cynapspro endpoint data protection - installation guide
Upcoming SlideShare
Loading in...5
×
 

cynapspro endpoint data protection - installation guide

on

  • 885 views

Installation Guide of cynapspro Endpoint Data Protection 2010

Installation Guide of cynapspro Endpoint Data Protection 2010

Statistics

Views

Total Views
885
Views on SlideShare
885
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    cynapspro endpoint data protection - installation guide cynapspro endpoint data protection - installation guide Document Transcript

    • cynapspro Endpoint Data Protection 2010 Installation Guide Cynapspro Endpoint Data Protection DevicePro prevents data loss by controlling all kinds of ports and external storage devices. CryptionPro protects your company data by efficiently encrypting data stored on external devices. CryptionPro HDD protects confidential data through automatic and efficient hdd encryption. ApplicationPro controls the use of applications based on a white list or black list. ErasePro ensures that files are securely and permanently deleted. PowerPro cuts energy costs and reports suspicious activity. Last Update: May 17, 2010
    • 2 cynapspro Endpoint Data Protection 2010 – Installation Guide Table of Content System Architecture ............................................................ 3 Before the Installation ........................................................ 5 Administration of cynapspro Endpoint Data Protection ................................................... 5 The cynapspro Management Console: ....................................................................... 5 cynapspro AdminTool ............................................................................................. 5 System Requirements ................................................................................................ 5 Server Component ................................................................................................. 5 Client Component .................................................................................................. 6 Installation Process ............................................................. 7 Installation of the cynapspro Server ............................................................................ 7 Active Directory Log-in Data.................................................................................... 7 Novell eDirectory Log-in Data .................................................................................. 7 After the Installation ........................................................... 9 The cynapspro AdminTool .......................................................................................... 9 Database Settings ................................................................................................... 10 Directory Service Settings ........................................................................................ 10 cynapspro Server Settings........................................................................................ 10 Loglevel ................................................................................................................. 10 Roll-Out of the cynapspro Agent ........................................ 11 Generate MSI Packet ............................................................................................... 11 Installation of the Agent ........................................................................................... 11 Update the Agent .................................................................................................... 12 Uninstallation of the Agent ....................................................................................... 13 Installation of CryptionPro HDD ........................................ 14 Before the Installation ............................................................................................. 14 Installation Process ................................................................................................. 14 Appendix ........................................................................... 16 Unattended Installation of cynapspro ......................................................................... 16 Installation of SQL Server 2005 Express/MSDE ........................................................... 17 Microsoft SQL Server 2005 Express Edition ............................................................. 17 Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) ......................................... 17 Automatic Distribution of the Agent (via AD) .............................................................. 18 Copyright ........................................................................... 19
