How To Install Symantec Encryption Management Server


Article ID: 178417


Updated On:


Encryption Management Server Gateway Email Encryption




This article provides a quick summary of the content of the installation guide.

For more complete details, see the installation guide available here:

The Symantec Encryption Management Server is installed using a CD image that is available for download at The product download page includes the following options:

  • Full server package containing all desktop clients, documentation and additional material.
  • Installation only package.
  • Stand-alone client installer files

Note: See for examples on how to create a CD image.

The server software can be installed in either a virtual machine environment or on physical hardware.

The current Encryption Management Server Certified Hardware List is available here:

If using a virtual machine, refer to the best practices for creating a new virtual machine for Symantec Encryption Management Server:

Virtual Machine requirements

Note: VMware Tools must be installed and configured in the Symantec Encryption Management Server operating system.

Disk space requirements for a stable operation:

Small/medium environment - This includes environments that manage a small number of Drive Encryption clients or a Keyserver only:
50 GB minimum allocated to the VMware instance; 4 GB RAM dedicated to the VMware instance.

Medium/large environment - This includes other environments that actively encrypt mails and/or host Web services:
100 GB minimum allocated to the VMware instance; 8 GB RAM dedicated to the VMware instance.

Symantec Encryption Management Server - Considerations:

In order to use all available functionality, consider the following environmental requirements for Symantec Encryption Management Server.

  • Installation - The software can only work on a dedicated machine (physical hardware or virtual machine).
  • Daily backups - Can be stored locally or uploaded to a remote FTP or SSH server.
  • SNMP - You can download MIB files from the server to monitor its health.
  • Communication - The server is reachable via a web browser administrator interface using port 9000 and client communication uses port 443. A trusted certificate may be used to secure connections between the server and it may be also necessary to adjust firewall settings to allow for server communication traffic.
  • Directory Synchronization - Depending on your configuration you may want to add an LDAP-Server to lookup whenever a new internal user is created. You may have to configure your firewall for to use port 389 or 636.
  • Daily Status Emails - You can configure daily status emails for the server. So the Symantec Encryption Management Server must be able to send out those emails via a specified mail route.
  • Clustering requirements can be found here:

Symantec Encryption Management Server - Installation:

For a quick illustrated guide and overview, see the following article:

Further details about the initial text mode installation steps, see the following article:

For how to configure and license the server via the administrative interface, see this article:

After the setup is complete, your server will be in Learn Mode. This is a training mode which the server does not encrypt mail messages, but allows you to see how mail traffic would be affected by the mail policies you configure. When you are done with configuring the server, you can disable the Learn Mode with the yellow button in the upper right corner of the administrative interface.