About PolicyServer Parent topic

Trend Micro PolicyServer manages encryption keys and synchronizes policies across all endpoints in the organization. PolicyServer also enforces secure authentication and provides real-time auditing and reporting tools to ensure regulatory compliance. You can flexibly manage PolicyServer with PolicyServer MMC or with Trend Micro Control Manager. Other data management features include user-based self-help options and device actions to remotely reset or kill a lost or stolen device.
The following table describes the PolicyServer components that you can deploy on one server or multiple servers, depending on environmental needs.

PolicyServer Components

Component
Description
Enterprise
The Endpoint Encryption Enterprise is the unique identifier about the organization in the PolicyServer database configured when installing PolicyServer. One PolicyServer database may have one Enterprise configuration.
Database
The PolicyServer Microsoft SQL database securely stores all user, device, and log data. The database is either configured on a dedicated server or added to an existing SQL cluster. The log and other databases can reside separately.
PolicyServer Windows Service
PolicyServer Windows Service manages all communication transactions between the host operating system, Endpoint Encryption Service, Legacy Web Service, Client Web Proxy, and SQL databases.
Endpoint Encryption Service
All Endpoint Encryption 5.0 agents use Endpoint Encryption Service to communicate with PolicyServer. Endpoint Encryption Service uses a Representational State Transfer web API (RESTful) with an AES-GCM encryption algorithm. After a user authenticates, PolicyServer generates a token related to the specific policy configuration. Until the Endpoint Encryption user authenticates, the service denies all policy transactions. To create a three level network topography, the service can also be separately deployed to an endpoint residing in the network DMZ, which allows PolicyServer to safely reside behind the firewall.
Legacy Web Service
All Endpoint Encryption 3.1.3 and older agents use Simple Object Access Protocol (SOAP) to communicate with PolicyServer. Under certain situations, SOAP may allow insecure policy transactions without user authentication. Legacy Web Service filters SOAP calls by requiring authentication and limiting the commands that SOAP accepts. To create a three level network topography, the service can also be separately deployed to an endpoint residing in the network DMZ, which allows PolicyServer to safely reside behind the firewall.