    • 3 cynapspro Endpoint Data Protection 2010 – Installation Guide System Architecture The cynapspro Server is responsible for the centralized management of your cynapspro clients. You can install the server on any one computer on your network. The structure of the directory service of your existing MS Active Directory or Novell eDirectory will be read by the DevicePro server and stored in its own database. There will be no schema extensions to your directory, nor will information be written to it. cynapspro creates only a copy of the structure, which is then updated on a scheduled basis. To access Active Directory, you need a user with read permissions, nothing more. All records are maintained in a SQL database (MSDE, MS SQL Server Express, MS SQL Server 2000, 2005 or 2008) by the cynapspro server. Changes you make in the cynapspro Management Console will be immediately sent to the client by the cynapspro server and stored in the database. All changes to user rights are effective immediately. Neither a reboot, nor other additional actions are necessary. The cynapspro Agents communicate with the server using a push / pull process and pick up all the changes immediately. There will be no polling, which reduces the network load significantly. Only those computers and users, whose rights have been modified, will be contacted so they can pick up the changes. If a computer is not in the network, changes can be communicated using a secure TAN.
    • 4 cynapspro Endpoint Data Protection 2010 – Installation Guide Communication between server and client takes place using ports that have been defined by the administrator. Access permissions for external devices and applications are controlled by a kernel driver. The cynapspro agent sends all changes made in the management console of the cynapspro Server to the kernel driver and takes over the complete communication between the server, the kernel driver and, if necessary, with the user.
    • 5 cynapspro Endpoint Data Protection 2010 – Installation Guide Before the Installation Before you start with the installation of cynapspro Endpoint Data Protection 2010 (formerly DevicePro Ultimate 2009), it is recommended that you gather the following data and files.  DevicePro Installation File  License Key (.lic & .txt) (not required for a test installation)  At least 20 MB free hard disk space  User with read permissions for Microsoft Active Directory / Novell eDirectory  SQL – user with permission to create a database (MSDE, SQL Server Express 2005 or 2008, SQL Server 2000, 2005 or 2008) Administration of cynapspro Endpoint Data Protection For the administration of the cynapspro Server, there are two tools available: The cynapspro Management Console: The cynapspro Management Console is the central interface for controlling all cynapspro functions. The management console can be accessed from any location, i.e. each administrator can run it from his work station. cynapspro AdminTool The cynapspro Admin Tool is used to configure or check the server settings. By installing the cynapspro client component, a kernel filter driver is installed on the Windows system. The task of the kernel filter driver is to monitor the rights that have been allocated to the user or computer. The use of the kernel filter driver has the advantage that all rights remain valid and effective when the computer is offline. Furthermore, the kernel filter driver ensures a much higher security and prevents incompatibilities and problems. The cynapspro client component should be installed on each workstation. System Requirements Before you start the installation: Please check whether your system meets all system requirements. Server Component To ensure a smooth installation, please ensure that the following system components are installed and available:  Windows Server 2000 / 2003 / 2008 (e.g. R2)  Directory Service: Active Directory Novell Client 4.91 SP2 or better  SQL-Server:
    • 6 cynapspro Endpoint Data Protection 2010 – Installation Guide SQL-Server 2000 SP3a SQL-Server 2005 SQL-Server 2005 Express Edition SQL-Server 2008 SQL-Server 2008 Express Edition MSDE (Microsoft SQL-Server Database Engine). The cynapspro architecture is based on a bi-directional communication. The use of push technology only requires a bare minimum of bandwidth in your network. Client Component For the client component, the following system requirements need to be met:  Windows 2000 (SP4 + RollUp 1)  Windows XP + SP2/SP3 32/64 Bit  Windows Vista (+ SP1) 32 or 64 Bit  Windows 7 32 or 64 Bit
    • 7 cynapspro Endpoint Data Protection 2010 – Installation Guide Installation Process If you already have a SQL Server or MSDE installed, you can immediately start with the installation. Otherwise, you should install a SQL server. A guide on how to install the free MSDE or SQL Server 2005 Express version is available in the appendix. Installation of the cynapspro Server First, you need to install the server component on your intended cynapspro server. Open the setup file (deviceprosetup.exe) provided via our download portal or on a disk. The installation routine will open in the Install Shield. Choose your setup language and a wizard will guide you through the installation routine. Click Next. If you agree with the license agreement, click on "I accept the terms of the license agreement". When you click Next, cynapspro is installed in the predefined destination folder. If you want to enter a different directory for the installation, you can click on