Friday, September 4, 2009

Time to start getting ready for R72

Did you know that Microsoft is releasing a new operating system soon? In fact, many of us in the IT industry are already using the new operating system and it is a big improvement over Vista. I think the word will get out soon that Windows 7 is a big improvement over Vista and we will see a lot of older machines that have XP on them get traded in for shiny new Windows 7 machines.

This creates a problem for those of us in charge of putting disk encryption on these machines. The version of Pointsec that my brothers and sisters working for the State of Minnesota is using is not compatible with Windows 7. So we're probably going to be pushed towards using the 7.0 code line. The official name for the product is (as of right now) Check Point Endpoint Security Full Disk Encryption R72 (CPESFDER72). Holy crap even the acronym is too long!

R72 brings some interesting new features to the table that I'm really excited about trying out. I have been delayed in that because there were some problems with support getting renewed. Now I have the software and a semi-working license file and I want to get into it. I'll keep the blog posted on what I'm having to do that is different.

The most exicting new feature for me is that you can transfer log files, recovery files, update profiles over http or https now instead of requiring a connection to a file server. This is really big, especially for computers that leave campus for long periods of time and users that don't jump onto VPN very much. Now we can open up a rather safe firewall port and regain control over our remote machines. Sweet.

On the other hand, you also have to set up a license server. So far it doesn't seem very difficult, but it seems kind of crappy to have a whole server devoted to licensing for a single product. One irritant is that the licensing server doesn't seem to fit the needs of any of the other endpoint security proucts. The one I set up wouldn't accept my license for Media Encryption with Port Protection for example. But I'm just starting to play with this stuff so I might be wrong. I hope I'm wrong. I'll keep you posted.


Elizabeth Mahlou said...

Oh, my goodness! I am glad I saw your post. My organization is getting ready to roll out vista for everyone -- most of us are not even that advanced yet. So, perhaps the exchange should be for R72, instead. I am going to mention it to our IT folks. Thanks for posting this information.

Sarah said...

fyi, r72 doesn't support windows 7 (yet?) - apparently there were some bugs found during the q/a process.

carl said...

the license server is not 100% reliable, although in most cases it works. you can install this on a server running Media Encryption or WebRH. R73 is being released to gen public in December - supports DVD encryption with Nero in XP

carl said...

PS - R73 fully supports Windows 7

Anonymous said...

Is the license server an optional component?

Black Fist said...

I am afraid not. You have to set up the license server before you start setting up Check Point clients. The Check Point installer asks for the IP of the license server. I suppose you could give it any address but I assume that if it doesn't license after some period of to
e then something happens.

carl said...

R73 is now on general release and supports Windows 7

carl said...

You do not need a license server if you have a legacy license. If you do not have one contact Check Point or your account manager.

Also, I made an error in a previous posting, you cannot install the license server on a Check Point Media Encryption server.

For more info, look for postings on Check Point forums. My username is carl connor or infosec technologies

Many thanks