cynapspro endpoint data protection - installation guide

Last Update: May 17, 2010

cynapspro

Endpoint Data Protection 2010

Installation Guide

Cynapspro Endpoint Data Protection

DevicePro prevents data loss by controlling all kinds of ports and external storage

devices.

CryptionPro protects your company data by efficiently encrypting data stored on

external devices.

CryptionPro HDD protects confidential data through automatic and efficient hdd

encryption.

ApplicationPro controls the use of applications based on a white list or black list.

ErasePro ensures that files are securely and permanently deleted.

PowerPro cuts energy costs and reports suspicious activity.

2 cynapspro Endpoint Data Protection 2010 – Installation Guide

Table of Content

System Architecture ............................................................ 3

Before the Installation ........................................................ 5

Administration of cynapspro Endpoint Data Protection ................................................... 5

The cynapspro Management Console: ....................................................................... 5

cynapspro AdminTool ............................................................................................. 5

System Requirements ................................................................................................ 5

Server Component ................................................................................................. 5

Client Component .................................................................................................. 6

Installation Process ............................................................. 7

Installation of the cynapspro Server ............................................................................ 7

Active Directory Log-in Data .................................................................................... 7

Novell eDirectory Log-in Data .................................................................................. 7

After the Installation ........................................................... 9

The cynapspro AdminTool .......................................................................................... 9

Database Settings ................................................................................................... 10

Directory Service Settings ........................................................................................ 10

cynapspro Server Settings ........................................................................................ 10

Loglevel ................................................................................................................. 10

Roll-Out of the cynapspro Agent ........................................ 11

Generate MSI Packet ............................................................................................... 11

Installation of the Agent ........................................................................................... 11

Update the Agent .................................................................................................... 12

Uninstallation of the Agent ....................................................................................... 13

Installation of CryptionPro HDD ........................................ 14

Before the Installation ............................................................................................. 14

Installation Process ................................................................................................. 14

Appendix ........................................................................... 16

Unattended Installation of cynapspro ......................................................................... 16

Installation of SQL Server 2005 Express/MSDE ........................................................... 17

Microsoft SQL Server 2005 Express Edition ............................................................. 17

Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) ......................................... 17

Automatic Distribution of the Agent (via AD) .............................................................. 18

Copyright ........................................................................... 19


System Architecture

The cynapspro Server is responsible for the centralized management of your cynapspro clients.

You can install the server on any one computer on your network.

The structure of the directory service of your existing MS Active Directory or Novell eDirectory

will be read by the DevicePro server and stored in its own database.

There will be no schema extensions to your directory, nor will information be written to it.

cynapspro creates only a copy of the structure, which is then updated on a scheduled basis. To

access Active Directory, you need a user with read permissions, nothing more.

All records are maintained in a SQL database (MSDE, MS SQL Server Express, MS SQL Server

2000, 2005 or 2008) by the cynapspro server.

Changes you make in the cynapspro Management Console will be immediately sent to the

client by the cynapspro server and stored in the database.

All changes to user rights are effective immediately. Neither a reboot, nor other additional

actions are necessary.

The cynapspro Agents communicate with the server using a push / pull process and pick up all

the changes immediately.

There will be no polling, which reduces the network load significantly. Only those computers

and users, whose rights have been modified, will be contacted so they can pick up the

changes.

If a computer is not in the network, changes can be communicated using a secure TAN.


Communication between server and client takes place using ports that have been defined by

the administrator.

Access permissions for external devices and applications are controlled by a kernel driver.

The cynapspro agent sends all changes made in the management console of the cynapspro

Server to the kernel driver and takes over the complete communication between the server,

the kernel driver and, if necessary, with the user.


Before the Installation

Before you start with the installation of cynapspro Endpoint Data Protection 2010 (formerly

DevicePro Ultimate 2009), it is recommended that you gather the following data and files.

DevicePro Installation File

License Key (.lic & .txt) (not required for a test installation)

At least 20 MB free hard disk space

User with read permissions for Microsoft Active Directory / Novell eDirectory

SQL – user with permission to create a database (MSDE, SQL Server Express 2005 or

2008, SQL Server 2000, 2005 or 2008)

Administration of cynapspro Endpoint Data Protection

For the administration of the cynapspro Server, there are two tools available:

The cynapspro Management Console:

The cynapspro Management Console is the central interface for controlling all

cynapspro functions. The management console can be accessed from any location,

i.e. each administrator can run it from his work station.

cynapspro AdminTool

The cynapspro Admin Tool is used to configure or check the server settings.

By installing the cynapspro client component, a kernel filter driver is installed on the Windows

system.

The task of the kernel filter driver is to monitor the rights that have been allocated to the user

or computer.

The use of the kernel filter driver has the advantage that all rights remain valid and effective

when the computer is offline.

