Вы находитесь на странице: 1из 3

Security

Simplified Drive
Encryption
for Dell Latitude
Notebooks
Dell™ Latitude ™ D630 and Latitude D830 notebooks By Brian Berger

with Seagate® Momentus® hard drives and EMBASSY®


management software from Wave Systems offer a
comprehensive, simplified, hardware-based encryption
solution to help protect critical data.

D
eploying encryption in an enterprise envi- make supporting users at remote locations as easy
ronment can be critical to maintaining as supporting those at an enterprise’s headquarters,
effective security, but can also be compli- and helping prevent users or remote administrators
cated to set up—requiring significant advance plan- from inadvertently compromising data security.
ning, coordination, and time. To help simplify this And because the drive encryption is designed to
task, Dell Latitude D630 and Latitude D830 note- be constantly enabled, these features also help sim-
books with Seagate Momentus FDE.2 hard drives plify compliance with data protection laws and
and EMBASSY management software from Wave regulations.
Systems allow administrators to rapidly set up and
enable hardware-based drive encryption and bypass Assessing the network environment
Related Categories: time-consuming procedures such as running the EMBASSY management software from Wave

Dell Latitude notebooks


chkdsk utility—a process that can potentially take Systems works in tandem with Seagate Momentus

Security
several hours on a typical 160 GB drive. FDE.2 drives in Dell Latitude D630 and Latitude

Wave Systems
These data protection features are designed to D830 notebooks to help maximize security in envi-
be not only powerful, but also easy to use, compre- ronments based on Windows operating systems
Visit DELL.COM/PowerSolutions
for the complete category index. hensively integrated, and scalable. The drive is and the Microsoft Active Directory® directory ser-
designed to encrypt all files copied to it with a key vice. EMBASSY Remote Administration Server
stored in a secure area of the drive, without the per- (ERAS) is designed to integrate into existing Active
formance overhead associated with software-based Directory domains, essentially adding a second
solutions for secure read and write operations. For layer of protection to these Latitude notebooks by
end users, a provided password can be easily syn- adding user-based authentication to the drive. A
chronized with an existing Microsoft® Windows® OS simple administration console allows administrators
password, helping minimize the need for training familiar with Microsoft Management Console (MMC)
and help-desk assistance and potentially making snap-ins for Active Directory to easily grant permis-
data protection as simple as closing the notebook sions to existing users and perform many other
after use. For administrators, robust reporting tools drive-related tasks.
can provide detailed event logs indicating whether Typically, a simple way to implement this technol-
preboot authentication has been enabled, helping ogy in an existing infrastructure is to acquire Latitude

Reprinted from Dell Power Solutions, May 2008. Copyright © 2008 Dell Inc. All rights reserved. DELL.COM/PowerSolutions 101
Security

D630 and Latitude D830 notebooks from


Dell and select the encrypted hard drive
option during purchase, which includes a Wave Systems
Seagate Momentus FDE.2 drive and precon- Wave Systems server software client software

figured EMBASSY Trusted Drive Manager


ERAS EMBASSY TDM
(TDM) client components in the system.
ERAS is also available through Dell. After Microsoft Active Directory Graphical user
and Group Policy Object interface
adding the client to the domain, administra-
tors can remotely initialize the drive and
ERAS management Middleware
manage it through ERAS. For existing software
Latitude D630 and Latitude D830 note-
books as well as Latitude models D530, WMI
D531, D620, D631, and D820, administrators
can replicate the contents of a standard
drive to a Seagate Momentus FDE.2 drive
and install the TDM software, enabling the Figure 1. EMBASSY software from Wave Systems for Dell Latitude D630 and Latitude D830 notebooks with
system to communicate with ERAS for fur- encrypted Seagate Momentus hard drives
ther configuration.
■■ A system running Windows Server ■■ Microsoft .NET Framework 2.0
Creating a robust 2003 or Windows XP with SP2 and ■■ Microsoft ASP.NET 2.0 Web Service
management infrastructure the MMC snap-in (to utilize the remote extension enabled in the IIS Web ser-
ERAS enables administrators to manage console) vices extension list
Dell Latitude D630 and Latitude D830 ■■ MMC 3.0 ■■ Microsoft Windows Support Tools
notebooks with Seagate Momentus ■■ Microsoft Group Policy Management
FDE.2 drives across a network within a Console 3.0 After ERAS has been installed on a
domain (see Figure 1). Using ERAS ■■ Microsoft SQL Server® 2005 Express Windows Server 2003 system, administra-
requires the following: Edition, Standard Edition, Workgroup tors should configure the server and client
Edition, or Enterprise Edition database systems to belong to the same domain.
■■ Any edition of the Microsoft Windows platform Installing ERAS on the server requires a
Server® 2003 OS with Service Pack 1 ■■ Microsoft Internet Information Services local administrator with administrative
(SP1) or later (IIS) 6.0 privileges in SQL Server and domain privi-
leges to create the required accounts and
user groups and make entries in Active
Directory. Administrators can integrate
ERAS with Active Directory or manage it
through an XML ERAS policy file in con-
junction with the SQL Server database.
After the TDM software has been installed
on the Latitude D630 or Latitude D830
notebook, administrators can use Group
Policy to push a Windows Management
Instrumentation (WMI) file down to these
client systems, and then use the ERAS
console to manage them (see Figure 2).

