SafeGuard Easy Demo guide

SafeGuard Easy Demo guide
SafeGuard Easy
Demo guide
Product version: 6
Document date: February 2012
Contents
1 Introduction..............................................................................................................................................3
2 Requirements............................................................................................................................................4
3 The demo configuration package ............................................................................................................5
4 Install the demo software..........................................................................................................................6
5 What to expect once the software has been installed..............................................................................7
6 What to expect from the full version.....................................................................................................19
7 Upgrading to the full version.................................................................................................................23
8 Uninstalling the demo software.............................................................................................................25
9 Technical support....................................................................................................................................26
10 Legal notices..........................................................................................................................................27
2
Demo guide
1 Introduction
This document guides you through the demo version of the SafeGuard Disk Encryption client.
The demo version enables you to test the SafeGuard full disk encryption and cloud storage
encryption process, including the installation and use of the Power-on Authentication (POA,
authentication in the pre-boot phase).
This demo serves as a client demo for Sophos SafeGuard (SafeGuard Easy). Sophos SafeGuard
(SafeGuard Easy) provides full disk encryption and file-based encryption of data stored in the
cloud for local hard drives. In addition, Sophos SafeGuard supports Lenovo fingerprint
authentication, non-cryptographic tokens and external hard drives as well as a runtime environment
to have two encrypted Windows installations in parallel on the same computer. Encryption policy
configuration is carried out using SafeGuard Policy Editor. For deploying policies to the endpoint
computers, a licensed SafeGuard Policy Editor is required.
For further information, see http://www.sophos.com/products/enterprise/encryption/safeguard-easy/.
For evaluating the SafeGuard Disk Encryption client, a demo configuration package with
preconfigured policy settings is provided, see The demo configuration package (page 5). These
policy settings cannot be edited within this demo version. The demo configuration package has
to be deployed on a test computer with a Sophos SafeGuard 6 client installation, see Install the
demo software (page 6).
You can find the demo configuration package SGNDemoClientConfig.msi in the install folder of
the Sophos SafeGuard product delivery. The demo configuration package is also available for
download from https://secure.sophos.com/products/enterprise/free-trials/safeguard-easy/.
If you are interested in security beyond local disk encryption, SafeGuard Enterprise is the product
to go for. SafeGuard Enterprise is the flagship encryption product of Sophos, adding Active
Directory integrated online central management, reporting, multi-factor authentication (through
Lenovo fingerprint, smartcards or crypto tokens) and advanced key management for removable
media encryption and port control. For SafeGuard Enterprise, a separate demo version is available,
including the SafeGuard Management Center and all modules. Please contact a Sophos sales
representative to receive this demo. For further information on SafeGuard Enterprise, see
http://www.sophos.com/products/enterprise/encryption/safeguard-enterprise/.
Once you have completed your evaluation, you will want to move to a full version of the SafeGuard
encryption solution. You can upgrade the demo client to SafeGuard Easy or SafeGuard Enterprise.
For a short overview on what to expect from licensed versions, see What to expect from the full
version (page 19).
3
SafeGuard Easy
2 Requirements
For installing the SafeGuard Disk Encryption Demo configuration package
SGNDemoClientConfig.msi on a test computer, the following prerequisites apply:
■
Sophos SafeGuard client with Device Encryption and Cloud Storage is installed.
■
The Sophos SafeGuard client must not have been configured using a regular client configuration
package created with a licensed SafeGuard Policy Editor.
For installing the Sophos SafeGuard client with Device Encryption and Cloud Storage, the following
system requirements apply:
■
Windows XP SP2 or later (32 bit)
■
Windows Vista SP1 (32 bit)
■
Windows Vista SP1 (64 bit)
■
Windows 7 (32 or 64 bit)
■
Minimum 1 GB RAM
■
Minimum 1 GB of free disk space
■
IDE or SATA drive (no SCSI). For hardware compatibility information, see
http://www.sophos.com/support/knowledgebase/article/107781.html
■
If you are running Lenovo Rescue and Recovery, make sure that version 4.21 or later is in use.
If in doubt regarding the supported platform, you can install the software. The installation process
will let you know if a problem is encountered and back out of the operation.
Note:
The 64 bit installer is a separate download from sophos.com.
Before you install the software make sure that you have administrative rights for the computer on
which you want to install it.
