian Troubleshooting Data Guardian Client Registry Settings This section details all Dell ProSupport approved registry settings for local client computers, regardless of the reason for the registry setting.
Inform users which your Data Guardian options your enterprise uses. Configure Dell Security Management Server Virtual for Data Guardian To configure the Dell Security Management Server Virtual to support Data Guardian, in the Management Console, configure the Data Guardian policies: • • Protected Office Documents - Enterprise level only - You must set this policy to On in order to use other Data Guardian policies. See AdminHelp to determine additional policies to set.
NOTE: DataGuardianUpdate is used in this example, but you can choose any name. 3. Place the updated executables in the DataGuardianUpdate folder. 4. Create a versions.xml file in the DataGuardianUpdate folder. 5. Open versions.xml with a text editor and verify the file name path is correct for your environment. Sample: PAGE 15Full Access List - Grants registration and all file access for a user or domain. If a user or domain is also on the blacklist, no access is granted. 4. In the Enter Domain/Email field, enter either the user's domain to set access for the entire domain, or email address to set access only for that user. NOTE: For external mobile users in a hosted environment, the email must be in lowercase. 5. Click Add.
Hosted Dell Security Center On-prem Dell Management Server A hosted Software as a Service (SaaS) solution for managing Dell An on-prem Server located within the enterprise network for managing Dell Data Security software. Data Security software. a. Select Hosted Dell Security Center. b. Optionally, if your enterprise is multi-tenant, enter an Installation ID.
• Parameters for Hosted Dell Security Center Parameters for Dell Server (On-prem) - .exe or .msi (for Workspace ONE) INSTALL_ID= (For a multi-tenant environment.
Value type: REG_SZ Value data: 7. Click OK. 8. Log out and then back into the workstation, or run gpupdate /force to apply the group policy. Uninstall Data Guardian • If a user has a local administrator account, they can uninstall Data Guardian. See the Data Guardian User Guide for information. This section describes the administrator process for uninstalling Data Guardian.
View Log Files • Click View Log from the bottom-left corner of the Details screen. Log files can be also be found at C:\ProgramData\Dell\Data Guardian. Protected Office document logs files are located in the Custom.xml folder. Troubleshoot Auto-Activation Issues If Data Guardian does not auto-activate for several users, you can change the Data Guardian Client Registry Settings. You should also check the aliases on the Dell Server: 1.
4 Configure and Install Data Guardian on Mac Data Guardian for Mac is designed for sharing files within cloud encryption providers. However, if Protected Office Documents policies are enabled for Macs, all file auditing and traceability is lost if the file is saved by the user to the local Mac. If strict file auditing and traceability is needed in your organization, set the Allow Mac Data Guardian Activation policy to Not Selected to prevent Data Guardian from activating on Macs.
Set Up the Security Server to Allow Cloud Client Downloads (On-prem only) Before performing these tasks, confirm the following: • Install the Dell Server and its components. See one of these: • • Security Management Server Installation and Migration Guide • Security Management Server Virtual Quick Start Guide and Installation Guide Assign an appropriate Dell administrator role from the Administrators page in the Management Console. Security Management Server 1.
User Type Enter All organization.com email addresses organization.com A specific user jdoe@organization.com All Gmail users gmail.com Blacklist The blacklist prevents specific users or groups of users from registering with the Dell Server and using Data Guardian. Users whose email addresses are entered in the blacklist receive a message stating that they cannot register for Data Guardian. NOTE: If a user is already registered, this list does not prevent them from using Data Guardian.
Best Practices During deployment, be sure to follow IT best practices. This includes, but is not limited to: • • Controlled test environments for initial tests Staggered deployments to users Install Client At this point, users who were added to the whitelist can register at: https://yoursecurityservername.domain.com:8443/cloudweb/ register. After registering, the user receives an email directing them to https://yoursecurityservername.domain.com:8443/cloudweb to log in and download the appropriate client.
• • 10. 11. 12. 13. Click Install, then go to step 10. Click Change Install Location. a. On the Destination Select window, select all users. Currently, this is the only option. b. Click Continue. c. Click Install, then go to step 10. In the dialog, enter your user name and password and click Install Software. On the Summary window, click Close. When prompted, either keep the .pkg file or move it to Trash.
7. Paste the certificate to Keychains > System. 8. When prompted for credentials, enter your administrator user name and password. End User Activation (On-prem) Activation for On-prem Dell Management Server With on-prem, after you open Dell Data Guardian for the first time, you must log in to activate: 1. In Finder, select Applications, and double-click Dell Data Guardian. 2. When the Credentials window opens, enter the Dell Server address, for example, company.server.com).
1. In the left pane, select the cloud storage provider. 2. A window opens, prompting for your credentials. Enter your credentials. When authenticated, the cloud storage provider name is activated. Uninstall Data Guardian This section describes the administrator process to uninstall Data Guardian. You must have a local administrator account to perform the uninstallation. If a user has a local administrator account, they can uninstall Data Guardian for Mac themselves.
1. Use these commands: • rm -R ~/Applications/Data\ Guardian.app • rm -R ~/Library/Application Support/Dell/DataGuardian 2. Remove the DellDataGuardian folder.
5 Configure and Install Data Guardian for the Web Client This web client allows users to view a protected Office document or .xen file without installing the Data Guardian client. As a general rule, Dell recommends installing the Dell Server first.
10. If you have multiple nodes and a load balancer, enter a Load Balancer hostname. 11. In the Configure Network Settings dialog, choose either option below, then select OK. • • (Default) Use DHCP (Recommended) In the Use DHCP field, press the space bar to remove the X and manually enter these addresses, as applicable: Static IP Network Mask Default Gateway DNS Server 1 DNS Server 2 DNS Server 3 NOTE: When using a static IP, you must also create a host entry in the DNS server.
• • • For a multiple nodes, the URL is in this format: https://loadBalancerName/ where nodename reflects the load balancer hostname entered in the Configure Hostname screen. To access the Server in the future for updates to this VM or to check the logs, you must enable SSH for this VM. Select Basic Configuration > SSH Settings to enable SSH for a ddgsupport user. In the Management Console, if you modify any node-based web portal policies, you must reboot the applicance. See Reboot the Appliance.
• • ddgconsole (shell access) - This user has Data Guardian shell access. Shell access is available for a network administrator to check and troubleshoot network connectivity. ddgsupport (Dell ProSupport administrator) - This user has "sudo" rights and should be used sparingly. For security purposes, you control the password for this account. 1. From the Basic Configuration menu, select Change User Passwords. 2. In the Change User Passwords screen, select user password to change and select Enter. 3.
1. In the Main Menu, select Set Language. 2. Use the arrow keys to select the preferred language. Generate a System Snapshot Log To generate a System Snapshot Log for Dell ProSupport, in the Main Menu, select Support Tools. 1. From the Support Tools menu, select Generate System Snapshot Log. 2. At the indication that the file is created, select OK.