search cancel

Using Symantec Encryption Management Server in Azure Cloud Infrastructure (PGP Server)

book

Article ID: 254744

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Symantec Encryption Management Server includes several features to simplify encryption, including Email Encryption, Secure Content Delivery, including Web Email Protection and Secure PDF Messenger, as well as being able to manage keys, and Symantec Encryption Desktop clients.  The server is certified for internet-placement scenarios, and undergoes all the rigorous security testing and reviews.  The server is also an on-premise solution, which means that you deploy the solution within your own infrastructure, but can then be placed in a public-facing scenario. 

There are several cloud solutions where a cloud vendor hosts your instance, but you still retain the capabilities of your product.  Symantec Encryption Management Server does not officially certify these solutions, but may work well within them provided the installation can work in a default setting.  This article will go over some of the basics that you can consider for Azure cloud.

Resolution

In order to use the PGP server in Azure there is a migration tool that you will use to migrate the VM from VMware to the Azure virtual machine.

Doing this migration will not change the operating system, rather, what it does is migrates the VMware virtual machine to Azure's infrastructure.

When doing this migration, it is important to have an SSH key uploaded to the PGP server so that connectivity is possible after the upgrade in case the UI is not accessible.
This is a critical step, so if you are unable to do this step, reach out to Symantec Encryption Support to ensure this step is done properly. 


The requirements for using PGP Server in Azure are the following:

*No third-party applications can ever be installed on the PGP Server's backend operating system.
*No modifications to the PGP Backend operating system are made.
*The IP Address and networking for the PGP server must remain static (No DHCP).

 

If an OVF is needed for the PGP Server, you would first install with the ISO for PGP Server inside of VMware and then within the VMware tools, you would export to OVF. 

The OVF format could then be adapted to other solutions, such as Azure as long as the above requirements are met.

 

Additional Information

231076 - Using Symantec Encryption Management Server with Oracle Cloud (PGP Server)

ISFR-1914/EPG-20914