ebook img

IronKey Enterprise Server Admin Guide PDF

70 Pages·2015·0English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview IronKey Enterprise Server Admin Guide

IronKey Enterprise Server 6.1 Admin Guide Last Updated September 2015 Thank you for your interest in IronKey™ Enterprise Server by Imation. Imation’s Mobile Security Group is committed to creating and developing the best security technologies and making them simple-to-use and widely available. Years of research and millions of dollars of development have gone into bringing this technology to you. We are very open to user feedback and would appreciate hearing about your comments, suggestions, and experiences with this product. Feedback: [email protected] NOTE: Imation is not liable for technical or editorial errors and/or omissions contained herein; nor for incidental or consequential damages resulting from the furnishing or use of this material. The information provided herein is subject to change without notice. The information contained in this document represents the current view of Imation on the issue discussed as of the date of publication. Imation cannot guarantee the accuracy of any information presented after the date of publication. This document is for information purposes only. Imation makes no warranties, expressed or implied, in this document. Imation, the Imation logo, IronKey and the IronKey logo are trademarks of Imation Corp. and its subsidiaries. All other trademarks are the property of their respective owners. © 2015 Imation Corp. All rights reserved. IronKey Enterprise Server v6.1.0.0 software – September 2015. IK-EMS-ADM03-3.0 CONTENTS About IronKey Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 What’s New?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Release history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 Key Admin Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Supported device models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Supported Web Browsers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Product specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Product overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Enterprise Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 Contact information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 Setting up and deploying IronKey Enterprise . . . . . . . . . . . . . . . . . . 12 Setting up IronKey Enterprise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12 Accessing the Admin Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Deploying IronKey Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 Choosing a deployment strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 Questions to ask before deploying devices:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Sample deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 The Deployment Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Best practices for a smooth rollout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 For the Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 For the End-user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Common administrator tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Managing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Policy numbers and versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 About policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Policy Settings Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Adding policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Editing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27 Deleting policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27 Viewing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Updating policies on devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 IRONKEY ENTERPRISE SERVER ADMIN GUIDE PAGE 1 Managing Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Viewing users and groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 Managing users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 About Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Administrative Tasks by Category and Role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Adding a user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Adding multiple users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Editing a user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Deleting a user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Viewing user information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Searching for a user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Managing groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 About groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Adding a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Moving users to a group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Deleting groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Managing Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Viewing device information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Downloading device information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Activating devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40 Editing the Activation Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Activating a device for a user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Adding new devices to users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 Editing device profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Deleting devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Searching for a device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Managing devices remotely with Silver Bullet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Resetting a device password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Pairing a new smart card with a device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Recovering devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Recommissioning devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Disabling and enabling devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Detonating a device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Forcing Read-Only mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Updating devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48 Forcing a software update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Selecting an approved update file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Update testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Update removal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Upgrading IronKey Basic devices to Enterprise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50 Importing authentication credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51 