change to define the destination yourself. A new window appears where you can select the desired folder: When you have selected the folder, click Next. Please enter at this point the following ports: - Client-Server XmlRpcPort. (Default: 6005) is used by clients to connect to the server - Server-Client Notification XmlRpcPort (Default: 6006) is used to alert the clients about rights changes made on the server Attention: The registered ports must be enabled in your firewall! Next you will be asked to select the directory service you are using in your organization. Click Next. You may uses as directory service either Active Directory, or Novell eDirectory (4.91 SP2 or higher), or an independent cynapspro directory structure. In the next window the settings for the directory service can be made: Active Directory Log-in Data Enter the name of your domain controller. Additional domain controllers can be added later in the Management Console. Define the Active Directory administrator as user and enter his password. Novell eDirectory Log-in Data When using an NDS server, the name of the NDS must be provided. Define under Context the context of your Novell environment. Enter the Novell Supervisor as user and enter his password. After correctly entering the login information please go to Next. The database server is now configured. Enter the name of your SQL server. Use Browse to select from the available database servers. Attention: If you use MSDE, the corresponding checkbox must be activated. (Compare with Preparation of the Installation using MSDE)
    • 8 cynapspro Endpoint Data Protection 2010 – Installation Guide If you do not select or specify a previously created database, a new database called "Device_Pro" will automatically be generated. Click on SQL authentication and enter your "sa" password. Alternatively, you can use Windows authentication. Click Next and start the Installation. The Install Shield now installs the cynapspro server components. Click Finish to exit the wizard.
    • 9 cynapspro Endpoint Data Protection 2010 – Installation Guide After the Installation You have completed the installation of the cynapspro server. If you have already purchased a license, you should go through the following steps. If you have installed the cynapspro server for evaluation purposes only, you can skip these steps. Open the cynapspro management console using the shortcut on your desktop. After successfully logging onto the cynapspro server, select Administration. Go to license management to deposit the licenses you have purchased by entering the name of the licensee and the license file in the appropriate fields. The name of the licensee is stored in the txt file that is provided with the license. Close the license extension with Accept. Your licenses have now been activated. The cynapspro AdminTool After successful installation of the cynapspro server, both server and database settings can be viewed or changed with the help of the DevicePro Admin Tool. By default, the tool is installed at C:Program Filescynapspro GmbHDevicePro 2010 and can be started from > Program Files > cynapspro GmbH > DevicePro 2010.
    • 10 cynapspro Endpoint Data Protection 2010 – Installation Guide Database Settings Click the button Validate to check the connection to the specified database. cynapspro solutions needs a database user who has all rights to the cynapspro database (DB Owner). Directory Service Settings A precondition for the synchronization of the directory structure is that the specified user has the necessary rights (List Contents, Read All Properties). Read access is fully sufficient, since no data is written in the Active Directory or eDirectory. Enter the host name of the directory service server in the field “domain controller”. Click the button Validate to check the connection. cynapspro Server Settings Two ports are used for the communication between the cynapspro server and the cynapspro clients. Here you can define the client-server and server-client XmlRpcPort notification port. The client-server XmlRpcPort is used by clients to connect to the server (default: 6005). The server-client notification XmlRpcPort serves to alert the clients about the rights changes made on the server (default: 6006). Loglevel Internal cynapspro operations are stored in a log file. The strength of the logs can be set here. Operation Modus: Errors Only Administration Modus: Detailed Debug Modus: Very Detailed
    • 11 cynapspro Endpoint Data Protection 2010 – Installation Guide Roll-Out of the cynapspro Agent Generate MSI Packet After the server installation has been completed, you can install the agents. Generate an MSI package for the installation of cynapspro agents. The settings for the package will automatically be copied from the current cynapspro server. When generating the MSI package, you can define whether you want the tray icon to be hidden in Windows. We recommend not hiding the tray icon in order to ensure an optimal offline support. By activating the checkbox Hide cynapspro agent service, the MSI package is generated in such a way, that users with administrative rights can no longer stop the service that is used for the communication between server and client. Password protected uninstallation prevents users with administrative rights from uninstalling the cynapspro agents. Installation of the Agent In the installation path of the server component, you will find the following files under MSI: - DPAgentSetup.msi
