 |
 |
 |
 |
SafeHouse contains a variety of features to aid administrators in deployment and password recovery. If you’re in charge of setting up SafeHouse throughout your company, be sure to read this chapter.
SafeHouse includes a number of features designed to help administrators configure, deploy and support its software. If you are a system administrator or otherwise charged with deploying SafeHouse throughout your company, the information contained within this chapter will prove to be invaluable as you begin the process of enterprise deployment. If you are not in charge of administering SafeHouse, or you are running a single-user system, you can skip this chapter.
One of the first decisions you will need to make as the overall SafeHouse administrator is the determination of your administrative domains. A domain is a territory. In a small company with just a few dozen PCs located within a single building, you may decide that your entire company will operate as a single SafeHouse domain. In larger companies, it may be easier to establish domains by geographic regions, or possibly by departments and job classifications. If your company already has a security department or structured software administration, your SafeHouse domains should be chosen to conform to your existing hierarchies.
The purpose of administrative domains is to establish manageable groups of users and to segregate the features and files made available to those groups. The most obvious use of domains is for encrypted volume password recovery. An administrator is assigned to each domain and authorized to help users recover their lost passwords. Since each domain should have its own unique administrator password, a barrier exists which prevents administrators from recovering passwords outside of their respective territories. The benefit of this approach is that you could empower the sales manager to recover passwords for anyone within his department, however, this same manager would not be able to recover passwords for people in the accounting department. Additionally, the company support center could be empowered to recover any password, subject to your security policies, when department managers are not available.
The second purpose of domains is to establish separate security policies for various groups of users. For example, your normal policy on passwords might require a minimum of eight characters, however, senior executives might be required to use twelve characters because the information on their PCs is more sensitive.
Once you’ve chosen your domains you’ll need to generate a set of SafeHouse files to distribute to the users within those domains. Each domain requires its own set of marked files. We generally refer to this process as branding. Branded files contain the special information needed to allow administrators to recover lost passwords.
|
|
|
|