S Dell Data Protection | Protected Workspace Administrator’s Guide Dell Data Protection | Protected Workspace
© 2013 Dell Inc. Trademarks used in this text: Dell™, the DELL logo, Dell Precision™, OptiPlex™, Latitude™, and Vostro™ are trademarks of Dell Inc. Intel®, Pentium®, Xeon®, Core™ and Celeron® are registered trademarks of Intel Corporation in the U.S. and other countries. Microsoft® and Windows® are registered trademarks of Microsoft Corporation in the United States and/or other countries. June 2013 Rev.
Table of Contents Section 1 – Overview and Basic Installation ........................................................................................... 5 Purpose and Intended Audience ............................................................................................................................ 5 What is Dell Data Protection | Protected Workspace? ............................................................................................. 5 System Requirements ...............................
Manually Troubleshooting Installation Issues .................................................................................................... 16 Manually Troubleshooting Post‐Installation Issues ............................................................................................
Section 1 – Overview and Basic Installation Purpose and Intended Audience This guide is intended for IT administrators who will be installing, deploying, and administering DDP | Protected Workspace. This guide is designed to help identify system requirements, identify pre‐ deployment tasks and to suggest deployment methodologies.
Supported Software DDP | Protected Workspace leverages software installed on an end user machine and runs that software inside an isolated environment. To ensure proper functionality within the isolated environment, only certain software and versions are supported. Any unsupported software or version will not be moved into the isolated environment and will continue to only run in the native interface.
Section 2 – Enterprise End‐User Deployments Deploying Dell Data Protection | Protected Workspace with Software Deployment Tools DDP | Protected Workspace installation is supported with many different software deployment tools. Currently, Protected Workspace is tested with GPO, IBM Tivoli Endpoint Manager (previously BigFix), Microsoft SCCM and Symantec Altiris, however deployments should work with all deployment tools.
Connectivity requirements Product Activation After installing DDP | Protected Workspace, the product requires internet access in order reach out to the activation servers. If internet access is not available, the product will ask the user to check the settings and try again. If the environment contains a web proxy or other device, it is important that access to http://delllicense.invincea.com be allowed on port 80.
Product Updates DDP | Protected Workspace is designed to notify the user when an update is available. When an update is applied, the update will be downloaded in the background while the product is running, and will apply when the product is restored or exited and restarted. During the update process, a dialog box will display over the system tray, indicating that the update is taking place.
Section 3 – Administration End‐User Experience Threat Detection DDP | Protected Workspace offers built in threat detection to help identify if the DDP|PW environment has been compromised by an untrusted process. When suspicious activity has been detected, a dialog will display over the system try indicating that the user should restore to a clean session.
If the user chooses to restore later by dismissing the Suspicious Activity dialog the Protected Workspace icon on the system tray will turn red until the user restores DDP | Protected Workspace to a clean state. DDP | Protected Workspace ensures that any threat is contained within the protected environment and that the end user system has been protected.
Additionally, from the Apps tab, users will be able to select which browser will be used to open webpages by default within the protected environment. The user can select “Use this browser to open web pages” for either Internet Explorer or Firefox.
Administrative Preferences Override In some organizations, administrators may want to disable the ability for DDP | Protected Workspace from reaching out to the DDP|PW servers for software updates, error reporting and threat detection reporting. These options can be disabled by adding an override file on each PC. It is recommended that these options not be used unless absolutely necessary. The override file is a simple XML file that can be created in Notepad or a similar text editor.
Administrative Trusted Sites Override By design the DDP | Protected Workspace product runs the users native web browsers within an isolated environment. This isolated environment keeps the user’s PC safe from malicious content but can also cause some interoperability issues with certain websites. If these websites are business critical and trusted, the users have the ability to manually trust them locally.
^https://internal\.dell\.com:8080/.* The above entry will match the exact site and port specified and anything that follows. To add local IP subnets, use the following format: ^https://192\.168\.1\.*(:\d{1,5})?/.* The above entry will match any URL that uses http or https, and is accessed with a 192.168.1.x subnet IP address. It also allows for any port to be used on this URL. It is important to note that trustedsites is not able to do DNS lookups.
User Trusted Sites List From DDP | Protected Workspace, a user has the ability to trust sites locally. These sites will be added to the beginning of the list of sites provided within an administrative override file. For example, if an admin trusts the following: ^https://([^/]*\.)*sharepoint\.* ^https://([^/]*\.)*myinternalserver\.* And a user trusts: google.com yahoo.com Then the full list of trusted sites for this PC will include all of the sites outlined: ^https?://([^/]*\.)*google\.com/.
As with the installer log files, errors will be noted at ERROR or FATAL after the date and time stamp. 2012‐05‐02 08:04:33,203 ERROR Inv.MC.TCPConnection connection was forcibly closed by the remote host ‐ [5864] SSL Handshake error: An existing The second file is the log file for the instance of DDP | Protected Workspace running under a user context. This file is named inv.log and is located in the users AppData folder. Each user on a single PC will have an inv.log file.
