I posted this yeaterday- it is no longer here???
I'll try to not write this so technically, as last time- maybe that was the problem?
hey guys I have um epp and like in the book thing it tells me I cant encrypt the machine that i have the manager installed
ok nevermind- that's not going to work is it.
In the EPP (Version 18.104.22.168) Quick Start Guide, page 14 where it describes CREATING AN EE Server Object, there is a NOTE near the bottom of the page that reads:
"NOTE: If you are using multiple machines for testing, leave all the Endpoint Encryption Server settings at their defaults. If you are testing Endpoint Encryption Manager and the Endpoint Encryption for PC client on one machine, YOU MUST CHANGE THE IP ADDRESS TO 127.0.0.1"
With that in mind, here is my testing configuration: I have 2 PCs. I want to encrypt the drives on BOTH. One must have the managment software on it. These are the ONLY 2 PC's in the entire system. They BOTH require encrypted drives and no other PCs exist. If I read the note, it is an EITHER-OR sentance. I know if I use (localhost ip) and try to create an install set, it won't work for the remote machine... and I can guess that the client software isn't smart enough to realize that it is also the server and it should not try to communicate with it's own IP, but insted automatically drop back to (localhost). Probably a security issue.
The best I can come up with, makes little sense to me. That I must create TWO separate servers within the managment software, whereas one will serve the remote PC and the other will serve "itself" -? .. then create install EXEs for EACH. That defeats all the cool central managment features so that can't be true.
On page 17 (SETUP MACHINE CONFIGURATION", it states:
"CAUTION: Do not select any encryption if you intend to install the client software on the same machine as the administration system!"
Is this intended to convey that you can NEVER encrype the drive that the managment server software is on, or does it mean that you must change the attribute AFTER the client installation, rather than as part of it?
-signed- stuck on page 14.
That is right. Do never encrypt machine that EEM is on it?
How would you recover if it gets a problem?
(there might be some workarounds but it will be soooooo..... non-standard)
You are saying to NEVER encrypt the drive that the administrative software is installed?
Then why would Mcafee write in their manual, the option to "test on one PC with both administrative tool and client"? Do they mean you can not test the encryption capabilities? Why bother?
It seems to me that problems should not occur, but if they did, installing the managment software on another PC would get you out of trouble, using correct password or backup, and a safetech boot disk?
Arificial test environment can be built using McAfee suggestion, but most do not care if test environment survive or not.
It is definetely not recommended for production systems.
You could have EEM on multiple machines in your environment. Endpoint Encryption Manager (EEM) is also the management console tool, and is best practice to leave a working machine with EEM un-encrypted...as Peter points out. But not necessarily a concern to have EEM console installed on encrypted client machines. Some of the acronyms and naming gets confusing with this product... I believe the renaming of IP is to simplify your networking settings in a simple test environment where you are looking to encrypt the SAME machine (as well) that is hosting the database… this is certainly not best practice in production.
I'm sure that OP meant EEM as machine with EE Management AND Database itself.
So if your database is not accessible, then EEM is useless anyways.
I would suggest you download the free copy of VMWare Server and install on one of the machines. Create a new virtual machine (XP or Windows 2003 server) and install the managment software and database on that VMWare Machine.
Then you can encrypt both computers and have a third Virtual machine running your database.
Only downside to this is that the Virtual Machine must be up and running in order to sync and things like that.
But after all, its just a test environment right?
its pointing out that, in your test environment, if you install EEM and EEPC on the same machine, and then you forget the password, how are you going to recover?
either install EEM on one, and EEPC on the other, or take the risk if you encrypt both.
In a production environment NO ONE encrypts their server with EEPC - it's just too risky, plus EEPC is not officially supported on server OSs