|
What is PGP Universal Gateway Email and why is it important?
PGP Universal Gateway Email performs encryption, decryption, and digital signing of email messages using an innovative proxying technology. PGP Universal Gateway Email allows an organization to secure email communications with partners and customers without deploying client software. PGP Universal Gateway Email automatically looks up keys and X.509 certificates from PGP keyservers and corporate LDAP directories, validating and generating the keys and certificates, when needed.
What business problem does PGP Universal Gateway Email solve?
Email sent to and from an organization can contain the most sensitive customer, patient, financial, or intellect property data. Protection of this data is often mandated by government and industry regulations, and many organizations have well-established information security policies and audit processes. PGP Universal Gateway Email allows organizations to automate the protection of sensitive data in email according to policy without client software both within the enterprise and with customers and partners.
What are the key benefits of PGP Universal Gateway Email?
PGP Universal Gateway Email enables businesses to:
- Secure customer data and intellectual property – PGP Universal Gateway Email performs email encryption as messages enter and leave the organization’s network.
- Enhance data security without impacting productivity – Because it does not require client software for senders and recipients inside and outside the enterprise, PGP Universal Gateway Email does not affect the user experience, workflow, or productivity.
- Leverage existing investments – Organizations with existing investments in email hygiene, outbound content compliance, and directory services can further automate data security protection and audit performance by using standard features of PGP Universal Gateway Email.
How does PGP Universal Gateway Email work?
PGP Universal Gateway Email operates as a mail proxy service for IMAP, POP, and SMTP mail protocols. Based on customer-defined policy, PGP Universal Gateway Email can process email using OpenPGP and S/MIME standards, automatically discover key and certificates, or deliver messages through a secure Web-browser interface using PGP Universal Web Messenger. Administrators configure policy and manage users through the PGP Universal Server Web-based administrative console.
What is the end-user experience?
For end users inside the enterprise, there is no change to their email experience; email is encrypted and decrypted by PGP Universal Gateway Email based on policy. Users outside the organization with existing encryption software also receive emails without any change to their email experience. For users without email encryption software, PGP Universal Gateway Email can be configured to deliver email through the PGP Universal Satellite thin client or using the PGP Universal Web Messenger webmail interface.
How does PGP Universal Gateway Email 2.8 compare to PGP Universal Gateway Email 2.6?
PGP Universal Gateway Email 2.8 provides two new options for securely delivering messages to recipients lacking an email encryption solution: PDF Messenger and Certified Delivery. Using PDF Messenger, PGP Universal Gateway Email delivers messages to partners as encrypted PDFs, eliminating the need for special software. Using Certified Delivery, PGP Universal Gateway Email allows organization to track and verify delivery of PDF Messenger–delivered messages. PGP Universal Gateway Email also includes enhanced branding support for PGP Universal Web Messenger, allowing organizations to customize the Web-based delivery mechanism to reflect their brand.
How does PGP Universal Gateway Email compare to PGP PDF Messenger?
PGP Universal Gateway Email and PGP PDF Messenger are separate products that may be licensed by an enterprise. PGP Universal Gateway Email provides multiple flexible Secure Delivery options for secure webmail using PGP Universal Web Messenger, encrypted PDF messsages using PDF Messenger, and standards-based OpenPGP and S/MIME message formats. PGP PDF Messenger is a standalone version of PDF Messenger that provides secure delivery using encrypted PDF messages, maximizing the options for communicating with a broad range of email recipients.
What languages (localization) does PGP Universal Gateway Email support?
PGP Universal Gateway Email is administered through PGP Universal Server's Web-based administrative console in English. The PGP Universal Web Messenger Web interface is localized in English, French, German, Japanese, and Spanish. The PGP Universal Satellite thin client is localized in English, German, and Japanese.
Is the product source code available for download?
Yes. To validate the integrity of its products, PGP Corporation releases all product source code, including PGP Universal Gateway Email's, for peer review. For more information, see PGP Source Code.
