killa lost or stolen device.
Component
|
Description
|
---|---|
Enterprise
|
The Endpoint Encryption Enterprise is
the unique identifier about the organization in the PolicyServer database configured
when
installing PolicyServer. One PolicyServer database may have one Enterprise
configuration.
|
Database
|
The PolicyServer Microsoft SQL database securely stores all user,
device, and log data. The database is either configured on a dedicated server or added
to an
existing SQL cluster. The log and other databases can reside separately.
|
PolicyServer Windows Service
|
PolicyServer Windows Service manages all communication
transactions between the host operating system, Endpoint Encryption Service, Legacy Web Service, Client Web Proxy,
and SQL databases.
|
Endpoint Encryption Service
|
All Endpoint Encryption
5.0 Patch 3 agents use Endpoint Encryption Service to communicate with PolicyServer.
Endpoint Encryption Service uses a Representational State Transfer web API (RESTful)
with an
AES-GCM encryption algorithm. After a user authenticates, PolicyServer generates a
token
related to the specific policy configuration. Until the Endpoint Encryption user authenticates, the service denies all
policy transactions. To create a three level network topography, the service can also
be
separately deployed to an endpoint residing in the network DMZ, which allows PolicyServer
to
safely reside behind the firewall.
For information about deployment scenarios, see the Endpoint Encryption Installation and Migration Guide.
|
Legacy Web Service
|
All Endpoint Encryption 3.1.3
and older agents use Simple Object Access Protocol (SOAP) to communicate with PolicyServer.
Under certain situations, SOAP may allow insecure policy transactions without user
authentication. Legacy Web Service filters SOAP calls by requiring authentication
and
limiting the commands that SOAP accepts. To create a three level network topography,
the
service can also be separately deployed to an endpoint residing in the network DMZ,
which
allows PolicyServer to safely reside behind the firewall.
For information about deployment scenarios, see the Endpoint Encryption Installation and Migration Guide.
|