Home > Security related, Symantec > Installing Symantec Encryption Management Server and Exchange 2010 Configuration Part1

Installing Symantec Encryption Management Server and Exchange 2010 Configuration Part1

In this blog series, we will install together Symantec Encryption Server (previously known as PGP universal server) and configure it to work with Exchange 2010. Additionally we will explore some cool features around virtual disks, disk encryption and secure email delivery.

The Symantec Encryption Server binaries are certified to be installed as virtual and this is the recommended use from Symantec, and this is the method we will use in our environment.

Symantec Encryption Server can manage several different encryption products and solutions including:

  • Symantec encryption email gateway.
  • Symantec Encryption Desktop.
  • Symantec File share encryption.
  • Symantec Encryption portable.
  • Symantec Drive encryption.

In this blog, we will install the Symantec Encryption Server v3.3, the latest version (at this time) of the product. There are several design and architectural decision elements that must be taken into consideration for several features to work; we will explore them later.

To install Symantec Encryption Server, download the ISO image and create a virtual machine, the documentation and install guide mandate that the VM must be created with Kernel 2.6 x86, 4 GB memory for single instance and 8 GB for HA instances.

Once you start the VM with the ISO attached, follow the simple install wizard that will take you through the installation steps:




In the IP address field, specify the IP address for the appliance:


Specify the Gateway and DNS servers:


Specify the host name; one important point is to note that your appliance MUST be named (keys.domain.com), this is mandatory if you want to cooperate with other PGP key servers. PGP keys servers contacts the recipients keys servers “if available” (if the server can’t locate a public key for the recipients) on keys.domain.com, thus if you want to facilitate exchange secure emails with external parties you must name the server’s FQDN keys.domain.com and this name must be reachable from outside.


Once you finish the wizard, the setup will start automatically, once finished the appliance will reboot and the post complete setup will be launched:


accept the license agreement


from the installation type, choose the installation mode. since this is the first server we will choose new installation.


set the time/date:


Confirm the IP settings:


Confirm the setup summary:




Enter the license information:


Enter the administrator information and password:


enter the primary domain that you use to send/receive emails:


To protect the server in case it is physcially attacked you must configure the ignition keys, I will use a passphrase as my ignition keys; enter them and continue:



review the setup summary:


Once setup completes you can login to the admin console on https://keys.domain.com:9000


This completes the Symantec Encryption Server installation, in Part 2 we will continue with the initial setup and keys management, part 2 and 3 will be fun, so stay tuned Smile.

  1. May 21, 2013 at 5:36 pm

    I can’t wait for the next installment!

  2. May 23, 2013 at 1:39 am

    me too cant wait

  3. May 23, 2013 at 9:19 am

    thanks for writing this…

    • May 23, 2013 at 10:19 am

      You are welcome, and guys check part 2 of the series.

  1. May 22, 2013 at 1:35 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: