PGP Universal Server

Overview

Enterprises are increasingly deploying encryption to protect their most sensitive information. Unfortunately, deploying point solutions to protect email, disks, and files involves deploying and managing multiple management consoles. This piecemeal approach prevents organizations from addressing new requirements in a timely, cost-effective manner.

PGP Universal™ Server manages security policy across multiple applications to defend sensitive data and avoid the financial loss, legal ramifications, and brand damage resulting from a data breach. As the foundation of the PGP® Encryption Platform architecture, PGP Universal Server manages PGP Encryption Platform–enabled applications that provide email, disk, and network file encryption. PGP Universal Server provides:

• Key management-Creates, distributes, and stores encryption keys while maintaining the organization's ability to allow authorized personnel to access encrypted data.
• Policy enforcement-Delivers centralized policy configuration and removes the risk of inconsistent or incorrect policy configuration.
• Reporting and logging-Provides visibility into the current state of data protection to help satisfy management and auditor requirements.
• Extensible framework-Reduces the time and cost of deploying future encryption applications by eliminating redundant management infrastructures.

Using PGP Universal Server, an organization can deploy one encryption application to address an immediate tactical requirement and then deploy additional applications later, as required. This strategic approach to encryption allows the enterprise to quickly adapt to emerging requirements for encryption using a single encryption management console.

Technical Specifications

Technical Specifications

Supported Web Browsers for Administration

• Apple Safari
• Microsoft Internet Explorer
• Mozilla Firefox

Standards-Based Interfaces

• HTTPS
• LDAP/S
• SOAPS

Directory Integration

• Microsoft Active Directory 2003
• Microsoft Active Directory 2000
• Lotus Notes/Domino Directory 7.0
• OpenLDAP 2.3.x
• Lotus Notes/Domino Directory 6.5
• PGP® Global Directory

Key and Certificate Management

• OpenPGP
• X.509 v3

Managed Encryption Applications

• PGP Universal™ Gateway Email
• PGP® Desktop Email
• PGP® Desktop Professional
• PGP® Desktop Storage
• PGP® Desktop Corporate
• PGP® NetShare
• PGP® Whole Disk Encryption
• PGP® Support Package for BlackBerry

Minimum System Requirements – Certified Hardware & Virtualization

Certified Server Hardware

PLEASE NOTE: To qualify as a PGP® certified server the server MUST be one of the vendor models listed below AND be configured EXACTLY per the component list below.  

1. Dell PowerEdge 2950 - Dual Quad-Core Intel XEON L5420 @ 2.50 GHz - 8 GB RAM - DVD-ROM Four 146 GB 15K SAS HD - PERC6/i RAID Redundant Power Supply Medium/large environment production unit, cluster member (See the Additional Information in the Release Notes for more information on using PGP Universal Server with this system.)

2. Note: This model requires an external network card to be compatible with PGP Universal Server. The default Broadcom NetExtreme II BCM5708 Gigabit Ethernet controller does not work with PGP Universal Server and is not supported. The following external network card is supported: Intel 10/100/1000 Dual/Quad port - Intel 82571EB Gigabit Ethernet controller Intel LAN Card: D33682
   

3. IBM System x3650 - Quad-Core Intel XEON E5345 - 8 GB RAM 3 x 73 GB 15K RPM 3.5" Hot-Swap SAS - SeveRAID-8k Medium/large environment production unit, cluster member
4. 
   
5. IBM BladeCenter HS20 Type 7981 - Intel XEON - 1 GB RAM BladeCenter Type 8677 Enclosure and Cisco Intelligent Gigabit Ethernet Switch Module for IBM BladeCenter Dual 73 GB 10K RPM SAS HD - LSI 1064 SAS RAID Small/medium environment production unit (See the Additional Information section in the Release Notes, Installing on IBM BladeCenter HS20 Type 7981, for more information on using PGP Universal Server with this system.)
6. 
   
7. SunFire4150 - Intel XEON E5410 2.3 GHz Quad-Core - 8 GB RAM - DVD-ROM 3 x 146 GB 10K 2.5" SAS Adaptec AAC-RAID Medium/large environment production unit, cluster member
8. 
   
