PGP Universal Server

Overview

A comprehensive data protection strategy starts with a plan to defend data on multiple fronts. Some companies start with disk encryption to address near term compliance concerns, and then add protection for email and files over time.

Prescient IT organizations understand that deploying multiple point solutions can lead to an operational headache. Over time, the complexity and administrative work load creates an escalating burden.

PGP Universal™ Server provides organizations with a single console to manage multiple encryption applications from the PGP® Platform. IT organizations can manage users, automate administrative activities and establish policies to defend sensitive data and avoid the financial loss, legal ramifications, and brand damage from a data breach.

PGP Universal Server provides:

• Central administration - Manage multiple PGP encryption applications using a single console.
• Policy enforcement - Delivers centralized policy configuration to automate administration and to ensure that data protection is operating within expected parameters.
• Reporting and logging - Provides visibility into the current state of data protection to provide oversight.
• Key management - Creates, distributes, and stores encryption keys while maintaining the organization's ability to recover data.

Using PGP Universal Server, an organization can address immediate near-term requirements and prepare for a long-term encryption strategy using the same environment. This strategic approach to encryption allows the enterprise to quickly adapt to emerging requirements for encryption using a single encryption management console.

Technical Specifications

Technical Specifications

Supported Web Browsers for Administration

• Apple Safari
• Microsoft Internet Explorer
• Mozilla Firefox

Standards-Based Interfaces

• HTTPS
• LDAP/S
• SOAPS

Directory Integration

• Microsoft Active Directory 2003
• Microsoft Active Directory 2000
• Lotus Notes/Domino Directory 7.0
• OpenLDAP 2.3.x
• Lotus Notes/Domino Directory 6.5
• PGP® Global Directory

Key and Certificate Management

• OpenPGP
• X.509 v3

Managed Encryption Applications

• PGP Universal™ Gateway Email
• PGP® Desktop Email
• PGP® Desktop Professional
• PGP® Desktop Storage
• PGP® Desktop Corporate
• PGP® NetShare
• PGP® Whole Disk Encryption
• PGP® Support Package for BlackBerry

Minimum System Requirements – Certified Hardware & Virtualization

PGP Universal Server Certified Hardware List

Valid 12/15/09 through 12/15/10

The following systems are certified for use as the hardware for PGP Universal Server:

1. Dell PowerEdge R610 - Two Quad-Core Intel XEON E5504 @ 2GHz - 4 GB RAM

• Two 146 GB 10K 2.5" SAS HD - SAS 6/iR RAID
• Broadcom BCM5709 network controller
• Small/medium environment production unit

2. Dell PowerEdge R710 - Two Quad Core Intel XEON E5530 @ 2.4GHz - 8 GB RAM

• Two 146 GB 15K SAS HD - SAS 6/iR RAID
• Broadcom BCM5709 network controller
• Medium/large environment production unit, cluster member

3. IBM System x3250 M2 - Quad-Core Intel XEON E3120 @ 3.16 GHz - 5 GB RAM

• Two x 150 GB SAS - LSI Logic SAS1064E iR RAID
• Broadcom BCM5722 network controller
• Medium/large environment production unit, cluster member

4. IBM System x3650 M2 - Two Intel XEON E5530 @ 2.4 GHz - 10 GB RAM

• Two 146 GB SAS 10K RPM - LSI Logic 1068E iR RAID
• Broadcom BCM5709 network controller
• Medium/large environment production unit, cluster member

5. IBM System x3650 M2 - Two Quad Core Intel XEON E5530 @ 2.4 GHz - 10 GB RAM

• Two 300 GB SAS 10K RPM - IBM ServRAID-MR 10i disk controller
• Broadcom BCM5709 Gigabit Ethernet
• Medium/large environment production unit, cluster member

6. IBM BladeCenter HS22 - Two Intel XEON E5530 @ 2.4 GHz - 8 GB RAM

• Two 146 GB SAS 10K RPM - LSI Logic 1068E iR RAID
• Broadcom BCM5709S network controller
• Small/medium environment production unit

7. HP Proliant DL120 G5 - Intel XEON X3330 2.66 GHz - 2 GB RAM

• Two 250 GB SATA
• Broadcom BCM5722 network controller
• Small/medium environment production unit

8. HP ProLiant DL380 G6- Intel XEON E5530 @ 2.4 GHz - 6 GB RAM

• Two 146 GB SAS 10K RPM - Smart Array P410i RAID
• Broadcom BCM5709 network controller
• Medium/large environment production unit, cluster member

9. VMWare ESX 3.5.0, 4.0, ESXi 3.5.0 - Supported platform, non-hardware. Sufficient processing power equivalent to a 3 GHz Intel Xeon must be dedicated to the PGP Universal Server VM. VMWare tools must be installed and configured inside the PGP Universal Server operating system. VMWare ESX 4.0 is certified without VMotion. Disk space requirements:

• Small/medium environment - 50 GB minimum allocated to the VMWare instance; 4 GB RAM dedicated to the VMWare instance.
• Medium/large environment - 100 GB minimum allocated to the VMWare instance; 8 GB RAM dedicated to the VMWare instance.

While a broad array of other hardware may work well with PGP Universal Server, incompatibilities related to hardware that is not one of the above systems will not be supported.

To qualify as PGP Universal Server Certified Hardware, the server must be one of the models listed and all components must be configured as specified.

Changing the sizes of hard disks within the same type of drive (for example, 36 GB SCSI to 73 GB SCSI), increasing memory configurations, and increasing processor speeds within the same type and family qualifies as the same system for Support purposes.

