This article defines the supported activation workflows for Dell Encryption Enterprise (formerly Dell Data Protection | Enterprise Edition) and Dell Encryption External Media (formerly Dell Data Protection | External Media Edition).
Affected Products:
Dell Encryption Enterprise
Dell Data Protection | Enterprise Edition
Dell Encryption External Media
Dell Data Protection | External Media Edition
Affected Operating Systems:
Windows
Not applicable.
Dell Encryption Enterprise can authenticate with a Dell Data Security server by one of several authentication workflows. For more information, select the appropriate workflow.
Active Directory-based activation is Dell Encryption Enterprise’s default method of validating user accounts for policy-based encryption. The Dell Encryption network provider filter captures authentication information during login. This is securely sent to the Dell Data Security (formerly Dell Data Protection) server. The server validates the credentials against the configured Active Directory domains.
Opt-in (deferred) activation allows the Active Directory user account that is used during activation to be independent of the account that is used to log in to the endpoint. Instead of the network provider capturing the authentication information, the user instead manually specifies the Active Directory-based account when prompted. Once the credentials are entered, the authentication information is securely sent to the Dell Security Management server. The server then validates it against the configured Active Directory domains.
This workflow can be enabled either During Installation or Post-Install, including after the device has been activated for a new user. For more information, select the appropriate method.
The child installer may be run with the OPTIN=1
parameter to enable opt-in activation.
regedit
and then press OK. This opens the Registry Editor.HKEY_LOCAL_MACHINE\Software\Dell\Dell Data Protection\Encryption
.OPTIN
.OPTIN
.0
, populate the field with 1
, and then click OK.Server encryption activation allows a single Active Directory user account to be defined for the endpoint, comparable to the opt-in activation workflow. Once the user is defined with certificate-based activation, Dell Encryption generates a synthetic user account. The synthetic account is bound to the provided username and password to validate with Active Directory. This synthetic account is used for all key unlocks. The key unlocks are then performed by a certificate validation to the back-end server using TLS with mutual authentication.
This workflow can be enabled either During Installation or Post-Install before the device has been activated. For more information, select the appropriate method.
The child installer may be run with the SERVERMODE=1
parameter to enable server encryption mode activation.
regedit
and then press OK. This opens the Registry Editor.HKEY_LOCAL_MACHINE\Software\Credant\CMGShield
.SM
.SM
.0
, populate the field with 1
, and then click OK.To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.