search cancel

Making Symantec Endpoint Encryption Management Server Public Facing

book

Article ID: 227219

calendar_today

Updated On:

Products

Endpoint Encryption Desktop Email Encryption Drive Encryption Encryption Management Server File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Symantec Endpoint Encryption is a solution that can manage your SEE Drive Encryption or SEE Removable Media Encryption clients centrally by the SEE Management Server.  This has full policy management as well as management of recovery keys and other features.  As the SEE Management is installed on-premise in order for clients to check in and download policy, the SEE Clients must also be on the network.  If the SEE Clients are not on the network, checking in with the server or downloading policy is not possible until the client makes a VPN connection.

Making the SEE Management Server available to the internet, or making it public facing requires some configuration using some additional network solutions that a typical environment would normally have so it is possible to accomplish this.  This article will discuss some of the recommendations that can be used to be able to make your SEE Management Server available to the internet so the SEE Clients can check in even if they are not on the network.

Resolution

The key component in all of this is security.  This article does not assume all security considerations have been taken into account, but provide some ideas for how this could be deployed in your environment.  Only make available services that are not hosting private information.  If there are any doubts in how your deployment is configured, consult with your security group to ensure it is done properly for your environment.

Symantec Enterprise Support can offer some general guidelines for how the server should be deployed, but would not be a substitute for a full network security review and how this is best done for your specific/unique needs.

Caution: In going through these steps to make the SEE Management Server connections available from the internet, ensure that only HTTPS/443 is being used for the SEE Client Connections and Communications.  If TLS is not being used, do not make the server available publicly.  

 

Click the attachment on the bottom of this page for the document that can provide you some ideas to get started in this endeavor.   

Symantec Endpoint Encryption is also fully supported and certified to be used with Amazon Web Services or Microsoft Azure.  See the System Requirements for more details on this.

Additional Information

ISFR-1485, EPG-23722

227509 - Migrating from Symantec Encryption Desktop to Symantec Endpoint Encryption (Drive Encryption components)

240321 - OAuth Communications with Symantec Endpoint Encryption 11.4 and above

 

Attachments

1635446430550__Deploying SEE Management Server to be Internet Facing-1.pdf get_app