SafeGuard Enterprise components

SafeGuard Enterprise Backend      BKD

The backend provides the policies for managing SafeGuard Enterprise endpoints. It consists of:

Srv

SafeGuard Enterprise Server:

For SSL as default transport encryption method for the client-server communication, the Basic Authentication role needs to be installed.

It comes with two subcomponents:

Web Helpdesk (optional)

WHD

Web Heldesk is a web-based recovery solution for managed clients. Web Helpdesk offers help to users who fail to log on or to access SafeGuard Enterprise encrypted data by providing a user-friendly Challenge/Response mechanism, see Web Helpdesk.

Server Task Scheduler

STS

The SafeGuard Management Center offers the Task Scheduler to create and schedule periodic tasks based on scripts, for example to synchronize your Active Directory and the SafeGuard Enterprise Management Center.

The tasks are automatically run by a service on the SafeGuard Enterprise Server to execute the scripts specified.

MC

SafeGuard Management Center

The Master Security Officer (MSO) uses the SafeGuard Management Center to manage the database content and to create new security instructions (policies).

Central management tool for SafeGuard Enterprise protected endpoints, used for managing keys and certificates, users and computers, and for creating SafeGuard Enterprise policies. The SafeGuard Management Center communicates with the SafeGuard Enterprise Database. .NET Framework 4.5 is required.

Installation package: SGNManagementCenter.msi

Multi tenancy mode

MTM

The SafeGuard Management Center installation package comes with an option to install it in multi tenancy mode.

If you do so, it supports multiple databases by using tenant-specific database configurations (Multi Tenancy). You can set up and maintain different SafeGuard Enterprise Databases for different tenants such as company locations, organizational units or domains.

For each database (tenant), you need to set up a separate SafeGuard Enterprise Server instance. Each database must be the same version. For example, it is not possible to manage SGN 7 databases and SGN 8.3 databases with a single SGN 8.3 Management Center.

DB

SafeGuard Enterprise Database

The SafeGuard Enterprise Database(s) hold all relevant data such as keys/certificates, information about users and computers, events and policy settings. The database needs to be accessed by the SafeGuard Enterprise Server and by only one security officer through the SafeGuard Management Center, usually the Master Security Officer. The SafeGuard Enterprise Database(s) can be generated and configured using a wizard or scripts.

You can create the database during the initial configuration of the SafeGuard Management Center using a wizard or via script and establish the connection between SafeGuard Management Center, database and SafeGuard Enterprise Server manually.

Windows endpoints      WinClient

SafeGuard Enterprise provides installer packages for full disk encryption and file encryption.

Depending on your requirements you can choose from several file encryption packages. You have to decide whether you want to encrypt all files saved by specific applications anywhere on the computer (application-based) or if you want to encrypt files in certain locations only (location-based).

You cannot install Synchronized encryption (application-based) and the location-based file encryption packages (CS, FE, DX) on one computer.

SafeGuard Enterprise protected endpoints can either be connected to a SafeGuard Enterprise Server (managed) or they are operated without any connection to a SafeGuard Enterprise Server (unmanaged). Managed endpoints receive their policies directly from the SafeGuard Enterprise Server. Unmanaged endpoints receive their policies and policy updates inside configuration packages that have to be installed on the computers.

CBM

Client Base Module

The Client Base Module provides the required core services and authentication modules.

BL

BitLocker (Windows Native Device Encryption)

Allows you to manage BitLocker on Windows 8.1 and Windows 10 endpoints.

SyncEnc

Synchronized Encryption

Encrypts files regardless of where they are stored. (application-based). You can define a list of applications which files are encrypted automatically.

CS

Cloud Storage

Offers file-based encryption of data stored in the cloud (location-based).

FE

File Encryption

Offers location-based file encryption on local drives and network locations, mainly for work groups on network shares.

DX

Data Exchange

Offers file-based encryption of data stored on removable media connected to a computer and allows to securely exchange this data with other Windows users.

macOS endpoints      macClient

SafeGuard Enterprise provides installer packages for managing FileVault 2 full disk encryption and for file encryption. If you want to encrypt files and share them with Windows endpoints, you have to use SafeGuard File Encryption for macOS.

FV2

FileVault 2 (SafeGuard Native Device Encryption for Mac)

Allows you to manage FileVault2 on Macs.

macOSFE

SafeGuard File Encryption

Offers file-based encryption on local drives, network shares, removable drives, and in the cloud.

With SafeGuard File Encryption for Mac, you can safely encrypt and decrypt files and exchange these files with other users on Macs or Windows PCs.

To read files encrypted by SafeGuard Enterprise on mobile devices, use Sophos Secure Workspace for iOS or Android.