Note:
This software is provided for evaluation purposes only and must not be used on production
computers. To upgrade from demo to full version, valid licenses are required. For further
information, see Upgrading to the full version (page 23).
4
Demo guide
3 The demo configuration package
For evaluating the SafeGuard Disk Encryption client, a demo configuration package with
preconfigured policy settings is provided. This configuration package has to be deployed on a test
computer with a Sophos SafeGuard client installation including Device Encryption and Cloud
Storage, see Install the demo software (page 6).
You can find the demo configuration package SGNDemoClientConfig.msi in the install folder of
the Sophos SafeGuard product delivery. The demo configuration package is also available for
download from https://secure.sophos.com/products/enterprise/free-trials/safeguard-easy/.
The demo configuration package includes the following configuration:
■
All internal drives are encrypted.
■
File-based encryption of data on internal drives for cloud storage with the cloud storage provider
Dropbox is enabled and preconfigured.
■
Any user with Windows administrator rights can uninstall the software.
■
The Local Self Help recovery mechanism for logon recovery in case of forgotten passwords is
enabled and preconfigured.
■
Smartcard/token logon is disabled.
■
Any user may import further SafeGuard users to enable them to log on at the Power-on
Authentication.
Note:
These preconfigured settings cannot be edited within this demo version.
5
SafeGuard Easy
4 Install the demo software
1. Install the Sophos SafeGuard (SafeGuard Easy) client including Device Encryption and Cloud
Storage on the test computer. Select an installation of type Complete to install both modules.
For further information, refer to the SafeGuard Easy Startup Guide.
2. Install the demo configuration package SGNDemoClientConfig.msi on the test computer.
If you try to install the demo configuration package without having installed the Sophos
SafeGuard client first, an error message is displayed. The same applies, if the client has already
been configured with a regular configuration package created with a licensed SafeGuard Policy
Editor.
3. Restart the test computer.
6
Demo guide
5 What to expect once the software has been installed
After you have restarted the test computer, the first screen you see is the legal notice screen. This
is an optional policy feature that you can enable when you roll out Sophos SafeGuard in your
environment. In the full version of the product, the text is fully customizable. For now, read the
legal notice and click OK.
5.1 Windows XP
5.1.1 If you already have a Windows password set
1. The Windows logon screen is displayed.
2. Enter your Windows credentials and log on to Windows
At this point, SafeGuard Disk Encryption synchronizes your Windows credentials with its Power-on
Authentication (POA) system.
Note:
SafeGuard Disk Encryption uses your Windows credentials for its Power-on Authentication.
You should activate Local Self Help now in order to have a recovery mechanism should you forget
your credentials, see Activate Local Self Help (page 10).
7
SafeGuard Easy
5.1.2 If you do not have a Windows password set
If you did not configure a Windows password, you are now prompted to do so.
1. An Invalid Password message is displayed followed by the Change dialog for defining a
password.
2. As you do not have a password, leave the Old Password field blank.
3. In the New Password field, type a word or phrase that you will remember. Repeat it in the
Confirmation field.
You must remember the password in order to access the encrypted drive and start the computer.
You should activate Local Self Help now in order to have a recovery mechanism should you forget
your credentials, see Activate Local Self Help (page 10).
5.2 Windows Vista and Windows 7
Windows Vista and Windows 7 have a different authentication mechanism than Windows XP. If
you are using these operating systems, the following behavior can be expected.
5.2.1 If you already have a Windows password set
1. After the operating system loads you are passed straight to the desktop, just as before. Only
this time, the following dialog is displayed:
2. Enter your password.
8
Demo guide
The desktop loads and SafeGuard Disk Encryption synchronizes your credentials. Next time you
restart the computer you can log on to the Power-on Authentication with these credentials.
If for some reason you do not see the key-hole icon, select Switch user and select this icon before
logging on.
You should activate Local Self Help now in order to have a recovery mechanism should you forget
your credentials, see Activate Local Self Help (page 10).
5.2.2 If you do not have a Windows password set
After you select OK in the legal notice dialog, Windows loads and you are taken directly to the
desktop as usual. Due to the demo configuration, your Windows credentials must be synchronized
with the Power-on Authentication mechanism.
Note:
SafeGuard Disk Encryption uses your Windows credentials for its Power-on Authentication.
1. For synchronization, the Sophos SafeGuard Logon dialog is displayed.
2. As you have no password, simply click OK.
A Sophos SafeGuard Password Change message is displayed.