Furthermore, the kernel filter driver ensures a much higher security and prevents

incompatibilities and problems.

The cynapspro client component should be installed on each workstation.

System Requirements

Before you start the installation: Please check whether your system meets all system

requirements.

Server Component

To ensure a smooth installation, please ensure that the following system components are

installed and available:

Windows Server 2000 / 2003 / 2008 (e.g. R2)

Directory Service:

Active Directory

Novell Client 4.91 SP2 or better

SQL-Server:


SQL-Server 2000 SP3a

SQL-Server 2005

SQL-Server 2005 Express Edition

SQL-Server 2008

SQL-Server 2008 Express Edition

MSDE (Microsoft SQL-Server Database Engine).

The cynapspro architecture is based on a bi-directional communication. The use of push

technology only requires a bare minimum of bandwidth in your network.

Client Component

For the client component, the following system requirements need to be met:

Windows 2000 (SP4 + RollUp 1)

Windows XP + SP2/SP3 32/64 Bit

Windows Vista (+ SP1) 32 or 64 Bit

Windows 7 32 or 64 Bit


Installation Process

If you already have a SQL Server or MSDE installed, you can immediately start with the

installation. Otherwise, you should install a SQL server. A guide on how to install the free

MSDE or SQL Server 2005 Express version is available in the appendix.

Installation of the cynapspro Server

First, you need to install the server component on your intended cynapspro server.

Open the setup file (deviceprosetup.exe) provided via our download portal or on a disk. The

installation routine will open in the Install Shield. Choose your setup language and a wizard

will guide you through the installation routine. Click Next. If you agree with the license

agreement, click on "I accept the terms of the license agreement".

When you click Next, cynapspro is installed in the predefined destination folder.

If you want to enter a different directory for the installation, you can click on change to define

the destination yourself. A new window appears where you can select the desired folder:

When you have selected the folder, click Next.

Please enter at this point the following ports:

- Client-Server XmlRpcPort. (Default: 6005) is used by clients to connect to the server

- Server-Client Notification XmlRpcPort (Default: 6006) is used to alert the clients

about rights changes made on the server

Attention: The registered ports must be enabled in your firewall!

Next you will be asked to select the directory service you are using in your organization. Click

Next. You may uses as directory service either Active Directory, or Novell eDirectory (4.91

SP2 or higher), or an independent cynapspro directory structure.

In the next window the settings for the directory service can be made:

Active Directory Log-in Data

Enter the name of your domain controller. Additional domain controllers can be added later

in the Management Console. Define the Active Directory administrator as user and enter his

password.

Novell eDirectory Log-in Data

When using an NDS server, the name of the NDS must be provided. Define under Context

the context of your Novell environment. Enter the Novell Supervisor as user and enter his

password.

After correctly entering the login information please go to Next. The database server is now

configured. Enter the name of your SQL server. Use Browse to select from the available

database servers.

Attention: If you use MSDE, the corresponding checkbox must be activated.

(Compare with Preparation of the Installation using MSDE)


If you do not select or specify a previously created database, a new database called

"Device_Pro" will automatically be generated.

Click on SQL authentication and enter your "sa" password. Alternatively, you can use Windows

authentication. Click Next and start the Installation. The Install Shield now installs the

cynapspro server components. Click Finish to exit the wizard.


After the Installation

You have completed the installation of the cynapspro server.

If you have already purchased a license, you should go through the following steps.

If you have installed the cynapspro server for evaluation purposes only, you can skip these

steps.

Open the cynapspro management console using the shortcut on your desktop.

After successfully logging onto the cynapspro server, select Administration.

Go to license management to deposit the licenses you have purchased by entering the name

of the licensee and the license file in the appropriate fields.

The name of the licensee is stored in the txt file that is provided with the license.

Close the license extension with Accept. Your licenses have now been activated.

The cynapspro AdminTool

After successful installation of the cynapspro server, both server and database settings can be

viewed or changed with the help of the DevicePro Admin Tool.

By default, the tool is installed at

C:\Program Files\cynapspro GmbH\DevicePro 2010\ and can be started from

> Program Files > cynapspro GmbH > DevicePro 2010.


Database Settings

Click the button Validate to check the connection to the specified database. cynapspro

solutions needs a database user who has all rights to the cynapspro database (DB Owner).

Directory Service Settings

A precondition for the synchronization of the directory structure is that the specified user has

the necessary rights (List Contents, Read All Properties). Read access is fully sufficient, since

no data is written in the Active Directory or eDirectory.

Enter the host name of the directory service server in the field “domain controller”.

Click the button Validate to check the connection.

cynapspro Server Settings

Two ports are used for the communication between the cynapspro server and the cynapspro

clients. Here you can define the client-server and server-client XmlRpcPort notification port.

