Getting Started Dell Data Security Implementation Services

Windows Installer 4.0 or later is installed.

.NET Framework 4.6.1 is installed.

Microsoft SQL Native Client 2012 is installed, if using SQL Server 2012 or SQL Server 2016. If available, SQL Native Client 2014 may be used.

Windows Firewall is disabled or configured to allow (inbound) ports 8000, 8050, 8081, 8443, 8888, 61613.

Connectivity is available between Security Management Server and Active Directory (AD) over ports 88, 135, 389, 443, 636, 3268, 3269, 49125+ (RPC) (inbound to AD).

UAC is disabled before installation on Windows Server 2012 R2 when installing in C:\Program Files. The server must be rebooted for this change to take effect. (see Windows Control Panel > User Accounts).

• Windows Server 2012 R2 - the installer disables UAC.
• Windows Server 2016 R2 - the installer disables UAC.

Service account with read-only access to AD (LDAP) - basic user/domain user account is sufficient.

Service account must have local administrator rights to the Security Management Server application servers.

To use Windows authentication for the database, a domain services account with system administrator rights. The user account must be in the format DOMAIN\Username and have the SQL Server permissions Default Schema: dbo and Database Role Membership: dbo_owner, public.

To use SQL authentication, the SQL account used must have system administrator rights on the SQL Server. The user account must have the SQL Server permissions Default Schema: dbo and Database Role Membership: dbo_owner, public.

The entire existing installation is backed up to an alternate location. The backup should include the SQL database, secretKeyStore, and configuration files.

Ensure that these most critical files, which store information necessary to connect to the database, are backed up:

<Installation folder>\Enterprise Edition\Compatibility Server\conf\server_config.xml

<Installation folder>\Enterprise Edition\Compatibility Server\conf\secretKeyStore

<Installation folder>\Enterprise Edition\Compatibility Server\conf\gkresource.xml

The license key is included in the original email with CFT credentials - see Example Customer Notification Email. This key is also included in the download of the application from http://www.dell.com/support and https://ddpe.credant.com.

The license file is an XML file located on the CFT site under in the Client Licenses folder.

Software is located at https://ddpe.credant.com in the SoftwareDownloads folder.

If you purchased Encryption Enterprise or Endpoint Security Suite Enterprise on-the-box (OTB), the software is optionally fulfilled using Dell Digital Delivery. Alternatively, the software can be downloaded from www.dell.com/support or ddpe.credant.com respectively.

I have enough licenses to cover my environment.

Validate that DNS records are documented and staged for update if hardware has been changed.

We have an internal Certificate Authority (CA) that can be used to sign certificates and is trusted by all workstations in the environment or we plan to purchase a signed certificate using a public Certificate Authority, such as VeriSign or Entrust. If using a public Certificate Authority, inform the Dell Client Services Engineer. The Certificate contains the Entire Chain of Trust (Root and Intermediate) with Public and Private Key Signatures.

Subject Alternate Names (SANs) on Certificate Request match all DNS aliases given to every server being used for Dell Enterprise Server installation. Does not apply to Wildcard or Self Signed certificate requests.

Certificate is generated to a .pfx format.

Submit any specific Change Control requirements for the installation of Encryption or Endpoint Security Suite Enterprise to Dell Client Services prior to the installation engagement. These requirements may include changes to the application server(s), database, and client workstations.

Prepare at least three computers with your corporate computer image to be used for testing. Dell recommends that you not use productions computers for testing. Production computers should be used during a production pilot after encryption policies have been defined and tested using the Test Plan provided by Dell.