This happens because SafeGuard Disk Encryption does not accept a zero length password.
3. Click OK.
You are now prompted to change your password. The Change dialog for defining a password
is displayed.
As you do not have a password, leave the Old Password field blank.
4. In the New Password field, type a word or phrase that you will remember. Repeat it in the
Confirmation field.
You must remember the password in order to access the encrypted drive and start the computer.
You should activate Local Self Help now in order to have a recovery mechanism should you forget
your credentials, see Activate Local Self Help (page 10).
5.3 Hard drive encryption process
When you have logged on to Windows, a tab is displayed in the task bar:
Click this tab to see the initial encryption progress.
9
SafeGuard Easy
Note:
During initial encryption, you may experience a slowdown in system performance.
At this point you can continue to work or shut down the computer. If you shut down the computer,
the initial encryption process continues where it left off.
5.4 Activate Local Self Help
After you have logged on to your desktop, a message is displayed:
This is an advisory message to let you know that you can now activate Local Self Help. Local Self
Help allows you to recover your forgotten logon credentials by answering questions for which you
had previously provided answers during Local Self Help Activation.
To activate Local Self Help:
1. Right-click on the shield icon in your task bar and select Local Self Help.
10
Demo guide
2. You are prompted to re-enter your credentials:
3. Enter your Windows user name and password and click Next.
11
SafeGuard Easy
4. This page provides a status. Click Next.
12
Demo guide
5. In the Predefined Questions dialog, select a language in the Theme drop-down list. You can
now start to answer the questions.
Keep in mind that the answers are case sensitive.
Note:
For Japanese, the appropriate language support must be installed under Windows XP. Otherwise,
the Japanese questions may not be displayed correctly.
Once you have answered six questions the status at the bottom of the dialog changes.
13
SafeGuard Easy
6. Click Next and then Finish.
Local Self Help is activated.
14
Demo guide
5.5 Next time you restart
Next time you restart the computer the Power-on Authentication is enabled. The first screen is
the legal notice.
1. Click Accept to proceed.
In the full product, both the legal notice and the following dialogs seen here are customizable
allowing you to minimize the visual impact on your end users. Naturally, in this demo version
the impact is highly visible and not configurable.
15
SafeGuard Easy
2. Once you have passed the legal notice, you can log on to the Power-on Authentication. Enter
your credentials in the fields provided and click OK.
SafeGuard Disk Encryption validates the credentials and then allows Windows to load. Until you
enter a valid set of credentials, the data on the drive will be inaccessible to anyone.
At this point, there is nothing else that needs to be done to configure the software. The exact
functionality available in the full version depends on which version of the product (SafeGuard
Easy or SafeGuard Enterprise) you purchase. You can find full details on the Sophos web site.
5.6 Password recovery with Local Self Help
If you have forgotten the password that you used to access Windows when configuring SafeGuard
Disk Encryption, you can recover your password with Local Self Help. If you have followed the
steps described in this guide, you will have activated Local Self Help for logon recovery, see Activate
Local Self Help (page 10).
16
Demo guide
To recover your system if you have forgotten your password:
1. Enter your user name and select Recovery.
2. The Local Self Help Welcome dialog is displayed. This dialog provides a short description of
the next steps. Click Next.
3. You are now asked to answer three out of the six questions you answered during configuration.
The answers are case sensitive. You must answer all three correctly in order to proceed. If you
get an answer wrong, SafeGuard treats this as a failed logon attempt. For security reasons, the
system does not indicate which question was answered incorrectly.
4. After you have answered all questions correctly, you can click the blue box to be reminded of
your password or simply click OK to be allowed access to Windows.
5.7 Encryption for Cloud Storage
SafeGuard Cloud Storage offers file-based encryption of data stored in the cloud. Local copies of
your newly created cloud data is encrypted transparently without any user interaction and remains
encrypted when it is stored in the cloud. The way you usually work with data stored in the cloud
does not change. You still use the same vendor specific synchronization applications to send data
to or receive data from the cloud.
Encrypted files will be synchronized to the cloud. Encrypted files received from the cloud can be
modified by applications as usual.
In this demo version, file-based encryption for the cloud storage provider Dropbox is enabled and
preconfigured. In the full version, a wide range of cloud storage providers, such as Microsoft
SkyDrive or Egnyte is supported.