How does PGP Universal Gateway Email fit into the PGP Encryption Platform?
PGP Universal Gateway Email is a PGP Encryption Platform–enabled application managed by PGP Universal Server. Account creation, key management, and policy enforcement are automated for all PGP Encryption Platform–enabled applications.
What are PGP Universal Web Messenger and PDF Messenger?
PGP Universal Web Messenger and PDF Messenger are features of PGP Universal Gateway Email that permit secure communications with external recipient who do not already have an email security solution. In cases where no recipient encryption key can be found, policy determines how to deliver a message securely using either PGP Universal Web Messenger or PDF Messenger. Using PGP Universal Web Messenger, PGP Universal Gateway Email retains the original secure message and sends an “in-the-clear” email message notifying the recipient that a secure message is available. The PGP Universal Web Messenger feature allows recipients to use their Web browser to create a secure SSL/TLS session and retrieve their message through a webmail-like session served by PGP Universal Gateway Email. Using PDF Messenger, PGP Universal Gateway Email delivers messages as encrypted PDFs. The PDF Messenger feature allows recipients to use their existing Adobe Acrobat Reader client to decrypt and display encrypted messages.
What is PGP Smart Trailer?
If policy is configured not to encrypt email to an external user, PGP Universal Gateway Email can add a PGP Smart Trailer to the end of a message. The Smart Trailer is text that explains the message could have been encrypted if the recipient were a member of the Self-Managing Security Architecture. The Smart Trailer also includes a link to a location on the PGP Universal Gateway Email server where the recipient can choose how to receive future messages from senders in the same domain.
What is PGP Universal Satellite?
PGP Universal Satellite is a small, no-user-interface, invisible piece of software that automatically encrypts and decrypts and enforces policy on all email sent to and from the PGP Universal Gateway Email server. PGP Universal Satellite provides two-way policy enforcement, extending security to inbound email messages originating outside the organization. An organization’s PGP Universal Gateway Email server can, according to policy, provide external users with PGP Universal Satellite along with a key and associated security policy, transparently allowing external users to communicate securely with the organization from their preferred email client.
What email servers are supported?
PGP Universal Gateway Email has been tested to interoperate with the following email servers:
- Microsoft Exchange Server 2007
- Microsoft Exchange Server 2003 SP2
- Microsoft Exchange Server 2000 SP3
- Lotus Domino Server 7.0.1
- Lotus Domino Server 6.5
- Lotus Domino Server 5.0.11
- Stalker Communigate 4.2.8
What operating systems are supported?
PGP Universal Gateway Email is installed on PGP Universal Server. For more information on compatible hardware and virtualization, see Technical Specifications.
What email clients are supported?
PGP Universal Gateway Email has been tested to interoperate with the following email clients:
- Microsoft Outlook 2007 (Outlook 12)
- Microsoft Outlook 2003 SP2
- Microsoft Outlook XP SP3
- Microsoft Outlook 2000 SP3
- Microsoft Windows Mail 6.0.6000.16386
- Microsoft Outlook Express 6
- Microsoft Entourage
- Mozilla 1.7
- Thunderbird 1.0
- Lotus Notes 5.0.11, 6.x, and 7.0.1
- Novell GroupWise 6.5.1 or later
- Apple Mail 3.0, Mail 2.1.1
How does PGP Gateway Email integrate with LDAP or Active Directories?
Like other PGP Encryption Platform–enabled applications, PGP Universal Gateway Email leverages PGP Universal Server’s directory integration to automate account creation, group management, and policy enforcement. PGP Universal Gateway Email has been tested to interoperate with the following directory servers:
- Microsoft Exchange Server 2007
- Microsoft Exchange Server 2003 SP2
- Microsoft Exchange Server 2000 SP3
- Lotus Domino Server 7.0.1
- Lotus Domino Server 6.5
- Lotus Domino Server 5.0.11
- Stalker Communigate 4.2.8
How does PGP Universal Gateway Email determine that an email requires encryption?
