Internal hard disk encryption's effectiveness is multiplied by using removable media encryption running on the same agent and enabled with a server license.
Server prep necessitated us installing .Net 3.5 and IIS. Everything else installed for us with the Data Protection Suite Management Server implementation. The install offers a choice between using MS SQL or the embedded database, a nice deployment feature. Once up and running, user management is done through Active Directory (AD) integration. One has to open Windows Management Instrumentation (WMI) ports on Windows Firewall for the management system to poll devices, but this allows one to not only manage them but also detect hardware.
Admins can install the user agents manually or via a group policy object (GPO). There was also a MAC client available, which we did not test. Security is set via policies and applied to AD groups, users or machines. One has full control over fixed and removable media encryption, including port and device control.