Home > Security related, Symantec > Installing Symantec Encryption Management Server and Exchange 2010 Configuration Part1

Installing Symantec Encryption Management Server and Exchange 2010 Configuration Part1


In this blog series, we will install together Symantec Encryption Server (previously known as PGP universal server) and configure it to work with Exchange 2010. Additionally we will explore some cool features around virtual disks, disk encryption and secure email delivery.

The Symantec Encryption Server binaries are certified to be installed as virtual and this is the recommended use from Symantec, and this is the method we will use in our environment.

Symantec Encryption Server can manage several different encryption products and solutions including:

  • Symantec encryption email gateway.
  • Symantec Encryption Desktop.
  • Symantec File share encryption.
  • Symantec Encryption portable.
  • Symantec Drive encryption.

In this blog, we will install the Symantec Encryption Server v3.3, the latest version (at this time) of the product. There are several design and architectural decision elements that must be taken into consideration for several features to work; we will explore them later.

To install Symantec Encryption Server, download the ISO image and create a virtual machine, the documentation and install guide mandate that the VM must be created with Kernel 2.6 x86, 4 GB memory for single instance and 8 GB for HA instances.

Once you start the VM with the ISO attached, follow the simple install wizard that will take you through the installation steps:

image

image

image

In the IP address field, specify the IP address for the appliance:

image

Specify the Gateway and DNS servers:

image

Specify the host name; one important point is to note that your appliance MUST be named (keys.domain.com), this is mandatory if you want to cooperate with other PGP key servers. PGP keys servers contacts the recipients keys servers “if available” (if the server can’t locate a public key for the recipients) on keys.domain.com, thus if you want to facilitate exchange secure emails with external parties you must name the server’s FQDN keys.domain.com and this name must be reachable from outside.

image

Once you finish the wizard, the setup will start automatically, once finished the appliance will reboot and the post complete setup will be launched:

image

accept the license agreement

image

from the installation type, choose the installation mode. since this is the first server we will choose new installation.

image

set the time/date:

image

Confirm the IP settings:

image

Confirm the setup summary:

image

Reboot:

image

Enter the license information:

image

Enter the administrator information and password:

image

enter the primary domain that you use to send/receive emails:

image

To protect the server in case it is physcially attacked you must configure the ignition keys, I will use a passphrase as my ignition keys; enter them and continue:

image

image

review the setup summary:

image

Once setup completes you can login to the admin console on https://keys.domain.com:9000

image

This completes the Symantec Encryption Server installation, in Part 2 we will continue with the initial setup and keys management, part 2 and 3 will be fun, so stay tuned Smile.

  1. May 21, 2013 at 5:36 pm

    I can’t wait for the next installment!

  2. May 23, 2013 at 1:39 am

    me too cant wait

  3. May 23, 2013 at 9:19 am

    thanks for writing this…

    • May 23, 2013 at 10:19 am

      You are welcome, and guys check part 2 of the series.

  1. May 22, 2013 at 1:35 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: