Specifications
Introduction
| 13
• Configuring Endpoint Encryption for Files and Folders Policies
• Creating and assigning Endpoint Encryption for Files and Folders keys
Database Server
Figure2:EndpointEncryptionServer
The Endpoint Encryption Database Server facilitates connections between Endpoint
Encryption entities such as the Endpoint Encryption for Files and Folders Client and
Endpoint Encryption Manger, and the central Object Directory over an IP connection
(rather than the file based "local" connection). The server performs authentication of
the entity using DSA signatures, and link encryption using Diffie-Hellman key
exchange and bulk algorithm line encryption. This ensures that "snooping" the
connection cannot result in any secure key information being disclosed.
The server exposes the Object Directory via fully routed TCP/IP, meaning that access
to the Object Directory can be safely exposed to the Internet / Intranet, allowing
clients to connect wherever they are. As all communications between the Server and
client are encrypted and authenticated there is no security risk in exposing it in this
way.
Object Directory
The Object Directory is the central configuration store for the Endpoint Encryption for
Files and Folders policies and is used as a repository of information for all the Endpoint
Encryption entities. The default directory uses the operating systems file system driver
to provide a high performance scalable system which mirrors an X500 design. The
standard store has a capacity of over 4 billion users and machines.