Dell Encryption Enterprise Advanced Installation Guide v11.11

There are two methods available to install Encryption on server operating system. Choose one of the following methods:

• Install Encryption on server operating system Interactively

  Encryption on server operating system can be installed interactively only on computers running server operating systems. Installation on computers running non-server operating systems must be performed by command line, with the SERVERMODE=1 parameter specified.

• Install Encryption on server operating system Using the Command Line

Virtual User Account

• As part of the installation, a virtual server user account is created for the exclusive use of Encryption on server operating system. Password and DPAPI authentication are disabled so that only the virtual server user can access encryption keys.

Before You Begin

• The user account performing the installation must be a domain user with administrator-level permissions.

• To override this requirement, or to run Encryption on server operating system on non-domain or multi-domain servers, set the ssos.domainadmin.verify property to false in the application.properties file. The file is stored in the following file paths, based on the Dell Server you are using:

  Security Management Server - <installation dir>/Security Server/conf/application.properties

  Security Management Server Virtual - /opt/dell/server/security-server/conf/application.properties

• The server must support port controls.

  Port Control System policies affect removable media on protected servers, for example, by controlling access and usage of the server's USB ports by USB devices. USB port policy applies to external USB ports. Internal USB port functionality is not affected by USB port policy. If USB port policy is disabled, a USB keyboard and mouse do not function and the user cannot use the computer unless a Remote Desktop Connection is set up before the policy is applied.

• To successfully activate, the computer must have network connectivity.

• When the Trusted Platform Module (TPM) is available, it is used for sealing the General Purpose Key on Dell hardware. If a TPM is not available, Microsoft's Data Protection API (DPAPI) is used to protect the General Purpose Key.

  When installing a new operating system on a Dell computer with TPM that is running Server Encryption, clear the TPM in the BIOS. See this article for instructions.

• The installation log file is located in the user's %temp% directory, located at C:\Users\<user name>\AppData\Local\Temp. To locate the correct log file, find the file name that begins with MSI and ends with a .log extension. The file includes a date/time stamp matching the time when the installer was run.

• Encryption is not supported on servers that are part of distributed file systems (DFS).

Extract the Child Installer

• To install Encryption on server operating system, you must first extract the child installer, DDPE_xxbit_setup.exe, from the master installer. See Extract the Child Installers from the Master Installer.