Encryption Management Server replicates data without the Ignition Key passphrase being entered
Article ID: 190852
Updated On:
Products
Encryption Management Server Powered by PGP Technology
Gateway Email Encryption Powered by PGP Technology
Issue/Introduction
An Encryption Management Server Ignition Key protects certain data by encrypting it.
The following data items are encrypted with the ignition key:
After the administrator successfully logs into Encryption Management Server they are prompted for the ignition key passphrase. They are only prompted for the ignition key passphrase after each reboot of the server.
If a server is rebooted but the administrator does not login, the server will still replicate data with other cluster members if it is part of a cluster.
The following data items are encrypted with the ignition key:
- Organization Key.
- Keys of internal and external users if they are SKM (Server Key Mode) keys.
- Whole Disk Recovery Tokens (WDRTs).
- Web Email Protection messages - this is optional.
After the administrator successfully logs into Encryption Management Server they are prompted for the ignition key passphrase. They are only prompted for the ignition key passphrase after each reboot of the server.
If a server is rebooted but the administrator does not login, the server will still replicate data with other cluster members if it is part of a cluster.
Environment
Encryption Management Server release 3.3.2 MP13 and above.
Resolution
The only way to prevent Encryption Management Server from replicating data after a reboot is to isolate it from the network.
Feedback
Yes
No
Powered by
