Will Safeguard Disk Encryption for Mac run on an OS X server, or only on a client OS?

Hi Joel,

Thanks for your response.  I take your points.  Indeed I'd been asking myself what benefit there could be in encrypting the server OS, given a server is usually always booted and left on (as is mine), which makes FDE pointless, except for scenarios where the server might be stolen while it's switched off.  Also, it's housed in one of the company's highly secure server rooms, which is itself in a building with stringent perimeter access controls.

Within the company, I got the brief that all our Macs will need to have FDE.  I pointedly asked about whether the server needed to be FDE'd too, since it was in a physically secure environment.  I think my question then got misunderstood down the line, with the response that Macs must be FDE'd.  I took this to mean there would be no exceptions allowed (e.g. for servers).  On re-reading through the e-trail though, I think it's more obvious that my question was taken to mean as regarding the Mac client machines, not the server.

Anyway, I'll just concentrate on getting the Mac clients FDE'd for now.  If anyone later tells me the server must be FDE'd too, I'll go through the issues with them at that time. 

The client Macs do need to be FDE'd however, since they're in normal open plan offices and users often temporarily store data files on their desktops (which are in locally hosted Home folders - networked Homes for the Macs are a no-no here for various reasons).  They all connect to a shared RAID volume on the server, where they centrally store and work on their jobs data.

The main reason for me looking at SafeGuard as an FDE solution rather than Apple's FV2 is that the latter doesn't provide a temporary bypass for preboot authentication, meaning I couldn't ever reboot the machines remotely and continue working on them (which I need to do often during maintenance & troubleshooting, and mostly out-of-hours).  Otherwise, I'd have preferred the Apple FDE solution (assuming it was found to work OK), being native to the OS, and free.

I'm hoping to try SG on a client test Mac v soon.  Will let you know how that goes.

Thanks again for your comments.

Paul.

Hi Joel,

Thanks for your response.  I take your points.  Indeed I'd been asking myself what benefit there could be in encrypting the server OS, given a server is usually always booted and left on (as is mine), which makes FDE pointless, except for scenarios where the server might be stolen while it's switched off.  Also, it's housed in one of the company's highly secure server rooms, which is itself in a building with stringent perimeter access controls.

Within the company, I got the brief that all our Macs will need to have FDE.  I pointedly asked about whether the server needed to be FDE'd too, since it was in a physically secure environment.  I think my question then got misunderstood down the line, with the response that Macs must be FDE'd.  I took this to mean there would be no exceptions allowed (e.g. for servers).  On re-reading through the e-trail though, I think it's more obvious that my question was taken to mean as regarding the Mac client machines, not the server.

Anyway, I'll just concentrate on getting the Mac clients FDE'd for now.  If anyone later tells me the server must be FDE'd too, I'll go through the issues with them at that time. 

The client Macs do need to be FDE'd however, since they're in normal open plan offices and users often temporarily store data files on their desktops (which are in locally hosted Home folders - networked Homes for the Macs are a no-no here for various reasons).  They all connect to a shared RAID volume on the server, where they centrally store and work on their jobs data.

The main reason for me looking at SafeGuard as an FDE solution rather than Apple's FV2 is that the latter doesn't provide a temporary bypass for preboot authentication, meaning I couldn't ever reboot the machines remotely and continue working on them (which I need to do often during maintenance & troubleshooting, and mostly out-of-hours).  Otherwise, I'd have preferred the Apple FDE solution (assuming it was found to work OK), being native to the OS, and free.

I'm hoping to try SG on a client test Mac v soon.  Will let you know how that goes.

Thanks again for your comments.

Paul.