Getting Started Dell Data Security Implementation Services November 2020 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2012-2020 Dell Inc. All rights reserved.
Contents Chapter 1: Implementation Phases................................................................................................ 4 Chapter 2: Kick-off and Requirements Review.............................................................................. 5 Client Documents................................................................................................................................................................ 5 Server documents.....................................................
1 Implementation Phases The basic implementation process includes these phases: ● Perform Kick-off and Requirements Review ● Complete Preparation Checklist - Initial Implementation or Preparation Checklist - Upgrade/Migration ● Install or Upgrade/Migrate one of the following: ○ Security Management Server ■ ■ Centralized management of devices A Windows-based application that runs on a physical or virtualized environment.
2 Kick-off and Requirements Review Before installation, it is important to understand your environment and the business and technical objectives of your project, to successfully implement Dell Data Security to meet these objectives. Ensure that you have a thorough understanding of your organization's overall data security requirements. The following are some common key questions to help the Dell Client Services Team understand your environment and requirements: 1. 2. 3. 4. 5. 6. 7.
Encryption Enterprise (Mac) - See the Encryption Enterprise for Mac Administrator Guide at www.dell.com/support/ home/us/en/04/product-support/product/dell-data-protection-encryption/manuals. Includes installation and deployment instructions. Endpoint Security Suite Enterprise (Windows) - See the documents at: www.dell.com/support/home/us/en/19/productsupport/product/dell-dp-endpt-security-suite-enterprise/manuals.
3 Preparation Checklist - Initial Implementation Based on the Dell Server you deploy, use the appropriate checklist to ensure you have met all prerequisites before beginning to install Dell Encryption or Endpoint Security Suite Enterprise.
UAC is disabled before installation on Windows Server 2012 R2 when installing in C:\Program Files. The server must be rebooted for this change to take effect. (see Windows Control Panel > User Accounts). ● Windows Server 2012 R2 - the installer disables UAC. ● Windows Server 2016 R2 - the installer disables UAC. NOTE: UAC is no longer force-disabled unless a protected directory is specified for the install directory.
The license file is an XML file located on the FTP site in the Client Licenses folder. NOTE: If you purchased your licenses on-the-box, no license file is necessary. The entitlement is automatically downloaded from Dell upon activation of any new Encryption Personal, Encryption Enterprise, or Endpoint Security Suite Enterprise client.
Security Management Server Virtual Initial Implementation Checklist Proof of Concept environment cleanup is complete (if applicable)? The proof of concept database and application have been backed up and uninstalled (if using the same server) before the installation engagement with Dell. For more instruction on an uninstall, see https:// www.dell.
See Security Management Server Virtual Architecture Design. DNS alias created for Security Management Server Virtual and/or Policy Proxies with Split DNS for internal and external traffic? It is recommended that you create DNS aliases, for scalability. This will allow you to add additional servers later or separate components of the application without requiring client update. DNS aliases are created, if desired. Suggested DNS aliases: ● Security Management Server: dds.
4 Preparation Checklist - Upgrade/Migration This checklist applies only to Security Management Server. NOTE: Update Security Management Server Virtual from the Basic Configuration menu in your Dell Server Terminal. For more information, see Security Management Server Virtual Quick Start and Installation Guide. Use the following checklist to ensure you have met all prerequisites before beginning to upgrade Encryption or Endpoint Security Suite Enterprise.
The entire existing installation is backed up to an alternate location. The backup should include the SQL database, secretKeyStore, and configuration files. Ensure that these most critical files, which store information necessary to connect to the database, are backed up: \Enterprise Edition\Compatibility Server\conf\server_config.xml \Enterprise Edition\Compatibility Server\conf\secretKeyStore \Enterprise Edition\Compatibility Server\conf\gkres
Submit any specific Change Control requirements for the installation of Encryption or Endpoint Security Suite Enterprise to Dell Client Services prior to the installation engagement. These requirements may include changes to the application server(s), database, and client workstations. Test Hardware prepared? Prepare at least three computers with your corporate computer image to be used for testing. Dell recommends that you not use productions computers for testing.
5 Architecture This section details architecture design recommendations for Dell Data Security implementation. Select the Dell Server you will deploy: ● Security Management Server Architecture Design ● Security Management Server Virtual Architecture Design Security Management Server Virtual Architecture Design The Encryption Enterprise and Endpoint Security Suite Enterprise solutions are highly scalable products, based on the number of endpoints targeted for encryption in your organization.
Ports The following table describes each component and its function.
Name Default Port Description Access Group Service TCP/ Manages various permissions and group access for various Dell Security products. 8006 NOTE: Port 8006 is not currently secured. Ensure this port is properly filtered through a firewall. This port is internal only. Compliance Reporter HTTP(S)/ 8084 Provides an extensive view of the environment for auditing and compliance reporting. NOTE: Port 8084 should be filtered through a firewall. Dell recommends this port be internal only.
Name Default Port Description and STOMP/ Compatibility Server for Policy Proxy queuing. 61613 (closed or, if configured for DMZ, 61613 is open) NOTE: Port 61616 should be filtered through a firewall. Dell recommends this port be internal only. NOTE: Port 61613 should only be opened to Security Management Servers configured in Front-End mode. Identity Server 8445 (closed) Handles domain authentication requests, including authentication for SED Management.
Name Default Port Description Client Authentication HTTPS/ Allows client servers to authenticate against Dell Server. 8449 Required for Server Encryption Security Management Server Architecture Design Encryption Enterprise and Endpoint Security Suite Enterprise solutions are highly scalable products, based on the number of endpoints targeted for encryption in your organization. Architecture Components Below are suggested hardware configurations that suit most environments.
NOTE: If the organization has more than 20,000 endpoints, please contact Dell ProSupport for assistance. Ports The following table describes each component and its function.
Name Default Port Description ACL Service TCP/ Manages various permissions and group access for various Dell Security products. 8006 NOTE: Port 8006 is not currently secured. Ensure this port is properly filtered through a firewall. This port is internal only. Compliance Reporter HTTP(S)/ 8084 Provides an extensive view of the environment for auditing and compliance reporting. NOTE: Port 8084 should be filtered through a firewall. Dell recommends this port be internal only.
Name Default Port Description Message Broker Service TCP/ and STOMP/ Handles communication between services of the Dell Server. Stages policy information created by the Compatibility Server for Policy Proxy queuing. 61613 Requires SQL database access. 61616 NOTE: Port 61616 should be filtered through a firewall. Dell recommends this port be internal only. NOTE: Port 61613 should only be opened to Security Management Servers configured in Front-End mode.
Name Default Port Description Client Authentication HTTPS/ Allows client servers to authenticate with Dell Server. Required for Server Encryption.
6 SQL Server Best Practices The following list explains SQL Server best practices, which should be implemented when Dell security is installed if not already implemented. 1. Ensure the NTFS block size where the data file and log file reside is 64 KB. SQL Server extents (basic unit of SQL storage) are 64 KB. For more information, search Microsoft's TechNet articles for "Understanding Pages and Extents." 2.
7 Example Customer Notification Email After you purchase Dell Data Security, you will receive an email from DellDataSecurity@Dell.com. Below is an example of the email, which will include your CFT credentials and License Key information.