PGP Universal Server minimum hardware requirements:

• Intel or AMD Processor
• 1 GB RAM, DVD/CD -ROM
• 80GB hard disk drive

FAQ

General

What is PGP Universal Server and why is it important?

PGP Universal Server is the administration server that provides centralized encryption management for PGP Encryption Platform–enabled applications, including PGP® Desktop Email, PGP® Whole Disk Encryption, PGP® NetShare, and PGP Universal™ Gateway Email. Deploying PGP Universal Server allows an organization to control and monitor the enforcement of information security policy across multiple PGP® applications.

What business problem does PGP Universal Server solve?

PGP Universal Server addresses the business need to secure data across the enterprise while controlling costs, reducing administrative burdens, and making encryption transparent to end users. PGP Universal Server enables organizations to take a data-centric approach to securing data, protecting data while it is in use, at rest, and in transit. With PGP Universal Server, businesses can widely deploy encryption applications, securing data while automating policy enforcement and delegating administration.

What are the key benefits of PGP Universal Server?

As the single administrative console for deploying encryption applications across the enterprise and out to business partners, PGP Universal Server enables organization to:

• Reduce operational costs-As the common management console for PGP Encryption Platform–enabled applications, PGP Universal Server removes the need for learning, deploying, managing, and supporting different management systems for each encryption application.
• Address policy enforcement and risk of inconsistent or inadequate policies-PGP Universal Server enables administrators to define a consistent set of policies that can be shared across the enterprise and with partners and customers, delivering uniform policy enforcement. Organizations with inconsistent or inadequate policy enforcement often ignore or do not recognize the problem, increasing their risk by creating a false sense of security. This problem is exacerbated when multiple encryption management systems are deployed by the organization.
• Adapt to evolving audit requirements-As industry and government regulations continue to change and audits seek to promote best practices, PGP Universal Server policy can quickly be adapted to update policy enforcement across encryption applications and users.
• Build for future needs-As organizations increasingly adopt an enterprise encryption strategy, PGP Universal Server provides them with an extensible framework to add PGP and third-party PGP Encryption Platform–enabled applications, as needed.

How does PGP Universal Server work?

PGP Universal Server provides a Web-based administrative interface to establish and control automated user and key management, provisioning, policy enforcement, and logging. PGP Universal clients access key management, policy, and logging services through standard Web-enabled protocols Simple Object Access Protocol (Secure) (SOAPS). PGP Universal Server runs on a security-hardened Linux derivative on customer-preferred compatible server hardware or in a VMware ESX environment. For more information on hardware and virtualization system requirements, see the PGP Universal Server Technical Specifications.

What is the end-user experience?

For administrators, PGP Universal Server is accessed through a Web browser–based administrative console. End users are unaware of PGP Universal Server as it automates key management, provides policy updates, delivers software updates, and logs events.

What languages (localization) does PGP Universal Server support?

PGP Universal Server has a Web-based administration interface that is available in English. PGP Universal Server can deploy and manage PGP Encryption Platform–enabled applications that are localized in English, German, and Japanese.

Is the product source code available for download?

Yes. To validate the integrity of its products, PGP Corporation releases all product source code, including PGP Universal Server, for peer review. For more information, see PGP® Source Code.

How does PGP Universal Server fit into the PGP Encryption Platform architecture?

PGP Universal Server provides the management and automated services that are the foundation for the PGP Encryption Platform.

Interoperability

Will PGP Universal Server work with existing PGP Desktop 8.x products?

Yes. Existing keys from internal users of PGP Desktop can be added to PGP Universal Server by the network administrator. External users can submit their keys to PGP Universal Server as they become part of PGP Universal Server Self-Managing Security Architecture.

Will PGP Universal Server work with existing PGP Desktop 9.0.x and PGP Universal Satellite 2.0.x products?

Yes. PGP Universal Server 2.8 can provide policy and keys to existing installations of PGP Desktop 9.0.x and PGP Universal Satellite 2.0.x, allowing an organization to upgrade to PGP Universal Server 2.8 and deploy updated clients at a later date.

Can I continue to use my existing PGP Desktop keys or X.509 certificates?

Yes. Existing PGP Desktop keys or X.509 certificates can be imported into PGP Universal Server and any PGP Universal Server–managed application.

Will PGP Universal Server work with certificates from my existing Certificate Authority (CA)?

PGP Universal Server can obtain previously issued X.509 certificates of recipients from existing CAs' LDAP directories to enable email encryption, when used in conjunction with PGP Desktop Email or PGP Universal Gateway Email.

How does PGP Universal Server issue X.509 certificates?

PGP Universal Server can issue X.509 certificates by functioning as a subsidiary CA to a third-party CA or it can be configured to act as a self-signed CA.

How does PGP Universal Server work with LDAP?

PGP Universal Server can be synchronized with an existing corporate directory via LDAP. This directory synchronization enables pre-population of account names, alternative email addresses for users, and detection of Microsoft Exchange group mailing lists.

In addition, PGP Universal Server uses LDAP to query recipient directories for PGP keys, X.509 certificates, and certificate revocation lists (CRLs). PGP Universal Server also functions as a PGP and X.509 certificate LDAP server and supports the key reconstruction feature available on the legacy PGP Keyserver product.

Technical

What are the hardware requirements for PGP Universal Server?

PGP Universal Server runs on a security-hardened Linux derivative on customer-preferred compatible server hardware or in a VMware ESX environment. For more information on hardware and virtualization system requirements, see the PGP Universal Server Technical Specifications.

Where can I find release notes and other product-related documentation?

Release Notes and Quick Start Guides are available at http://support.pgp.com/?faq=589. In addition, customers with a current support contract can download User, Administrator, and Developer Guides from the same link.