IRONKEY ENTERPRISE SERVER ADMIN GUIDE PAGE 2 Importing RSA SecurID tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Importing a digital certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Managing S200 or D200 devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52 Admin Tools: Tasks according to User Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Assisting with passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Approving Admin users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Recommissioning devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Activating IronKey Enterprise for Basic users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Monitoring security events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Using Enterprise Dashboard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 Dashboard maps and events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Enterprise Dashboard Charts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Setting up email alerts for events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59 Interpreting malware scanner reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 IRONKEY ENTERPRISE SERVER ADMIN GUIDE PAGE 3 About IronKey Enterprise IronKey Enterprise Server is a reliable and scalable solution for managing IronKey flash drives, hard drives, and portable workspace drives. The server readily integrates with existing IT infrastructure, making it easy to deploy and administer drives and to remotely enforce policies. It also enhances the security of “always-on” IronKey hardware encryption by providing enterprise- class management capabilities that include the ability to implement two-factor authentication, deploy portable virtualized desktops, and disable or wipe clean rogue drives. This guide tells you how to deploy and manage IronKey devices in your enterprise environment. What’s New? Version 6 .1 New features include: » Force Update: Available in Server for use with the latest release of the 250 device Series (version 3.5.0.0). Controlled by the device policy, you can now force users to update their devices to the latest approved software release. For information about new Force Update policy settings, see “Policy Settings Table” on page 20. For more information about using Force Update, see “Forcing a software update” on page 48. » Password Reset (user-initiated): Users can now reset their password without having to contact their administrator or Help Desk if they forget it. You set this feature in the device policy. It will be enabled by default for new device policies. For existing policies, this setting will not be enabled by default. » Online Account enabled for Standard Users: All Standard Users can now have an online account. An online account is required to use the Password Reset (user-initiated) feature. Online Account Access is set in the device policy. For new policies, the default setting is “All Users”. For existing policies, this setting will be set to “Admins Only”. You can modify an existing policy to enable online account access for all users. Standard users must update to this policy to create an account. » Two Default Activation Email templates: One for Storage devices and the other for Workspace devices. You can customize the content in these templates according to company requirements. » Changes to User Profile page: Recommissioned devices in the IronKey Devices list will be hidden by default. The “View” list includes “Current Devices” (default setting) and “All IRONKEY ENTERPRISE SERVER ADMIN GUIDE PAGE 4 Devices”. A current device still uses an active seat license and can be in one of the following states: Disabled, Pending recommission, Awaiting detonation. The “All Devices” view will also display Recommissioned and Detonated devices. » Delete Device option is now available on the Device Profile page » A new “Where” column in downloaded reports now matches the on-screen view and includes city, state and country. Release history Version 6 .0 » IronKey Enterprise Server now supports the management of IronKey Enterprise H350, S1000, and IronKey Workspace W700-SC devices. • H350— IronKey Enterprise H350 devices are FIPS 140-2 Level 3 certified, USB (Universal Serial Bus) 3.0 hard drives with built-in password security and data encryption. For more information about the device, see the IronKey Enterprise H350 User Guide. • S1000—IronKey Enterprise S1000 devices are USB 3.0 portable flash drives with built-in password security and data encryption. For more information about the device, see the IronKey Enterprise S1000 User Guide. • W700-SC—IronKey Workspace W700-SC is a trusted, FIPS 140-2 Level 3 certified, secure USB flash drive that features XTS-AES 256-bit hardware encryption. Additionally, the W700-SC supports device authentication using a smart card. When paired with your device, you can securely unlock your workspace using your smart card and Personal Identification Number (PIN). Certified by Microsoft as a Windows To Go device, the W700-SC is a secure, personal workspace. It is capable of using all host system resources on host computers that are certified to run Microsoft Windows® 7.0 and higher, and qualified Mac computers. For more information about the device, see the IronKey Workspace W700-SC User Guide. » Enterprise Dashboard Events table—The table now includes a column for Devices. Admins can sort by the Device column to view all events for a specific device. Also new is the custom date range filter. You can now filter which events display in the table based on a start and end date. » Email notification for events—The Admin Console includes a new Alerts feature. If purchased and enabled for your Server Account, this feature provides email notifications to Admin users about important events. Admins can set up an alert to receive a daily message summarizing the events that have occurred in the last 24 hours. See “Setting up email alerts for events” on page 59. » New group selector when adding a user—When you create a new user, you can now add the user to a group using the group selector. System Admin users can add the user to any group. Admin users can only add users to a group to which they are also a member. See “Adding a user” on page 32. Version 5 .2 IronKey Enterprise Server now supports the management of IronKey Enterprise H300 devices. IronKey Enterprise H300 devices are USB portable hard drives with built-in password security IRONKEY ENTERPRISE SERVER ADMIN GUIDE PAGE 5 and data encryption. For more information about the device, see the IronKey Enterprise H300 User Guide. Support for IronKey Workspace 4 .3 Admins are now able to use the device recovery Silver Bullet to unlock the secure operating system (OS) partition on the device. If a user experiences issues with the Windows OS, Administrators can now try to troubleshoot and repair these issues or