Trend Micro PolicyServer manages encryption keys and synchronizes policies across all endpoints
in the organization. PolicyServer also enforces secure authentication and provides
real-time auditing and reporting tools to ensure regulatory compliance. You can flexibly
manage PolicyServer with PolicyServer MMC or with Trend Micro
Control Manager. Other data management features include user-based self-help options and device actions
to remotely reset or
killa lost or stolen device.
The following table describes the PolicyServer components that you can deploy on one
server or multiple servers, depending on environmental needs.
PolicyServer Components
|
Component
|
Description
|
|
Enterprise
|
The Endpoint Encryption Enterprise is the unique identifier about the organization in the PolicyServer database
configured during PolicyServer configuration. One PolicyServer database may have one
Enterprise configuration.
|
|
Database
|
The PolicyServer Microsoft SQL database securely stores all user, device, and log
data. The database is either configured on a dedicated server or added to an existing
SQL cluster. The log and other databases can reside separately.
|
|
PolicyServer Windows Service
|
PolicyServer Windows Service manages all communication transactions between the host
operating system, Endpoint Encryption Service, Legacy Web Service, Client Web Proxy, and SQL databases.
|
|
Endpoint Encryption Service
|
Starting from Endpoint Encryption 5.0, all agents use Endpoint Encryption Service to communicate with PolicyServer. Endpoint Encryption Service uses a Representational
State Transfer web API (RESTful) with an AES-GCM encryption algorithm. After a user
authenticates, PolicyServer generates a token related to the specific policy configuration.
Until the Endpoint Encryption user authenticates, the service denies all policy transactions.
|
|
Legacy Web Service
|
All Endpoint Encryption 3.1.3 and earlier agents use Simple Object Access Protocol (SOAP) to communicate
with PolicyServer. Under certain situations, SOAP may allow insecure policy transactions
without user authentication. Legacy Web Service filters SOAP calls by requiring authentication
and limiting the commands that SOAP accepts. This service is optional, and can be
installed on the same endpoint as the Endpoint Encryption Service using the Endpoint Encryption proxy installer.
|