Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
21222324252627282930
3. (FileVault-encrypted non-boot volumes only) To allow Dell Encryption to assume management of the volume, enter the
passphrase to access the volume. This is the password that was assigned to the volume when it was originally FileVault-
encrypted.
Once Dell manages the volume's encryption, the old password is no longer valid. Your Dell administrator can retrieve a
recovery key for your volume in the event that you should need recovery assistance.
If you choose not to enter the password, the volume's contents are accessible and are encrypted with FileVault but the
encryption is not managed by Dell.
NOTE:
In the Management Console, the administrator can see that the Dell Server now manages the endpoint.
Recycling FileVault Recovery Keys
If you have security issues with a recovery bundle or if a volume or keys are compromised, you can recycle the key material for
that volume.
You can recycle keys for boot and non-boot drives on Mac OS X.
To recycle the key material:
1. Download a recovery bundle from the Management Console and copy it to the computer's desktop.
2. Launch System Preferences and click Dell Encryption Enterprise.
3. Click the System Volumes tab.
4. Drag the recovery bundle from step 1 to the appropriate partition.
A dialog prompts you to cycle the FileVault keys.
5. Click OK.
A dialog confirms success for cycling keys.
6. Click OK.
NOTE:
Keys in the recovery bundle for this drive are now obsolete. You must download a new recovery bundle from the
Management Console.
User Experience
For maximum security, the client software disables the Automatic Login feature of Mac OS X computers.
Additionally, the client software automatically enforces the Mac OS X feature require password after sleep or screen saver
begins. Also, a configurable amount of time is allowed in sleep/screen saver mode before enforcing authentication. The client
software allows a user to set a value up to five minutes before authentication is enforced.
Users can use the computer normally as the encryption sweep progresses. All data on the currently booted system volume is
being encrypted, including the operating system, while the operating system continues to operate.
If the computer is restarted or enters system sleep, the encryption sweep pauses and then automatically resumes after the
restart or wake.
The client software does not support the use of hibernation images, which the Mac OS X Safe Sleep feature uses to wake the
computer if the battery is fully discharged during sleep.
To reduce user impact, the client software automatically updates the system sleep mode to disable hibernation and enforces this
setting. The computer can still enter sleep, but the current system state is maintained only in memory. Therefore, the computer
is fully restarted if completely shut down during sleep, which could occur if the battery runs down or is replaced.
Copy whitelist rule
A hidden menu item allows a user to copy a whitelist rule for removable media.
Tasks for the Encryption Client
21