PGP Universal Gateway Email obeys encryption policies specified by the PGP Universal administrator in PGP Universal Server. The administrator can choose to encrypt messages on the basis of the message sender, the message recipients, and even the content of the message itself. These policies allow PGP Universal Gateway Email to automatically determine which messages require encryption without requiring any action on the part of a user to trigger encryption.
Where does PGP Universal Gateway Email look for keys with which to encrypt email?
PGP Universal Gateway Email first examines its own directory of keys to determine if it already has a key for an intended recipient. If no key is found locally, PGP Universal Gateway Email then checks to see if the recipient’s company has a directory that can provide the correct key. Failing that, PGP Universal Gateway Email checks the PGP Global Directory to see if the intended recipient has uploaded his/her public key.
What happens if a PGP Universal Gateway Email user attempts to send mail to a recipient who does not have a key?
If a recipient does not have a key, PGP Universal Gateway Email will send a cleartext message to the recipient instructing him/her to use either PGP Universal Web Messenger to retrieve the message via a TLS-secured HTTP session or to download the PGP Universal Satellite thin client to receive and send secure email.
Where is PGP Universal Gateway Email located in the email stream?
PGP Universal Gateway Email can be installed between the outward-facing SMTP server and the Internet or between internal users and the mail server.
Does the recipient of a PGP Universal Gateway Email–protected message also need to have a PGP Universal Gateway Email server deployed?
No. PGP Universal Gateway Email sends messages to recipients with PGP Universal Gateway Email or PGP Desktop Email products or to users of X.509 with S/MIME deployed. PGP Universal Gateway Email also makes it possible to send secure email to recipients without existing keys using either PGP Universal Web Messenger or PGP Universal Satellite.
Does this mean that the recipient of an email that has been secured by PGP Universal Gateway Email does not need to have any PGP software installed, yet the message will still be secured?
Yes, that is correct. The recipient of an email that has been secured by PGP Universal Gateway Email does not need to have any S/MIME or PGP software installed.
My site processes a large volume of email traffic per day. How can PGP Universal Gateway Email handle this volume?
PGP Universal Gateway Email contains built-in support for clustering. If your site processes more message traffic than one PGP Universal Gateway Email server can handle, you can easily add additional servers to the cluster. Your organization can also achieve additional load balancing by using load balancer hardware to link multiple PGP Universal Gateway Email servers in a cluster.
Can a member of a cluster be dedicated to a particular service?
Individual members of cluster can be configured to only offer a particular set of PGP Universal Gateway Email services. For example, you could have one or more dedicated PGP Universal Web Messenger servers in the DMZ that only offer external users access to PGP Universal Web Messenger Web-based email while SMTP/POP/IMAP email is processed on a different member of the cluster.
Does PGP Universal Gateway Email support STARTTLS or the SSL-wrapped versions of email protocols such as SMTPS?
Yes. PGP Universal Gateway Email by default has both STARTTLS and the SSL-wrapped versions of all email protocols enabled.
My mail server is already secured with TLS. Why would I need PGP Universal Gateway Email? Doesn’t using SSL/TLS degrade the performance of the connection?
TLS (Transport Layer Security) is the new name for SSL v3. It is a point-to-point encryption tunnel that can allow two mail servers to communicate with each other. Although TLS secures data during transit, PGP Universal Gateway Email secures data both in transit and at rest. Although PGP Universal Gateway Email fully supports TLS, TLS-secured email does not provide end-to-end security or signing capability, and most mail servers on the Internet do not use SSL/TLS unless explicitly configure to do so with a particular domain. The overhead of a TLS connection is equivalent to what you experience when you connect to a secure website.
Does PGP Universal Gateway Email support S/MIME?
S/MIME v3 compatibility is included in PGP Universal Gateway Email.
Does PGP Universal Gateway Email interoperate with anti-virus scanners, content scanners, and anti-spam solutions?
Yes. For more details on how to configure the product and email flow to interoperate with various third-party scanners, see PGP Universal Gateway Email product documentation. |
 |
|
