We loaded the Endpoint Encryption Manager on our Windows 2003 server. Using the supplied documentation, we walked through the setup process. The first step was to create an administrator user. We had options to set up simple password authentication or choices for multiple two- and three-factor authentication options. Next, we created an Endpoint Encryption PDA Server. Once created, we noticed we had support for an Active Directory connector to find remote devices. We created device policies and install packages for those policy sets. We were then able to install software and manage devices.
With EEMO, encryption and decryption of data is transparent to the end-user and is performed according to the central policies. EEMO was installed using a setup program over ActiveSync running on the PC to which the device was connected. We were able to choose what files, folders, memory or applications - such as Outlook - we wanted to encrypt. EMMO uses a password to generate the encryption key used for encryption/decryption, together with a strong FIPS 140-2 certified implementation of the AES algorithm and a 256-bit key length. As long as the password is not cracked, files and applications are safe, even if the phone is lost or stolen.
There is also a recovery feature available through the client. The recovery data is generated at the time of installation and synchronized with the central McAfee Endpoint Encryption Manager server.
Policy updates happen every time the portable device synchronizes with its PC via any TCP/IP connection. There is an over-the-air option for updates as well.
Basic support is included for one year with the license purchase. Support upgrades are available for a fee.
This is a very nice encryption solution that would be a welcome addition to any set of devices lacking that functionality.