Endpoint Encryption

 View Only

  • 1.  SEE v11 vs SED 10.3.2.x Deployment Questions

    Posted Jan 14, 2015 04:58 PM

    We recently noticed that the new SEE v11 is the combined effort of both the original SEE and SED. We were literally days away from rolling out SED and now we’re a little concerned that with a new product it may be better to start off with a fresh deployment with SEE 11. Please keep in mind we are using SED purely for FDE and not email.

    A few questions on comparisons between the two products:

    • Mac OS X support: does SEE 11 currently support OS X? I can’t find any information that says that this is the case.

    • Token authentication: our plan was to use WDE Admin keys on tokens for tertiary autentication. Does SEE v11 support token authentication like WDE Admin with SED?

    • Upgrade path: does is make sense to start deployment with SED for OSX and SEE for Windows and hope we can convert Macs later? I know that there is currently no upgrade path from SED to SEE and that investigation whether this is possible is ongoing.



  • 2.  RE: SEE v11 vs SED 10.3.2.x Deployment Questions

    Posted Jan 15, 2015 06:08 AM

    Hi bking,

    To answer your queries.

    1) Disk encryption is not yet supported for Mac OS X on SEE 11.0

    2) As far as I know token is not yet supported with SEE drive encryption. Only passphrase authentication is available.

    3) We can do both but we have to manage Mac seperatly on Encryption Managemnet Server and Windows seperately on SEE 11.0 Server Manager.

    Instead for now, I would suggest you to go with SED as your requirement has token and Mac OS X machines.

    But its your call, whether you want to manage 2 different encryption one for Mac and another for Windows.

    You can refer following 2 links for SED and SEE 11.0 documentations.

    http://www.symantec.com/docs/TECH202483

    http://www.symantec.com/docs/HOWTO101978

    Hope above information helps.

    Regards,
    Sarfaraz



  • 3.  RE: SEE v11 vs SED 10.3.2.x Deployment Questions

    Posted Jan 15, 2015 06:16 AM

    I just checked and we do have smart card support for SEE 11.0

    Please refer following link

    http://www.symantec.com/docs/TECH224480

    Smart card support for preboot authentication

    Symantec Endpoint Encryption supports the following:

    Smart card readers

    • Any generic USB CCID-compatible readers that you connect to a USB 2.0 port.
       

    Personal Identity Verification (PIV) cards

    • Oberthur (2008)
    • Oberthur Cosmo 128K
    • Oberthur ID-One Cosmo v7.0
    • Gelmalto TOP DL GX4 144K FIPS
    • G&D SmartCafe Expert 144K DI v3.2
    • G&D SmartCafe Expert 80K DI v3.2
       

    Note: Symantec Endpoint Encryption does not support smart cards on UEFI systems