    • 12 cynapspro Endpoint Data Protection 2010 – Installation Guide - Install.bat - Uninstall.bat - Update.bat Copy these files to the workstations or on a network drive. To install the agents, run the file Install.bat on the workstation. You can change the installation path of the agent. This change can be made in the file install.bat or in the script with the command INSTALLDIR = "C: Program Files cynapspro GmbH DevicePro" Update the Agent If you have installed a new version of cynapspro Endpoint Data Protection on the server, you should also update the agents on the workstations. You can update the agents using one of the following methods: You can run the update automatically from the management console. In the Management Console got to Administration – Install / Update Agents. Here you can determine how many clients may download the MSI package right away and when the download and update process should be executed. Confirm your entry and select the agents that need to be updated. By pressing the button update, the automatic update process will start. To update manually, you must generate a new MSI package (see MSI package code).
    • 13 cynapspro Endpoint Data Protection 2010 – Installation Guide Then go to the installation path of the cynapspro server component and open the folder MSI. Copy the two files DPAgentSetup.msi and Update.bat to the corresponding computers or on a network drive. Run the file Update.bat. The software will immediately notice that a previous version of the cynapspro agent had been installed and will perform the update. Uninstallation of the Agent An uninstallation of the agent can be done using one of the following methods: - Copy the two files DBAgentSetup.msi and uninstall.bat in a folder that can be accessed by the client or directly onto the workstation. Start the file Uninstall.bat and uninstall the agent. - Use the command line „msiexec /x [installation path]MSIDPAgentSetup.msi“
    • 14 cynapspro Endpoint Data Protection 2010 – Installation Guide Installation of CryptionPro HDD "CryptionPro HDD is a product created as part of a cooperation between cynapspro and Secude. cynapspro contributes the central management interface for the management of Secude’s FinallySecure (total Data-At-Rest security with software- or hardware-based Full Disk Encryption, which can be downloaded at http://hdd.cryptionpro.de). CryptionPro HDD if fully integrated into the cynapspro Management Console that takes care of the complete installation and management of the hard disk encryption. For more information, please check the cynapspro Endpoint Data Protection 2010 User Guide. If your prefer to install cryptionpPro HDD manually, this is how you should proceed: Before the Installation We recommend that you run "Finally Secure SystemCheck.exe” before installing the HDD CryptionPro 2010 client component. The file is located in the FinallySecure folder. Alternatively, just install the Finally Secure client and the cynapspro Management Console takes care of the rest. Installation Process To start the installation of CryptionPro HDD 2010, please run the Setup.exe, which is also located in the FinallySecure folder. The first step is to choose a language for the installation and then confirm with OK. The installation wizard starts the installation in a new window. Click on the button Next to continue. Accept the license agreement and click Next twice, after reading the warning notice. In order to initialize the PBA and FDE, use the preselected checkboxes. You can also skip this point and do this at a later date in the cynapspro Management Console. Do not select initialization at this point. Next takes you to the next step, where you should select Complete in order to install CryptionPro 2010 HDD with all the features. If you select Custom, you have the option to choose the installation path. Start the installation in the next window using the Install button. After the installation has been completed, click Finish.
    • 15 cynapspro Endpoint Data Protection 2010 – Installation Guide Initialization of Finally Secure FDE: If you have previously selected initialization, the initialization of the FDE is automatically started. Alternatively, you can do so at a later time via the centrally controlled management of CryptionPro HDD 2010 and skip this point.
