Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
12345678910
Table Of Contents
2
Design overview
The McAfee ePO server is a central store of configuration information for all systems, servers, policies,
and users.
Each time the administrator initiates a policy update, or an Agent Server Communication Interval
(ASCI), the EEPC/EEMac protected system connects with McAfee ePO.
The Endpoint Encryption protected system queries McAfee ePO for any configuration updates and
downloads them. An example of updates are a new user assigned (by the administrator) to the client
system, a change in policies, or a change in server settings specified by the administrator.
The Endpoint Encryption protected system also updates any changes on the client system back to the
McAfee ePO server, for example, change of user's password token data.
Contents
Support for the self-encrypting (Opal from Trusted Computing Group) drive
Endpoint Encryption Policies
PBA in Endpoint Encryption 7.0 Patch 1
How Endpoint Encryption works
McAfee ePO requirements
Requirements testing for client systems
Support for the self-encrypting (Opal from Trusted Computing
Group) drive
EEPC 7.0 Patch 1 provides better management facility for the Opal drive, which is a selfcontained and
standalone Hard Disk Drive (HDD) that conforms to the Trusted Computing Group (TCG) Opal
standard.
The Opal drive is always encrypted by the on board crypto processor. However, it may or may not be
locked. Though the Opal drive handles all of the encryption, it needs to be managed by a management
software like McAfee ePolicy Orchestrator. If the Opal drive is not managed, it behaves and responds
like a normal HDD.
The combination of EEPC and McAfee ePO for Opal provides:
Centralized management
Reporting and recovery functionality
A secure PreBoot Authentication that unlocks the Opal drive
An efficient user management
Continuous policy enforcement
2
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide
9