Getting Started Dell Data Security Implementation Services

The proof of concept database and application have been backed up and uninstalled (if using the same server) before the installation engagement with Dell. For more instruction on an uninstall, see https://www.dell.com/support/manuals/us/en/04/dell-data-protection-encryption/enterpserverig/perform-back-ups?guid=guid-2669f62a-2567-49ea-8e72-4ad06fb82442&lang=en-us.

Any production endpoints used during proof of concept testing have been decrypted or key bundles downloaded. For more information on the clients you plan to deploy, see Client Documents.

See Dell Security Management Server Architecture Design.

Windows Server 2012 R2 (Standard or Datacenter), 2016 (Standard or Datacenter), Windows Server 2019 (Standard or Datacenter), or Windows Server 2022 (Standard or Datacenter) is installed. These operating systems can be installed on physical or virtual hardware.

Windows Installer 4.0 or later is installed.

.NET Framework 4.6.1 is installed.

Microsoft SQL Native Client 2012 is installed, if using SQL Server 2012 or SQL Server 2016. If available, SQL Native Client 2014 may be used.

Windows Firewall is disabled or configured to allow (inbound) ports 8000, 8050, 8081, 8888, 61613.

Connectivity is available between Security Management Server and Active Directory (AD) over ports 88, 135, 389, 443, 636, 3268, 3269, 49125+ (RPC) (inbound to AD).

UAC is disabled before installation on Windows Server 2012 R2 when installing in C:\Program Files. The server must be rebooted for this change to take effect. (see Windows Control Panel > User Accounts).

• Windows Server 2012 R2 - the installer disables UAC.
• Windows Server 2016 R2 - the installer disables UAC.

Service account with read-only access to AD (LDAP) - basic user/domain user account is sufficient.

Service account must have local administrator rights to the Security Management Server application servers.

To use Windows authentication for the database, a domain services account with system administrator rights. The user account must be in the format DOMAIN\Username and have the SQL Server permissions Default Schema: dbo and Database Role Membership: dbo_owner, public.

To use SQL authentication, the SQL account used must have system administrator rights on the SQL Server. The user account must have the SQL Server permissions Default Schema: dbo and Database Role Membership: dbo_owner, public.

Dell Data Security client software and Security Management Server downloads are located in the Drivers & Downloads folder at

www.dell.com/support/home/us/en/04/product-support/product/dell-data-protection-encryption/research

or

www.dell.com/support/home/us/en/19/product-support/product/dell-dp-endpt-security-suite-enterprise/research

or

From the product page http://www.dell.com/support

1. Select Drivers & Downloads.

2. From the Operating system list, select the correct operating system for the product you are downloading. For example, to download Dell Enterprise Server, select one of the Windows Server options.

3. Under the applicable software title, select Download File.

If you have purchased Encryption or Endpoint Security Suite Enterprise on-the-box, the software can be delivered to the target computer using Dell Digital Delivery.

Software is located at https://ddpe.credant.com in the SoftwareDownloads folder.

The license key is included in the original email with FTP credentials - see Example Customer Notification Email. This key is also included in the download of the application from http://www.dell.com/support and https://ddpe.credant.com.

The license file is an XML file located on the FTP site in the Client Licenses folder.

(Optional) A new database is created on a supported server - see Requirements and Architecture in the Security Management Server Installation and Migration Guide. The Security Management Server installer creates a database during installation if one is not already created.

The target database user has been given db_owner rights.

DNS aliases are created, if desired. Suggested DNS aliases:

• Security Management Server: dds.<domain.com>
• Front end Server: dds-fe.<domain.com>

We have an internal Certificate Authority (CA) that can be used to sign certificates and is trusted by all workstations in the environment or we plan to purchase a signed certificate using a public Certificate Authority, such as VeriSign or Entrust. If using a public Certificate Authority, inform the Dell Client Services Engineer. The Certificate contains the Entire Chain of Trust (Root and Intermediate) with Public and Private Key Signatures.

Subject Alternate Names (SANs) on Certificate Request match all DNS aliases given to every server being used for Dell Server installation. Does not apply to Wildcard or Self- Signed certificate requests.

Certificate is generated to a .pfx format.

Submit any specific Change Control requirements for the installation of Encryption or Endpoint Security Suite Enterprise to Dell Client Services prior to the installation engagement. These requirements may include changes to the application server(s), database, and client workstations.

Prepare at least three computers with your corporate computer image to be used for testing. Dell recommends that you not use production computers for testing. Production computers should be used during a production pilot after encryption policies have been defined and tested using the Test Plan provided by Dell.