The client-server XmlRpcPort is used by clients to connect to the server (default: 6005).

The server-client notification XmlRpcPort serves to alert the clients about the rights changes

made on the server (default: 6006).

Loglevel

Internal cynapspro operations are stored in a log file. The strength of the logs can be set here.

Operation Modus: Errors Only

Administration Modus: Detailed

Debug Modus: Very Detailed


Roll-Out of the cynapspro Agent

Generate MSI Packet

After the server installation has been completed, you can install the agents. Generate an MSI

package for the installation of cynapspro agents.

The settings for the package will automatically be copied from the current cynapspro server.

When generating the MSI package, you can define whether you want the tray icon to be

hidden in Windows.

We recommend not hiding the tray icon in order to ensure an optimal offline support.

By activating the checkbox Hide cynapspro agent service, the MSI package is generated in

such a way, that users with administrative rights can no longer stop the service that is used

for the communication between server and client.

Password protected uninstallation prevents users with administrative rights from uninstalling

the cynapspro agents.

Installation of the Agent

In the installation path of the server component, you will find the following files under MSI:

- DPAgentSetup.msi


- Install.bat

- Uninstall.bat

- Update.bat

Copy these files to the workstations or on a network drive.

To install the agents, run the file Install.bat on the workstation.

You can change the installation path of the agent. This change can be made in the file

install.bat or in the script with the command INSTALLDIR = "C: \ Program Files \ cynapspro

GmbH \ DevicePro"

Update the Agent

If you have installed a new version of cynapspro Endpoint Data Protection on the server, you

should also update the agents on the workstations.

You can update the agents using one of the following methods:

You can run the update automatically from the management console. In the Management

Console got to Administration – Install / Update Agents.

Here you can determine how many clients may download the MSI package right away and

when the download and update process should be executed.

Confirm your entry and select the agents that need to be updated. By pressing the button

update, the automatic update process will start.

To update manually, you must generate a new MSI package (see MSI package code).


Then go to the installation path of the cynapspro server component and open the folder MSI.

Copy the two files DPAgentSetup.msi and Update.bat to the corresponding computers or on

a network drive.

Run the file Update.bat. The software will immediately notice that a previous version of the

cynapspro agent had been installed and will perform the update.

Uninstallation of the Agent

An uninstallation of the agent can be done using one of the following methods:

- Copy the two files DBAgentSetup.msi and uninstall.bat in a folder that can be

accessed by the client or directly onto the workstation.

Start the file Uninstall.bat and uninstall the agent.

- Use the command line „msiexec /x [installation path]\MSI\DPAgentSetup.msi“


Installation of CryptionPro HDD

"CryptionPro HDD is a product created as part of a cooperation between cynapspro and

Secude. cynapspro contributes the central management interface for the management of

Secude’s FinallySecure (total Data-At-Rest security with software- or hardware-based Full Disk

Encryption, which can be downloaded at http://hdd.cryptionpro.de). CryptionPro HDD if fully

integrated into the cynapspro Management Console that takes care of the complete installation

and management of the hard disk encryption. For more information, please check the

cynapspro Endpoint Data Protection 2010 User Guide.

If your prefer to install cryptionpPro HDD manually, this is how you should proceed:

Before the Installation

We recommend that you run "Finally Secure SystemCheck.exe” before installing the HDD

CryptionPro 2010 client component. The file is located in the FinallySecure folder.

Alternatively, just install the Finally Secure client and the cynapspro Management Console

takes care of the rest.

Installation Process

To start the installation of CryptionPro HDD 2010, please run the Setup.exe, which is also

located in the FinallySecure folder.

The first step is to choose a language for the installation and then confirm with OK. The

installation wizard starts the installation in a new window. Click on the button Next to

continue.

Accept the license agreement and click Next twice, after reading the warning notice.

In order to initialize the PBA and FDE, use the preselected checkboxes. You can also skip this

point and do this at a later date in the cynapspro Management Console.

Do not select initialization at this point.

Next takes you to the next step, where you should select Complete in order to install

CryptionPro 2010 HDD with all the features. If you select Custom, you have the option to

choose the installation path.

Start the installation in the next window using the Install button. After the installation has

been completed, click Finish.


Initialization of Finally Secure FDE:

If you have previously selected initialization, the initialization of the FDE is automatically

started. Alternatively, you can do so at a later time via the centrally controlled management of

CryptionPro HDD 2010 and skip this point.


Appendix

Unattended Installation of cynapspro

This allows you to carry out the installation of the server and the agents “unattended”. In

addition you can do the synchronization and all the settings through a script, as well as import

all the permissions using the xml interface. All this is fully automated, so no action from an

administrator is required.

Step 1 – Recording of Parameters

Run the DeviceProSetup using the command line:

DeviceProSetup.exe /r /f1"C:\Temp\DeviceProSetup.iss”.

