Desktop Email Encryption

 View Only
Back to discussions
Expand all | Collapse all

Encryption Server Placement in DMZ when using Symantec Mobile Encryption for iOS

  • 1.  Encryption Server Placement in DMZ when using Symantec Mobile Encryption for iOS

    Posted Nov 14, 2014 05:49 PM

    Hi

    We are planning to install PGP desktop E-mail with a non-mailstream placement and an internal PGP Universal server in SKM.

    How can we manage IOS Mobile devices?  As far as I can see, the devices need access to a universal server in the dmz to sync private and public keys. 
    That universal server also needs ldap access to Active Directory to authenticate.

    Is it normal best practise to place a Universal server in DMZ that also holds Private keys? What is the risk?

    A DMZ environment should not have access to LDAP internally, so I guess we need two universal servers where the internal and dmz server replicate data and LDAP is enabled only on the internal universal server?

    Does anyone have experience with such design? 

     

    Torb

     

     



  • 2.  RE: Encryption Server Placement in DMZ when using Symantec Mobile Encryption for iOS

    Broadcom Employee
    Posted Dec 25, 2014 07:48 AM

    Hello Torb,

    You can have your public keys on the DMZ server, but not your private keys. It is never recommended to do so.

    Once the user is enrolled on his IOS device, his keyring will gets downloaded and saved on his device.

    Symantec Mobile Encryption for iOS app requires that users be in a Symantec Encryption Management Server-managed environment where the LDAP Directory Synchronization feature is enabled and each user has an existing account with authentication credentials on the LDAP directory.

    During configuration, your users will be required to enroll with a specific Symantec Encryption Management Server. The user must connect to Symantec Encryption Management Server over the corporate network.

    Enrollment information can be provided automatically using a configuration file you supply or by manually entering the information.

    Symantec Mobile Encryption for iOS app users enroll with their Symantec Encryption Management Server using their LDAP credentials, whether they are automatically or manually providing enrollment information. This requires that the Symantec Encryption Management Server managing your Symantec Mobile Encryption for iOS app users has the LDAP Directory Synchronization feature enabled and that each user
    has an existing account with authentication credentials on the LDAP directory.

    Best Regards,                                                                                                                            Ankush Sharma