1. If not available on the test computer, install Dropbox and create a folder that is to be
synchronized with Dropbox (Cloud Storage synchronization folder).
17
SafeGuard Easy
2. SafeGuard Portable, an application that can be used to read encrypted files on Windows
computers that do not have SafeGuard Cloud Storage installed, is copied to the synchronization
folder.
3. Create and save a file with an application of your choice in this folder.
All newly created subfolders/files in the Cloud Storage synchronization folder will be encrypted
transparently and synchronized to the cloud.
Note: All files copied to the Cloud Storage synchronization folder will be encrypted accordingly.
Already existing files will not be intially encrypted.
4. To access encrypted data stored in the cloud from at home or exchange encrypted data in the
cloud by using a shared folder in your cloud storage, define a local key: Right-click the Sophos
SafeGuard system tray icon on the Windows taskbar and select Create new key.
5. In the Create Key dialog, enter a Name and a Passphrase for the key. The internal name of
the key is displayed in the field below. Confirm the passphrase.
The passphrase of a local key allows access to files that have been encrypted using this specific
key. You or any recipient can decrypt encrypted data and encrypt it again with the passphrase.
6. To encrypt different subfolders of your cloud storage using different keys, you can set separate
default keys for each folder. This is useful when working with different partners that should
access different parts of your cloud storage. Right-click the respective synchronization subfolder
and select File encryption > Set default key. Select the local key you want to use.
The key you select in this dialog is used for all subsequent encryption processes in your Cloud
Storage synchronization folder.
18
Demo guide
6 What to expect from the full version
The following sections provide a short overview on the functionality and benefits of the full versions
of SafeGuard Easy and SafeGuard Enterprise.
Please use sophos.com or contact your local sales representative if you are interested in learning
more about the SafeGuard product portfolio or want to order the fully licensed version.
6.1 Main benefits of licensing the full version
This demo version just gives you a small glimpse of the full disk encryption capabilities of the
SafeGuard product range.
Upgrading to a full product version allows you to
■
have full control over the encryption policies including encryption of additional drives and
configuration of background bitmap as well as user notifications.
■
have full control over the SafeGuard Cloud Storage encryption policy supporting a wide range
of cloud storage providers. A separate license is required for Cloud Storage encryption.
■
make use of additional recovery methods in case of forgotten passwords (Challenge/Response)
and help when restoring broken operating system installations even on encrypted drives with
the Windows PE based Virtual Client bootable recovery image.
■
optionally use Opal-compliant, self-encrypting hard disks managed by SafeGuard with all
pre-boot and management options offered by the SafeGuard software solution.
■
add smartcard, token and/or biometric authentication options.
■
add online management including Active Directory synchronization, management API, central
logging, reporting and key management (SafeGuard Enterprise).
■
optionally add additional functional module for removable media encryption including optical
media (SafeGuard Data Exchange). When upgrading to SafeGuard Enterprise, file-based
encryption of data on local hard disks and network shares (SafeGuard File Share), port and
device control (SafeGuard Configuration Protection) and BitLocker management (SafeGuard
PartnerConnect) are available.
■
receive product updates and support around the globe from Sophos and Sophos partners.
6.2 Management variants to choose from
SafeGuard Easy is managed in the so-called standalone mode, where policies are created on a
reference client and deployed via any third party deployment mechanism. With this demo version
you can evaluate a SafeGuard Easy client. Upgrade to the full version requires installing the
SafeGuard Policy Editor and importing a valid license. Afterwards, you can create a licensed
configuration package and deploy it to demo clients.
19
SafeGuard Easy
The following diagram illustrates the SafeGuard Easy management mode:
SafeGuard Enterprise is managed online via a web service mechanism that also allows Active
Directory import, central logging and status reporting along with further security modules like
SafeGuard Data Exchange for group-based removable media encryption and SafeGuard
Configuration Protection for port and device control. Upgrade from this demo version requires
installing the SGN management server and the SafeGuard Management Center and deploying a
licensed configuration package to demo clients. They will then become managed clients which
connect to the SGN Server.
The following diagram illustrates SafeGuard Enterprise online management. In addition, in a
managed SGN scenario, a subset of the clients can also be managed in the so-called offline mode
which would then be identical to the SafeGuard Easy scenario shown in the previous diagram.