Configuring and managing


encrypted clients
ERAS is designed to support Dell Latitude
D630 and Latitude D830 notebooks
through their complete life cycle, from
Figure 2. Management console for EMBASSY Remote Administration Server from Wave Systems drive deployment to management to

102 DELL POWER SOLUTIONS | May 2008 Reprinted from Dell Power Solutions, May 2008. Copyright © 2008 Dell Inc. All rights reserved.
disposal. The first step in activating the

“The drive is designed to encrypt all


drive encryption is to set up preboot
authentication, which administrators can
do by initializing the drive. Users must files copied to it with a key stored in
then log in during the preboot process to
a secure area of the drive, without the
gain access to the drive. Administrators
can provide multiple users with access to performance overhead associated with
a given client system, or use the drive software-based solutions for secure
properties window in ERAS to perform
read and write operations.”
other management functions.
Administrators can use the Security
Control window in ERAS (accessed
through the drive properties window) to be used on any system connected to the Protecting critical
access the cryptographic erase feature, domain (see Figure 3). For example, admin- enterprise data
which allows them to quickly erase drives istrators might provide this designated Deploying drive encryption has typi-
remotely from the server to help prevent access to an office manager when the cally been a time-consuming task for
dissemination of confidential information normal IT staff members are not available. enterprise IT administrators. Dell
on an encrypted Latitude D630 or Latitude Administrators can also use ERAS to Latitude D630 and Latitude D830 note-
D830 notebook. They can then rapidly manage embedded security technology for books with Seagate Momentus FDE.2
re-image and redeploy the drive—a task Trusted Platform Modules (TPMs). TPMs hard drives and EMBASSY management
that may take several hours with typical are chips integrated into select Dell sys- software from Wave Systems offer a
software-based disk encryption. tems that function like embedded smart comprehensive, simplified solution for
When end users forget their password, cards, and can be used to generate encryp- securing client systems, enabling admin-
administrators can also use the ERAS tion or authentication keys and help istrators to rapidly deploy and manage
Security Control window for password securely store certificates and other critical encrypted drives to help protect critical
recovery to help regain drive access, a fea- information. ERAS offers similar initializa- enterprise data.
ture that does not require a connection to tion and management features for TPMs as
the network. The ERAS Help Desk feature it does for the encrypted drives in Latitude Brian Berger is the executive vice presi-
also offers a way for end users to retrieve D630 and Latitude D830 notebooks. dent of marketing and sales for Wave
passwords by providing direct physical By combining both technologies, ERAS Systems, where he is responsible for devel-
access to the server through a standard helps provide a comprehensive solution for oping and implementing the company’s
Web browser, a feature that can typically securing enterprise systems. trusted computing strategy. Brian is a
director for the Trusted Computing Group
and serves as chair of the organization’s
Marketing Working Group. He holds sev-
eral patents, has a B.A. degree, and
attended the Harvard Business School
Executive Education program.

QUICK LINK

Dell Latitude notebooks:


DELL.COM/Latitude
Figure 3. Help Desk Web browser–based interface for EMBASSY Remote Administration Server from Wave
Systems

Reprinted from Dell Power Solutions, May 2008. Copyright © 2008 Dell Inc. All rights reserved. DELL.COM/PowerSolutions 103

Вам также может понравиться