9. HP Proliant DL360 G5 - Quad Core Intel Xeon - 8 GB RAM - DVD-ROM 3 x 146 GB 10K RPM 2.5" Hot Swap SAS disk - Smart Array P400i RAID Medium/large environment production unit, cluster member
10. 
    
11. HP ProLiant DL385 G2- Dual AMD Opteron 2216 HE Dual Core - 8 GB RAM - DVD-ROM Dual 72 GB 10K SAS Drives - RAID controllers: Smart Array P400, P600, and P800 Redundant Power Supply Medium/large environment production unit, cluster member
12. 
    
13. HP Proliant BL460c - Single 3 GHz Quad Core Intel Xeon E5450 - 4 GB RAM HP Blc300 Server Blade Enclosure and GbE2c Ethernet Blade Switch for HP c-Class Dual 146 GB SAS HD - SmartArray E200i RAID Small/medium environment production unit
14. 
    
15. NEC Express5800 120Rj-2 -Dual 3 GHz Quad Core Intel Xeon 5450 - 4 GB RAM - DVD-ROM Disk Array Controller (Internal SAS HDD) 146 GB HDD x 3 (RAID 5) Medium/large environment production unit, cluster member

Disk space requirements:

Small/medium environment - 50 GB minimum allocated to the VMWare instance; 4 GB RAM dedicated to the VMWare instance.
Medium/large environment - 100 GB minimum allocated to the VMWare instance; 8 GB RAM dedicated to the VMWare instance.

Other Configurations

While a broad array of other hardware may work well with PGP Universal Server, incompatibilities related to hardware that is not one of the above systems will not be supported.

To qualify as PGP Universal Server Certified Hardware, the server must be one of the models listed and all components must be configured as specified.

Changing the sizes of hard disks within the same type of drive (for example, 36 GB SCSI to 73 GB SCSI), increasing memory configurations, and increasing processor speeds within the same type and family qualifies as the same system for Support purposes.

Certified Virtualization

• VMWare ESX 3.0.2, 3.5 - Supported platform, non-hardware. Sufficient processing power equivalent to a 3 GHz Intel Xeon must be dedicated to the PGP Universal VM.
  
  VMWare tools must be installed and configured inside the PGP Universal operating system.  More information on VMware ESX Server hardware compatibility is available in the "Systems Compatibility Guide for ESX Server 3.x" from VMware [external link to VMware.com]

FAQ

General

What is PGP Universal Server and why is it important?

PGP Universal Server is the administration server that provides centralized encryption management for PGP Encryption Platform–enabled applications, including PGP® Desktop Email, PGP® Whole Disk Encryption, PGP® NetShare, and PGP Universal™ Gateway Email. Deploying PGP Universal Server allows an organization to control and monitor the enforcement of information security policy across multiple PGP® applications.

What business problem does PGP Universal Server solve?

PGP Universal Server addresses the business need to secure data across the enterprise while controlling costs, reducing administrative burdens, and making encryption transparent to end users. PGP Universal Server enables organizations to take a data-centric approach to securing data, protecting data while it is in use, at rest, and in transit. With PGP Universal Server, businesses can widely deploy encryption applications, securing data while automating policy enforcement and delegating administration.

What are the key benefits of PGP Universal Server?

As the single administrative console for deploying encryption applications across the enterprise and out to business partners, PGP Universal Server enables organization to:

• Reduce operational costs-As the common management console for PGP Encryption Platform–enabled applications, PGP Universal Server removes the need for learning, deploying, managing, and supporting different management systems for each encryption application.
• Address policy enforcement and risk of inconsistent or inadequate policies-PGP Universal Server enables administrators to define a consistent set of policies that can be shared across the enterprise and with partners and customers, delivering uniform policy enforcement. Organizations with inconsistent or inadequate policy enforcement often ignore or do not recognize the problem, increasing their risk by creating a false sense of security. This problem is exacerbated when multiple encryption management systems are deployed by the organization.
• Adapt to evolving audit requirements-As industry and government regulations continue to change and audits seek to promote best practices, PGP Universal Server policy can quickly be adapted to update policy enforcement across encryption applications and users.
• Build for future needs-As organizations increasingly adopt an enterprise encryption strategy, PGP Universal Server provides them with an extensible framework to add PGP and third-party PGP Encryption Platform–enabled applications, as needed.