All settings will be saved to the iss-file.

Step 2 – Adjustments (optional)

Change the settings in the iss-file.

Step 3 - Unattended Server Installation

Start the unattended server installation using the following command line:

DeviceProSetup.exe /s /f1"C:\Temp\DeviceProSetup.iss" /f2"C:\Temp\DeviceProSetup.log"

For a new installation “inheritance” is automatically activated.

Step 4 – Import Licenses (optional)

DPAdminTool.exe /license "LICENSE_FILE_PATH" /user USER_NAME

Step 5 – Start Synchronization

DPAdminTool.exe /sync /activate

Step 6 – Define directory for the xml-file

DPAdminTool.exe /impdir "FOLDER_PATH" [/impdirsuccess "FOLDER_PATH"] [/impdirfail

"FOLDER_PATH"]

Step 7 – Import Permission Settings

Please note the following:

No access = 0

Read access = 1

Full access = 3

If an error is found in a file, the entire file will not be imported but copied to the "Failed" list.

Step 8 – Install Agent

msiexec /i DPAgentSetup.msi /l*vx AgentInstall.log SERVER_NAME="server"


Installation of SQL Server 2005 Express/MSDE

You can choose between SQL Server 2005 Express or MSDE. Both are available free of

charge from Microsoft.

Microsoft SQL Server 2005 Express Edition

Download the installation file from Microsoft, which can be found at:

http://www.microsoft.com/downloads/details.aspx?familyid=4C6BA9FD-319A-4887-BC75-

3B02B5E48A40&displaylang=de

Start the SQLEXPR_ADV_GER.EXE of the "Microsoft SQL Server 2005 Express Edition with

Advanced Services." Agree to the terms of the Microsoft EULA and click Next. Now the

components that are required for the SQL Server Setup will be installed. Click Next twice. The

system configuration review should be completed with success. If this is the case, click the

button Next to continue.

The installation is started. In a next step you enter your name and company name and leave

the checkbox Hide Advanced Configuration Options activated.

In the next window, you can select the features, as well as the installation path.

Select the data files, common tools, connectivity components and the Management

Studio Express.

Use mixed mode for authentication and define a password for the 'sa' user. Then click Next

twice and complete the installation.

Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)

First you download the installation file from Microsoft at:

http://www.microsoft.com/downloads/details.aspx?FamilyID=413744D1-A0BC-479F-BAFA-

E4B278EB9147&displaylang=de

Then open the GER_MSDE2000A.exe of MSDE. Read the Microsoft license agreement and click

Yes. Enter the folder to unpack the files. If the folder does not exist, you will be prompted to

create it. Then click Finish.

After you have successfully unpacked the files in the specified folder, please execute the

following command line to assign a SA password.

[Installation] / setup.exe sapwd = "[password]"

The MSDE database has been installed. You can now proceed with the installation of

cynapspro.


Automatic Distribution of the Agent (via AD)

Thanks to Microsoft software distribution, you can automatically install the agent on all clients

using the Active Directory. To do this, follow these steps:

Set access permissions for all users on a network drive. Copy the DPAgentSetup.msi on this

network drive.

Open the OU Computer in the Active Directory and select Properties. Now click on Group

Policy and create a new directive.

Use Edit to open the Group Policy Editor. Go to computer configuration, software

configuration, and then software installation and create a new package.

Select the MSI file from the network drive. Got to software provisioning and click

Advanced. Activate the checkbox Uninstall application if it is outside the scope of

management in the register software provisioning.


Congratulations!

You are now familiar with the installation of cynapspro Endpoint Data Protection.

Please consult the cynapspro User Guide for assistance on hoe to efficiently work with cynapspro

solutions. If you need any help, we shall be happy to support you!

We hope you’ll enjoy using our products.

Copyright

All Rights Reserved, 2004 - 2010 cynapspro GmbH. This document is copyrighted. All rights

are reserved by cynapspro GmbH. Any other use, especially the disclosure to third parties,

storage within a data system, distribution, processing, presentation, performance and

production is prohibited. This applies to the entire document, as well as to any of its parts.

Subject to change. The software described in this document is subject to continuous

development. As a result, functions described in the documentation may differ from the actual

software.

Cynapspro and DevicePro ® are registered trademarks of cynapspro GmbH. All other product

names and trademarks are the property of their respective owners.

cynapspro GmbH

Am Hardtwald 1

76275 Ettlingen

Germany

Phone +49 (0)7243-945-250

Fax +49 (0)7243-945-100

Email: [email protected]

Website: http://www.cynapspro.com

http://www.cynapspro.com/

cynapspro endpoint data protection - installation guide

Technology

cynapspro agent

cynapspro server settings

installation of sql

cynapspro admintool

cynapspro clients

installation process

cynapspro management

server component