Passer au contenu principal
Quitter

Bienvenue dans l’univers Dell

Mon compte
  • Passer des commandes rapidement et facilement
  • Afficher les commandes et suivre l’état de votre expédition
  • Créez et accédez à une liste de vos produits
  • Gérer vos sites, vos produits et vos contacts au niveau des produits Dell EMC à l’aide de la rubrique Gestion des informations de l’entreprise.
Se connecter Créer un compte Connexion au compte Premier Connexion au programme de partenariat
Certains numéros d’article ont peut-être changé. Si ce n’est pas ce que vous recherchez, essayez de faire une recherche sur tous les articles. Rechercher des articles

Numéro d’article: 000124736

Dell Encryption Enterprise / Dell Data Protection Enterprise Edition Authentication Options

Résumé: There are several supported activation workflows to authenticate Dell Encryption Enterprise with the Dell Data Security server.

Cet article a peut-être été traduit automatiquement. Si vous avez des commentaires concernant sa qualité, veuillez nous en informer en utilisant le formulaire au bas de cette page.

Contenu de l’article

Symptômes

This article defines the supported activation workflows for Dell Encryption Enterprise (formerly Dell Data Protection | Enterprise Edition) and Dell Encryption External Media (formerly Dell Data Protection | External Media Edition).

Affected Products:

Dell Encryption Enterprise
Dell Data Protection | Enterprise Edition
Dell Encryption External Media
Dell Data Protection | External Media Edition

Affected Operating Systems:

Windows

Cause

Not applicable.

Résolution

Dell Encryption Enterprise can authenticate with a Dell Data Security server by one of several authentication workflows. For more information, select the appropriate workflow.

Active Directory-based activation is Dell Encryption Enterprise’s default method of validating user accounts for policy-based encryption. The Dell Encryption network provider filter captures authentication information during login. This is securely sent to the Dell Data Security (formerly Dell Data Protection) server. The server validates the credentials against the configured Active Directory domains.

Note: In environments using a remote LDAP service (Azure Active Directory, Okta, Duo), the Dell Data Security server requires a local domain controller for proper authentication to Active Directory. The local domain controller must be specified within the Domain settings for that environment in the Dell Data Security server. For more information, reference the Domain Access section for your server version in How to Configure the Dell Data Security / Dell Data Protection Server Administration Console.

Opt-in (deferred) activation allows the Active Directory user account that is used during activation to be independent of the account that is used to log in to the endpoint. Instead of the network provider capturing the authentication information, the user instead manually specifies the Active Directory-based account when prompted. Once the credentials are entered, the authentication information is securely sent to the Dell Security Management server. The server then validates it against the configured Active Directory domains.

Opt-in deferred activation

This workflow can be enabled either During Installation or Post-Install, including after the device has been activated for a new user. For more information, select the appropriate method.

To enable opt-in activation:

The child installer may be run with the OPTIN=1 parameter to enable opt-in activation.

Note: Dell Encryption Enterprise must be downloaded and extracted from the Master Installer.

To enable opt-in activation:

  1. Right-click the Windows start menu and then click Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. In the Registry Editor, go to HKEY_LOCAL_MACHINE\Software\Dell\Dell Data Protection\Encryption.

Encryption key

  1. Right-click the Encryption folder, select New, and then click DWORD (32-bit) Value.

DWORD (32-bit) Value

  1. Name the DWORD value OPTIN.

OPTIN

  1. Double-click OPTIN.

Double-clicking OPTIN

  1. In Value data, delete the 0, populate the field with 1, and then click OK.

Value Data

  1. Reboot the device. The opt-in prompt appears on reboot.

Opt-in deferred activation prompt

Server encryption activation allows a single Active Directory user account to be defined for the endpoint, comparable to the opt-in activation workflow. Once the user is defined with certificate-based activation, Dell Encryption generates a synthetic user account. The synthetic account is bound to the provided username and password to validate with Active Directory. This synthetic account is used for all key unlocks. The key unlocks are then performed by a certificate validation to the back-end server using TLS with mutual authentication.

This workflow can be enabled either During Installation or Post-Install before the device has been activated. For more information, select the appropriate method.

Warning: This mode can either be enabled during the installation of the application, or after installation but before activation.
 
Note:
  • Server encryption activation requires communication directly to the back-end server to validate the certificate that is assigned to the synthetic user. These certificate validation processes cannot be proxied through a front-end server.
  • By default, the single Active Directory user must also be a domain administrator. This can be modified with configuration.

To enable server encryption mode activation:

The child installer may be run with the SERVERMODE=1 parameter to enable server encryption mode activation.

Note: Dell Encryption Enterprise must be downloaded and extracted from the Master Installer.

To enable server encryption mode activation:

  1. Right-click the Windows start menu and then click Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. In the Registry Editor, go to HKEY_LOCAL_MACHINE\Software\Credant\CMGShield.

CMGShield key

  1. Right-click the Encryption folder, select New, and then click DWORD (32-bit) Value.

DWORD (32-bit) Value

  1. Name the DWORD value SM.

SM

  1. Double-click SM.

Double-clicking SM

  1. In Value data, delete the 0, populate the field with 1, and then click OK.

Value data

  1. Reboot the device.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Informations supplémentaires

 

Vidéos

 

Propriétés de l’article

Produit concerné

Dell Encryption

Dernière date de publication

20 Dec 2022

Version

12

Type d’article

Solution

Haut de la page