    • 16 cynapspro Endpoint Data Protection 2010 – Installation Guide Appendix Unattended Installation of cynapspro This allows you to carry out the installation of the server and the agents “unattended”. In addition you can do the synchronization and all the settings through a script, as well as import all the permissions using the xml interface. All this is fully automated, so no action from an administrator is required. Step 1 – Recording of Parameters Run the DeviceProSetup using the command line: DeviceProSetup.exe /r /f1"C:TempDeviceProSetup.iss”. All settings will be saved to the iss-file. Step 2 – Adjustments (optional) Change the settings in the iss-file. Step 3 - Unattended Server Installation Start the unattended server installation using the following command line: DeviceProSetup.exe /s /f1"C:TempDeviceProSetup.iss" /f2"C:TempDeviceProSetup.log" For a new installation “inheritance” is automatically activated. Step 4 – Import Licenses (optional) DPAdminTool.exe /license "LICENSE_FILE_PATH" /user USER_NAME Step 5 – Start Synchronization DPAdminTool.exe /sync /activate Step 6 – Define directory for the xml-file DPAdminTool.exe /impdir "FOLDER_PATH" [/impdirsuccess "FOLDER_PATH"] [/impdirfail "FOLDER_PATH"] Step 7 – Import Permission Settings Please note the following: No access = 0 Read access = 1 Full access = 3 If an error is found in a file, the entire file will not be imported but copied to the "Failed" list. Step 8 – Install Agent msiexec /i DPAgentSetup.msi /l*vx AgentInstall.log SERVER_NAME="server"
    • 17 cynapspro Endpoint Data Protection 2010 – Installation Guide Installation of SQL Server 2005 Express/MSDE You can choose between SQL Server 2005 Express or MSDE. Both are available free of charge from Microsoft. Microsoft SQL Server 2005 Express Edition Download the installation file from Microsoft, which can be found at: http://www.microsoft.com/downloads/details.aspx?familyid=4C6BA9FD-319A-4887-BC75- 3B02B5E48A40&displaylang=de Start the SQLEXPR_ADV_GER.EXE of the "Microsoft SQL Server 2005 Express Edition with Advanced Services." Agree to the terms of the Microsoft EULA and click Next. Now the components that are required for the SQL Server Setup will be installed. Click Next twice. The system configuration review should be completed with success. If this is the case, click the button Next to continue. The installation is started. In a next step you enter your name and company name and leave the checkbox Hide Advanced Configuration Options activated. In the next window, you can select the features, as well as the installation path. Select the data files, common tools, connectivity components and the Management Studio Express. Use mixed mode for authentication and define a password for the 'sa' user. Then click Next twice and complete the installation. Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) First you download the installation file from Microsoft at: http://www.microsoft.com/downloads/details.aspx?FamilyID=413744D1-A0BC-479F-BAFA- E4B278EB9147&displaylang=de Then open the GER_MSDE2000A.exe of MSDE. Read the Microsoft license agreement and click Yes. Enter the folder to unpack the files. If the folder does not exist, you will be prompted to create it. Then click Finish. After you have successfully unpacked the files in the specified folder, please execute the following command line to assign a SA password. [Installation] / setup.exe sapwd = "[password]" The MSDE database has been installed. You can now proceed with the installation of cynapspro.
    • 18 cynapspro Endpoint Data Protection 2010 – Installation Guide Automatic Distribution of the Agent (via AD) Thanks to Microsoft software distribution, you can automatically install the agent on all clients using the Active Directory. To do this, follow these steps: Set access permissions for all users on a network drive. Copy the DPAgentSetup.msi on this network drive. Open the OU Computer in the Active Directory and select Properties. Now click on Group Policy and create a new directive. Use Edit to open the Group Policy Editor. Go to computer configuration, software configuration, and then software installation and create a new package. Select the MSI file from the network drive. Got to software provisioning and click Advanced. Activate the checkbox Uninstall application if it is outside the scope of management in the register software provisioning.
    • 19 cynapspro Endpoint Data Protection 2010 – Installation Guide Congratulations! You are now familiar with the installation of cynapspro Endpoint Data Protection. Please consult the cynapspro User Guide for assistance on hoe to efficiently work with cynapspro solutions. If you need any help, we shall be happy to support you! We hope you’ll enjoy using our products. Copyright All Rights Reserved, 2004 - 2010 cynapspro GmbH. This document is copyrighted. All rights are reserved by cynapspro GmbH. Any other use, especially the disclosure to third parties, storage within a data system, distribution, processing, presentation, performance and production is prohibited. This applies to the entire document, as well as to any of its parts. Subject to change. The software described in this document is subject to continuous development. As a result, functions described in the documentation may differ from the actual software. Cynapspro and DevicePro ® are registered trademarks of cynapspro GmbH. All other product names and trademarks are the property of their respective owners. cynapspro GmbH Am Hardtwald 1 76275 Ettlingen Germany Phone +49 (0)7243-945-250 Fax +49 (0)7243-945-100 Email: contact@cynapspro.com Website: http://www.cynapspro.com