Full Disk Encryption Policy Synchronization

The following list explains the events that initiate policy synchronization between agents and PolicyServer:

  • After the operating system loads and the agent service starts

    For information about Endpoint Encryption services, see Endpoint Encryption Services.

  • When the Full Disk Encryption preboot starts

  • At regular intervals based on the PolicyServer synchronization policy

  • Manually, from the agent context menu or from the Full Disk Encryption preboot

    See Manually Updating Full Disk Encryption Agents.

Note:

Device actions initiate after the agent receives policy updates.

Full Disk Encryption Connectivity Requirements

Endpoint Encryption uses a FIPS 140-2 approved encryption process for data passed between the Full Disk Encryption preboot and PolicyServer. Full Disk Encryption agents that have network connectivity to PolicyServer can receive policy updates and upload audit data from the agent. All client-server communications are internally encrypted and can be sent over insecure connections such as the Internet.

You can place PolicyServer within a DMZ (Demilitarized Zone) for access to both internal networks and the Internet. For information about different network topology configurations, see the Endpoint Encryption Installation Guide.

Table 1. Full Disk Encryption Connectivity Requirements

Resource

Function

PolicyServer

Updated security policies from PolicyServer are sent to the Full Disk Encryption preboot or by connectivity established within Windows, LAN, or VPN.

TCP/IP Access

Network connectivity requires full TCP/IP network access; dial-up or telephone access cannot be used to provide connectivity with PolicyServer during preboot authentication.

Port

Endpoint Encryption agents communicate using port 8080 by default. To change the default port number, go to Recovery Console and update the PolicyServer. For details, see Changing the Full Disk Encryption PolicyServer.

Manually Updating Full Disk Encryption Agents

Full Disk Encryption agents automatically receive policy updates from PolicyServer at intervals determined by policy.

Do either of the following to manually update policies.

  • Use the Full Disk Encryption preboot.
    1. Go to Communications > Synchronize policies.
    2. Go to Computer > About Full Disk Encryption.

      The timestamp of the latest PolicyServer policy synchronization displays.

  • Use the Full Disk Encryption agent.
    1. Double-click the Full Disk Encryption icon () in the Windows system tray.

      The Full Disk Encryption agent opens.

    2. Click Synchronize with PolicyServer.

      After a moment PolicyServer enforces all new policies changes.