The DEGO tool helps customers and product engineers determine if a client has the required hardware to support installation and activation of DE.
The utility indicates the readiness of the system to install either DE or other appropriate products. It provides an indication of readiness, but not a definitive indication that no errors will occur. The utility provides some initial testing of the system to verify that it will be ready to install and activate the product. It does not pick up DE error states, such as failing to activate because no users are assigned to the system.
The first release is targeted for deployment to Windows systems, and a Mac version is in development with similar functionality.
The product checks for the following types of problems:
- Data Channels (to verify communication in both directions is working)
- Incompatible product installed. For details, see KB84990.
- Self-Monitoring, Analysis, and Reporting Technology (SMART) to check a computer system hard disk drive to detect and report on various indicators of reliability, with the aim of anticipating failures
- Partition / Disk / MBR compatibility
- Opal drive compatibility
- Overall Ready (Yes/No)
Communication
The communication of this information back to the ePolicy Orchestrator (ePO) does not use the data channels because it is possible that one of the tests will identify the data channels are not functioning correctly. Thus, communication uses the standard McAfee Agent functionality. Information is sent from the client to the ePO server at every Agent-to-Server Communication Interval (ASCI). This allows ePO administrators to have a continuously updated view of the information. For example, the administrator can observe when the number of systems that are ready to deploy the product increases as the number of systems with incompatible products decreases.
Troubleshooting and Logging (Client/Server)
Diagnostic information on the client has a similar format to the MfeEpe.log with levels of
Error,
Warning,
Info, and
Debug. The log information at Info level shows a basic trace of pings and tests and at Debug level shows all data and messages sent to and from the client with detailed traces of each test.
Client logging and configuration can be achieved by controlling the logging level using either the command line or the registry. Server logging is achieved by modifying an XML file.
For details on how to enable debug logging for DEGO, see
KB73165.
ePO Reports
A dashboard and a few reports are available for users to see all of the information that is returned by the various systems. On the dashboard, the ePO admin can see a pie chart that shows a view of how many of the systems are ready, and which ones are not ready. The admin can click on the
not ready systems and drill down to view the details.
Report Name
|
Role
|
Drive Encryption GO: Compliance
|
Report containing the endpoints running DEGO.
|
Drive Encryption GO: Data Channel Status
|
Reports the results of the datachannel ping from the client in milliseconds and the reachable status from the server with a timeout of 30 minutes.
|
Drive Encryption GO: Incompatible products
|
Reports incompatible product detections at the client:
Incompatible Product
|
DEGO 7.x |
BitLocker
|
Yes |
GuardianEdge
|
Yes |
HP Client (OEM)
|
Yes |
HP ProtectTools
|
Yes |
PGP Whole Disk Encryption (Mac/PC) |
Yes |
PointSec v6 |
Yes |
SafeBoot |
Yes |
SafeGuardEasy |
Yes |
SafeGuard v1-v5.5 |
Yes |
SafeGuard v5.5+ |
Yes |
SafeNet ProtectDrive |
Yes |
Symantec Endpoint Encryption |
Yes |
TrueCrypt |
Yes |
Wave Trusted Drive Manager |
Yes |
WinMagic SecureDoc |
Yes |
|
Drive Encryption GO: Test Failures |
DEGO testing to check:
- SMART Status (PredictFailure Attribute)
- Can the disk be used to install the DE MBR
- Opal Supported Drive
|
ePO Charts
An additional pie chart might be available that shows which incompatible products were discovered (if any). For example: 1000 machines are running this tool and 100 have incompatible products. The pie chart might show 75 running PointSec and 25 running BitLocker.
ePO Policies
This includes a policy with a single setting which by default is disabled. When an admin views a system from the system tree, on the system details, an extra section shows the information that was obtained for this particular system.
PING test
This includes an option that is available from the ePO system tree that allows an administrator to ping a system(s) using the data channel technology to see if this data channel technology is functioning.