How To Install Symantec Encryption Management Server
search cancel

How To Install Symantec Encryption Management Server


Article ID: 178417


Updated On:


Encryption Management Server Gateway Email Encryption Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK


How To Install Symantec Encryption Management Server. For a Pictured version of the installation, see the following article:

157080 - Pictured Installation Guide for Symantec Encryption Management Server


VMware Virtual Machine Template

Symantec Encryption Management Server (PGP Server) 10.5 uses Red Hat Enterprise Linux 7, so when you build your machine machine, use RHEL 7, but know that you will use the ISO that is available via the  Broadcom Download Portal to install the actual operating system for the PGP Server.


Hard Disk Recommendations:
For Symantec Encryption Management Server managing Drive Encryption or File Share Encryption Only, allocate 100GBs of Hard Drive space.
For Symantec Encryption Management Server hosting the Web Email Protection service for many accounts, allocate 800GBs

Note: The disk space allocations are general guidelines that work for most customers.
More or less space may appropriate, but using the above guidelines will typically cover most scenarios


This article provides a quick summary of the content of the installation guide.

Symantec Encryption Management Server Installation Guide

The Symantec Encryption Management Server is installed using an ISO image that is available for download.  For information on how to download, see the following article:

193931 - How to download Symantec Encryption products from the Broadcom download Portal (And where to find the license number for PGP)

Downloads include the following:

  • Full server package containing all desktop clients, documentation and additional material.
  • Installation only package.
  • Stand-alone client installer files

The server software can be installed in either a virtual machine environment or on physical hardware.

See the System Requirements document for information on hardware requirements as well as Release Notes.


If using a virtual machine, refer to the best practices for creating a new virtual machine for Symantec Encryption Management Server:
156207 - Best Practices for creating a Virtual Machine for Encryption Management Server


Virtual Machine requirements with Drive Space and RAM

Note: VMware Tools must be installed and configured in the Symantec Encryption Management Server operating system.

Disk space requirements for a stable operation:

Small/medium environment - This includes environments that manage a small number of Drive Encryption clients or a Keyserver only:
100 GB minimum allocated to the VMware instance; 8 GB RAM dedicated to the VMware instance, and in a cluster at least 16GBs.

Medium/large environment - This includes other environments that actively encrypt mails and/or host Web services:
100 GB minimum allocated to the VMware instance; 16 GB RAM dedicated to the VMware instance.

For busier environments, it's recommended to use 16-32GBs of memory and test for system performance. 
Your environment needs at least 16GB, but could be less than 32GBs depending on performance within your specific environment.  


Symantec Encryption Management Server - Considerations:

In order to use all available functionality, consider the following environmental requirements for Symantec Encryption Management Server.

  • Installation - The software can only work on a dedicated machine (physical hardware or virtual machine).
  • Daily backups - Can be stored locally or uploaded to a remote FTP or SSH server.
  • SNMP - You can download MIB files from the server to monitor its health.
  • Communication - The server is reachable via a web browser administrator interface using port 9000 and client communication uses port 443. A trusted certificate may be used to secure connections between the server and it may be also necessary to adjust firewall settings to allow for server communication traffic.
  • Directory Synchronization - Depending on your configuration you may want to add an LDAP-Server to lookup whenever a new internal user is created. You may have to configure your firewall for to use port 389 or 636.
  • Daily Status Emails - You can configure daily status emails for the server. So the Symantec Encryption Management Server must be able to send out those emails via a specified mail route.
  • Clustering requirements can be found with the following article:
    154069 - Best Practices: Environmental Requirements for Symantec Encryption Management Server clustering (previously PGP Universal Server)

Symantec Encryption Management Server - Installation:

For a quick illustrated guide and overview, see the following article:
157080 - Pictured Installation Guide for Symantec Encryption Management Server

After the setup is complete, your server will be in Learn Mode. This is a training mode which the server does not encrypt mail messages, but allows you to see how mail traffic would be affected by the mail policies you configure. When you are done with configuring the server, you can disable the Learn Mode with the yellow button in the upper right corner of the administrative interface.


 By clicking the yellow hat you'll see this: