Dell Encryption Workflows

This is the workflow showcasing how the clients activate and what services, ports, and communication methods are leveraged.

This is the process when you save a policy. We first save the policy changes we are looking to make. Policies are not changed at endpoint until we commit. We can save multiple policy changes and commit these all at once.

Next, we commit our saved policies. Any policy changes would then be distributed to our endpoints the next time they check in with the Dell Data Protection | Enterprise Edition.

This is the process when you log in to the Remote Management Console from a web browser connecting to a v9.1.5 server. The Remote Management Console is used for Dell Data Protection | Encryption management tasks such as managing policies, viewing user and device inventory, or running Compliance Reporter. An administrator logs in to the Remote Management Console using their Active Directory credentials in UPN format (User@domain.com) and has access to the administrative tasks they have been granted permission for.

Device Inventory consists of device-specific information such as what operating system version is running and what shield version is installed. The inventory also shows encryption status such as encryption sweep start and sweep times. Inventory is uploaded from the endpoint to the server and processed into the SQL tables.

This is the process when you save a policy using the webUI. We first save the policy changes we are looking to make. Policies are not changed at endpoint until we commit. We can save multiple policy changes and commit these all at once.

Next, we commit our saved policies. Any policy changes would be distributed to our endpoints the next time they check in with the Dell Data Protection | Enterprise Edition.

This is the process when you log in to the console in v9.2. We leverage html 5 over a secure connection using "https://servername.domain.com:8443/webui/login." The Remote Management Console is used for Dell Data Protection | Encryption management tasks such as managing policies, viewing user and device inventory, or running Compliance Reporter. An administrator logs in to the Remote Management Console using their Active Directory credentials in UPN format (user@domain.com) and has access to the administrative tasks they have been granted permission for.

This is the process when Pre-Boot Authentication (PBA) is authenticated. PBA is leveraged for Self-Encrypting Drives (SED) and Hardware Crypto Accelerators (HCA). The user logs in with their Active Directory credentials and specifies the domain. If the user's credentials are authenticated, they continue to boot into Windows. If the user's credentials are not authenticated, the drive remains locked, and they cannot access any data on that drive.

This is the agent registration where Pre-Boot Authentication (PBA) is provisioned and the keys are escrowed. The agent is installed in Windows and provisions PBA per policies from the Dell Data Protection | Enterprise Edition. If PBA is enabled per policy, recovery keys are created and escrowed to SQL Server for each endpoint before provisioning PBA for first use. After PBA is provisioned and the customer reboots the computer, the PBA screen will appear and require authentication before access to the operating system is granted.