How does PGP Universal Server work?

PGP Universal Server provides a Web-based administrative interface to establish and control automated user and key management, provisioning, policy enforcement, and logging. PGP Universal clients access key management, policy, and logging services through standard Web-enabled protocols Simple Object Access Protocol (Secure) (SOAPS). PGP Universal Server runs on a security-hardened Linux derivative on customer-preferred compatible server hardware or in a VMware ESX environment. For more information on hardware and virtualization system requirements, see the PGP Universal Server Technical Specifications.

What is the end-user experience?

For administrators, PGP Universal Server is accessed through a Web browser–based administrative console. End users are unaware of PGP Universal Server as it automates key management, provides policy updates, delivers software updates, and logs events.

What's new in PGP Universal Server 2.9?

PGP Universal Server 2.9 expands PDF Messenger secure delivery enforcement options for Universal Gateway Email. In addition, Universal Server 2.9 adds granular configuration control over end-user permissions for Whole Disk Encryption 9.9 clients, Windows and Mac clients, as well as new application-based policy enforcement in NetShare 9.9.

What languages (localization) does PGP Universal Server support?

PGP Universal Server has a Web-based administration interface that is available in English. PGP Universal Server can deploy and manage PGP Encryption Platform–enabled applications that are localized in English, German, and Japanese.

Is the product source code available for download?

Yes. To validate the integrity of its products, PGP Corporation releases all product source code, including PGP Universal Server, for peer review. For more information, see PGP® Source Code.

How does PGP Universal Server fit into the PGP Encryption Platform architecture?

PGP Universal Server provides the management and automated services that are the foundation for the PGP Encryption Platform.

Technical

What are the hardware requirements for PGP Universal Server?

PGP Universal Server runs on a security-hardened Linux derivative on customer-preferred compatible server hardware or in a VMware ESX environment. For more information on hardware and virtualization system requirements, see the PGP Universal Server Technical Specifications.

Interoperability

Will PGP Universal Server work with existing PGP Desktop 8.x products?

Yes. Existing keys from internal users of PGP Desktop can be added to PGP Universal Server by the network administrator. External users can submit their keys to PGP Universal Server as they become part of PGP Universal Server Self-Managing Security Architecture.

Will PGP Universal Server work with existing PGP Desktop 9.0.x and PGP Universal Satellite 2.0.x products?

Yes. PGP Universal Server 2.8 can provide policy and keys to existing installations of PGP Desktop 9.0.x and PGP Universal Satellite 2.0.x, allowing an organization to upgrade to PGP Universal Server 2.8 and deploy updated clients at a later date.

Can I continue to use my existing PGP Desktop keys or X.509 certificates?

Yes. Existing PGP Desktop keys or X.509 certificates can be imported into PGP Universal Server and any PGP Universal Server–managed application.

Will PGP Universal Server work with certificates from my existing Certificate Authority (CA)?

PGP Universal Server can obtain previously issued X.509 certificates of recipients from existing CAs' LDAP directories to enable email encryption, when used in conjunction with PGP Desktop Email or PGP Universal Gateway Email.

How does PGP Universal Server issue X.509 certificates?

PGP Universal Server can issue X.509 certificates by functioning as a subsidiary CA to a third-party CA or it can be configured to act as a self-signed CA.

How does PGP Universal Server work with LDAP?

PGP Universal Server can be synchronized with an existing corporate directory via LDAP. This directory synchronization enables pre-population of account names, alternative email addresses for users, and detection of Microsoft Exchange group mailing lists.

In addition, PGP Universal Server uses LDAP to query recipient directories for PGP keys, X.509 certificates, and certificate revocation lists (CRLs). PGP Universal Server also functions as a PGP and X.509 certificate LDAP server and supports the key reconstruction feature available on the legacy PGP Keyserver product.