跳转至主要内容
  • 快速、轻松地下订单
  • 查看订单并跟踪您的发货状态
  • 创建并访问您的产品列表
某些文章编号可能已更改。如果这不是您要查找的内容,请尝试搜索所有文章。搜索文章

Dell Encryption Enterprise / Dell Data Protection Enterprise Edition Authentication Options

摘要: There are several supported activation workflows to authenticate Dell Encryption Enterprise with the Dell Data Security server.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。

症状

This article defines the supported activation workflows for Dell Encryption Enterprise (formerly Dell Data Protection | Enterprise Edition) and Dell Encryption External Media (formerly Dell Data Protection | External Media Edition).


Affected Products:

Dell Encryption Enterprise
Dell Data Protection | Enterprise Edition
Dell Encryption External Media
Dell Data Protection | External Media Edition

Affected Operating Systems:

Windows


原因

Not applicable.

解决方案

Dell Encryption Enterprise can authenticate with a Dell Data Security server by one of several authentication workflows. For more information, select the appropriate workflow.

Active Directory-based activation is Dell Encryption Enterprise’s default method of validating user accounts for policy-based encryption. The Dell Encryption network provider filter captures authentication information during login. This is securely sent to the Dell Data Security (formerly Dell Data Protection) server. The server validates the credentials against the configured Active Directory domains.

Note: In environments using a remote LDAP service (Azure Active Directory, Okta, Duo), the Dell Data Security server requires a local domain controller for proper authentication to Active Directory. The local domain controller must be specified within the Domain settings for that environment in the Dell Data Security server. For more information, reference the Domain Access section for your server version in How to Configure the Dell Data Security / Dell Data Protection Server Administration Console.

Opt-in (deferred) activation allows the Active Directory user account that is used during activation to be independent of the account that is used to log in to the endpoint. Instead of the network provider capturing the authentication information, the user instead manually specifies the Active Directory-based account when prompted. Once the credentials are entered, the authentication information is securely sent to the Dell Security Management server. The server then validates it against the configured Active Directory domains.

Opt-in deferred activation

This workflow can be enabled either During Installation or Post-Install, including after the device has been activated for a new user. For more information, select the appropriate method.

To enable opt-in activation:

The child installer may be run with the OPTIN=1 parameter to enable opt-in activation.

Note: Dell Encryption Enterprise must be downloaded and extracted from the Master Installer.

To enable opt-in activation:

  1. Right-click the Windows start menu and then click Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. In the Registry Editor, go to HKEY_LOCAL_MACHINE\Software\Dell\Dell Data Protection\Encryption.

Encryption key

  1. Right-click the Encryption folder, select New, and then click DWORD (32-bit) Value.

DWORD (32-bit) Value

  1. Name the DWORD value OPTIN.

OPTIN

  1. Double-click OPTIN.

Double-clicking OPTIN

  1. In Value data, delete the 0, populate the field with 1, and then click OK.

Value Data

  1. Reboot the device. The opt-in prompt appears on reboot.

Opt-in deferred activation prompt

Server encryption activation allows a single Active Directory user account to be defined for the endpoint, comparable to the opt-in activation workflow. Once the user is defined with certificate-based activation, Dell Encryption generates a synthetic user account. The synthetic account is bound to the provided username and password to validate with Active Directory. This synthetic account is used for all key unlocks. The key unlocks are then performed by a certificate validation to the back-end server using TLS with mutual authentication.

This workflow can be enabled either During Installation or Post-Install before the device has been activated. For more information, select the appropriate method.

Warning: This mode can either be enabled during the installation of the application, or after installation but before activation.
 
Note:
  • Server encryption activation requires communication directly to the back-end server to validate the certificate that is assigned to the synthetic user. These certificate validation processes cannot be proxied through a front-end server.
  • By default, the single Active Directory user must also be a domain administrator. This can be modified with configuration.

To enable server encryption mode activation:

The child installer may be run with the SERVERMODE=1 parameter to enable server encryption mode activation.

Note: Dell Encryption Enterprise must be downloaded and extracted from the Master Installer.

To enable server encryption mode activation:

  1. Right-click the Windows start menu and then click Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. In the Registry Editor, go to HKEY_LOCAL_MACHINE\Software\Credant\CMGShield.

CMGShield key

  1. Right-click the Encryption folder, select New, and then click DWORD (32-bit) Value.

DWORD (32-bit) Value

  1. Name the DWORD value SM.

SM

  1. Double-click SM.

Double-clicking SM

  1. In Value data, delete the 0, populate the field with 1, and then click OK.

Value data

  1. Reboot the device.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

其他信息

 

视频

 

受影响的产品

Dell Encryption
文章属性
文章编号: 000124736
文章类型: Solution
上次修改时间: 20 12月 2022
版本:  12
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。