recover files by accessing the OS partition. See “Recovering devices” on page 46 A new device update is available to upgrade the device firmware and software on devices running IronKey Workspace version 4.1 or 4.2. Admins will also need to update the IronKey Control Panel application in Windows To Go. See the IronKey Support site for more information about upgrading to the IronKey Workspace 4.3 release. IronKey Workspace 4.3 devices also include the following features: » Device activation on a Mac operating system. » Support for a multi-lingual keyboard layout in the Preboot environment when booting Windows To Go. » Updates to the IronKey Workspace Startup Assistant to increase the number of host computers it can configure to boot from a USB device on startup. The application is available on the device (W500/W700) or as a standalone application (available as a download from the IronKey Support site). » Support for IronKey secure storage devices in Windows To Go. Users can save data to an IronKey secure storage drive while booted in Windows To Go. When using a storage device while booted in the secure Workspace, two Control Panel icons will display in the Windows system tray, one to manage the secure storage device and the other for the IronKey Workspace device. Version 5 .1 IronKey Enterprise Server now supports IronKey Workspace W700 devices. IronKey Workspace W700 Windows To Go solution has FIPS 140-2 Level 3 certification and features AES 256- bit hardware encryption. You can centrally manage and deploy these devices with IronKey Enterprise Management Server. Version 5 .0 IronKey Enterprise Server now supports IronKey Workspace W500 devices. IronKey Workspace W500 is the Windows To Go solution protected by IronKey’s hardware encryption, you can centrally manage and deploy devices with IronKey Enterprise Management Server. Version 4 .0 IronKey Enterprise Server x250 includes two new secure USB flash drives: S250 and D250. To manage x250 devices, the IronKey Enterprise Server provides the following new features: » Remote device management using Silver Bullet • Password Reset—Administrators can also help users who have forgotten their passwords by remotely unlocking the device and forcing a password change. IRONKEY ENTERPRISE SERVER ADMIN GUIDE PAGE 6 • Device Recovery—Administrators can remotely unlock devices that can no longer be accessed. • Device Recommissioning—Administrators can remotely reset a device so that device data is deleted and the device can be reused. • Force Read-only—Allows Administrators to force a device to open in read-only mode. » One central management console—Devices are completely managed through the Admin Console. There is no Admin Tools application on administrator x250 devices. » New device setup—Users and administrators can set up their devices with an easy-to-use workflow that activates the device, sets up the online account, and initializes the device. NOTE: IronKey devices that are not running the latest firmware and software may not be able to use the Silver Bullet Service or other new features. Updating old devices will allow them to use these features. For information about updating devices, see “Updating devices” on page 48. Key Admin Concepts The Admin Console: Centralized Device Management IronKey Enterprise includes a centralized management console for managing tens, hundreds or thousands of devices and users, reducing overall deployment times and maintenance requirements. IronKey Policies: Enforcing Corporate Security Policies Configure policies for device password strength, self-destruction settings, and enabling specific applications and services. User Management: Organize Users Into Groups Create groups to manage your users based on any criteria needed to keep you organized. Users can be easily added and removed from Groups and administrative tasks performed by group. Silver Bullet Service: Protecting Against Malicious Users IronKey’s Silver Bullet Service confirms that IronKey devices are authorized before allowing them to be unlocked. This real-time service allows Admins to completely disable and even remotely detonate devices, extending the control needed to protect important data. Password Reset: Allowing users to reset their device password Allow users to securely reset their password, thereby reducing the number of Help Desk calls from users who cannot access their devices because they’ve forgotten their password. Secure Device Recovery: Securely Unlocking Users’ Devices Secure Device Recovery is Imation’s patented PKI mechanism that allows Admins to unlock another user’s device, for example in the case of employee termination, regulatory compliance, or forensic investigations. Unlike many other solutions, there is no central database of back- door passwords. IRONKEY ENTERPRISE SERVER ADMIN GUIDE PAGE 7 Device Recommissioning: Securely Re-purposing Devices When employees leave the organization, their IronKey devices can be safely recommissioned to new users. This process requires Admin authentication and authorization using IronKey Enterprise’s secure online services. Supported device models The following list of IronKey devices are supported with IronKey Enterprise. » S100 » 200 Series (includes S200 & D200) Note: The term “x200”, when used in the product or documentation, indicates that the feature or section applies to both device models in the series. » 250 Series (includes S250 & D250) Note: The term “x250”, when used in the product or documentation, indicates that the feature or section applies to both device models in the series. » IronKey Workspace W500, IronKey Workspace W700, and IronKey Workspace W700-SC » H300/H350 » S1000 NOTE: For more information about devices, see “Managing Devices” on page 39 System Requirements The following operating systems are supported by IronKey Enterprise devices. » Windows® 8 or Windows® 8.1 » Windows® 7 » Windows® Vista* » Windows® XP (SP2+)* » Mac OS® X (10.6+) » Linux (2.6+) * Not supported by IronKey Workspace (W500, W700, and W700-SC) devices. The following devices support USB 3.0 Super Speed: W500, W700, W700-SC, H300/H350, and S1000. The computer must have a USB 2.0 port for high-speed data transfer. A USB 1.1 port or powered hub will also work, but will be slower. SUPPORTED WEB BROWSERS To increase browser security, SSL 3.0 is no longer supported. With this change, encrypted communications will now occur with TLS v1.0. Customers who are using Microsoft Internet Explorer v6.0 will need to enable TLS v1.0 manually. All other browsers support this by default. IRONKEY ENTERPRISE SERVER ADMIN GUIDE PAGE 8

Description:
IronKey Enterprise Server v6.1.0.0 software – September 2015. policies, users, and devices; users access their online accounts to view information is designed to protect your organization from the risks of data loss and data.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.