20
Demo guide
6.3 Sample screens of the management variants
The following figure shows the SafeGuard Policy Editor for SafeGuard Easy.
Note:
The interface elements for Active Directory, Security Officer management, reports, keys and
certificates etc. are neither necessary nor present in the standalone mode, as opposed to the
SafeGuard Enterprise Management Center.
The following screenshot shows Users and Computers management in the SafeGuard Management
Center.
21
SafeGuard Easy
22
Demo guide
7 Upgrading to the full version
Once you have completed your evaluation you will want to move to a full version of the SafeGuard
encryption solution.
You can upgrade the demo client to
■
SafeGuard Easy, see Upgrade to a Sophos SafeGuard client (page 23).
■
SafeGuard Enterprise, see Upgrade to a SafeGuard Enterprise client (page 23).
For upgrading, you need valid licenses. Please contact your local sales represenative to obtain
them.
To upgrade, create a new configuration package with the relevant licensed management tool and
deploy it on the computer.
Note:
You do not have to remove the demo version beforehand.
Note:
You cannot upgrade a demo client to a newer full version. You must first upgrade the demo client
to a licensed client of the same version and then update it to the new version.
7.1 Upgrade to a Sophos SafeGuard client
1. Ensure that a licensed SafeGuard Policy Editor is available.
For detailed information on how to install and configure a licensed SafeGuard Policy Editor,
refer to the SafeGuard Easy Startup Guide.
2. In the SafeGuard Policy Editor, create a new configuration package.
For detailed information, refer to the SafeGuard Easy Startup Guide.
3. Deploy the new configuration package on the test computer.
After you have upgraded to the full version, an automatic key backup is initiated. Users imported
during evaluation are not removed and will still have access to the computer. For further
information refer to the SafeGuard Easy Administrator Help and User Help.
7.2 Upgrade to a SafeGuard Enterprise client
1. Ensure that a licensed SafeGuard Management Center is available.
For detailed information on how to install and configure SafeGuard Enterprise and a licensed
SafeGuard Management Center, refer to the SafeGuard Enterprise Installation Guide.
23
SafeGuard Easy
2. In the SafeGuard Management Center, create a new configuration package.
For detailed information, refer to the SafeGuard Enterprise Installation Guide.
3. Deploy the new configuration package on the test computer.
After you have upgraded to the full version, an automatic key backup is initiated. The Power-on
Authentication switches back to autologon and the first Windows user who logs on becomes the
machine’s owner. For further information, refer to the SafeGuard Enterprise Administrator Help
and User Help.
24
Demo guide
8 Uninstalling the demo software
Should you choose not to upgrade the demo version to a full version, you can remove the demo
software from the test computer as follows.
Note:
For upgrading to a full version, it is not necessary to uninstall the demo software first, see Upgrading
to the full version (page 23). Please use sophos.com or contact your local sales representative if
you are interested in learning more about the SafeGuard product portfolio or want to order the
full license version.
1. Open Add/Remove Programs.
2. Remove the "Sophos SafeGuard 6.0 Client Configuration" and then remove the "Sophos
SafeGuard 6.0 Client".
When you remove the client, you will see the drive begin to decrypt. We recommend that you
uninstall both packages and allow the drive to finish decrypting before you restart.
If the system is restarted during this process, uninstallation is cancelled, but decryption will continue
when the system is restarted. Once decryption has completed, you can reinitiate the removal of
the SafeGuard encryption client.
25
SafeGuard Easy
9 Technical support
You can find technical support for Sophos products in any of these ways:
26
■
Visit the SophosTalk community at http://community.sophos.com/ and search for other users
who are experiencing the same problem.
■
Visit the Sophos support knowledgebase at http://www.sophos.com/support/.
■
Download the product documentation at http://www.sophos.com/support/docs/.
■
Send an email to [email protected], including your Sophos software version number(s),
operating system(s) and patch level(s), and the text of any error messages.
Demo guide
10 Legal notices
Copyright © 1996 - 2012 Sophos Group. All rights reserved. SafeGuard is a registered trademark
of Sophos Group.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any
form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you
are either a valid licensee where the documentation can be reproduced in accordance with the
license terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos
Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned
are trademarks or registered trademarks of their respective owners.
You find copyright information on third party suppliers in the Disclaimer and Copyright for 3rd
Party Software document in your product directory.
27
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement