5 Replies Latest reply on Jun 10, 2010 2:41 PM by SafeBoot

    newbie looking for basics...

      Hi - Did a browse of the subjects and didn't find what I was looking for so I thougt I'd ask.

       

      I'm looking for a basic writeup of what, exactly, eem does from start to finish.

       

      So there is a server side, and a client...the client needs to be installed.  What happens when the client is installed(initial setup)?  What is happening when the user logs in and logs off?  What is encrypted...the entire disk?  As you can see, this is real basic info I'm looking for...is there sort of a eem for dummies out there that you could point me to so that I can better grasp the whole framework and what exactly is happening each step of the way.  Thanks so much!

       

      MCc

        • 2. Re: newbie looking for basics...

          Thanks for the link.  I had not seen the quick start guide so it was useful and did provide some information that I did not know before and filled in some blanks on what is going on on the server side.  In our org, my team supports the end users but another team usupports the server side of things and we don't always see or know exactly what is "going on behind the curtain".   What I am looking for specifically is more detail on what is happening at the client end of things.

           

          In the quick start guide, they discuss the install of the client but in only very basic terms on the last two pages.   So my question is, what exactly takes place when the client agent is installed?  What is encrypted?  How is this done?  What is communicated between the client and server?

           

          Here is an example -- letst say a laptop is lost or stolen; how is the drive protected from someone removing it and mounting/copying it to another machine as a drive?

           

          So I guess I'm looking for more of a blow by blow overview of what is going on w/ the client and how, ultimately, that disk is protected.

           

          Thanks in advance for any further info or pointers you might be able to provide.

          • 3. Re: newbie looking for basics...

            In the quick start guide, they discuss the install of the client but in only very basic terms on the last two pages.   So my question is, what exactly takes place when the client agent is installed?

             

            >the software gets installed and starts looking for a policy to apply, which can tell it to do a lot of different things...

             

            What is encrypted?

             

            > all the sectors of the disk which comprise the partitions the adminstrator elected to encrypt

             

            How is this done?

             

            > with the algorithm the admin picked? I'm not sure what you mean here - are you asking how encryption works?

             

            What is communicated between the client and server?

             

            > the policy, audit, encryption keys, recovery keys etc

             

            Here is an example -- letst say a laptop is lost or stolen; how is the drive protected from someone removing it and mounting/copying it to another machine as a drive?

             

            >nothing at all, but when they try to boot, they will get asked for credentials still - the encryption is on the drive itself remember.

            • 4. Re: newbie looking for basics...

              Unfortunately no good internals guide is available for EEPC.

               

              So my question is, what exactly takes place when the client agent is installed?  What is encrypted?  How is this done?  What is communicated between the client and server?


              Installing client installs filter driver for disk subsystem, tied to encryption algorithm module. Plus some configuration, communication and service software.

              Nothing is encrypted at this moment. After reboot, drivers become active and initial communication with database is established. Exchange of pieces of information occurs, machine object is created (if it wasn't prepopulated) and activated, key gets generated and passed to client, preboot environment is created and disk encryption is started. Database obtains some more info about client PC (like IP).

               

              Here is an example -- letst say a laptop is lost or stolen; how is the drive protected from someone removing it and mounting/copying it to another machine as a drive?


              If drive is removed and placed on other PC, it will be seen as corrupted. While partiton table would be readible, all partitons will be seen as scrambled, with no valid file systems on them. Obviously without filesystems you cannot read files (data).

              • 5. Re: newbie looking for basics...
                If drive is removed and placed on other PC, it will be seen as corrupted. While partiton table would be readible, all partitons will be seen as scrambled, with no valid file systems on them. Obviously without filesystems you cannot read files (data).

                 

                If you plug it into another machine as a primary drive, it will work as it did in the first place - you'll get the login screen etc. What peter says is true if you were to slave it as a 2nd drive on another machine.