The PGP Encryption Server can protect the server so that after it is rebooted, it will not load completely until a password is entered in the web console.

After rebooting your PGP Encryption Server (Symantec Encryption Management Server) it displays the following message:

"Server is currently locked.

Unlock Server With Soft-Ignition Passphrase

You have the option to unlock the server by entering your Ignition Key passphrase or by using the Organization Key."

Although the PGP Encryption Server should be fully secured geographically and on the network so that only authorized users have physical access, Ignition Keys can protect the data on the PGP Encryption Server in the unlikely event that physical access to the server is available for unauthorized users.

In order for someone to gain unauthorized access, they would need to have physical access to the server, meaning they would need to be able to access the server room, or the actual Virtual Machine where the PGP Server is installed.  These levels of access are not typically available to any administrator except for "Super Users" or the highest-level access administrators.

If the PGP Encryption Server is rebooted, it assumes that this access may be available, and so it will not fully boot up without proper authenticaiton.

Unlock the PGP Encryption Server using one of the following options:

Option 1. Enter your passphrase for your ignition key and click the Unlock button.

Option 2. Click the Unlock with Organization Key button and choose to import your saved key file or key block. Then click the Import button.

During the installation of the server or after setup is complete, you can configure an ignition key to secure the server.

When an Ignition Key is configured, the Organization Key is encrypted to the Ignition Key. If you lose your passphrase for your ignition key, you can use your Organization Key to unlock the server.

If you do not have a backup of your Organization Key and the passphrase for the Ignition Key is lost, the server cannot be unlocked.

All PGP Encryption Server backup files are also encrypted to your Organization Key before they are sent to a backup location, making it critical to backup your Organization key.  For more information on how to backup your Org key, see the following article:

180196 - HOW TO: Backup the Organization Key on the PGP Encryption Server (Symantec Encryption Management Server)

180196 - HOW TO: Backup the Organization Key on the PGP Encryption Server (Symantec Encryption Management Server)

180249 - HOW TO: Configure the Backup Location and schedule for Encryption Management Server

153588 - Restore Backup files to Symantec Encryption Management Server (PGP Server)

153318 - Restoring Encryption Management Server Backups larger than 2GB