1.1 System Requirements

Refer to the sections in this chapter to learn about full disk encryption requirements for managed devices, standard hard disks, self-encrypting hard disks, and pre-boot authentication.

1.1.1 Managed Device Requirements

The Managed Device Requirements in ZENworks 2017 System Requirements provides a list of software and hardware requirements that must be met to install the ZENworks Agent on a device. Devices that you want to use for ZENworks Full Disk Encryption must meet those requirements. Exceptions to those requirements are provided in the following list:

Item

Requirements

Operating System

ZENworks Full Disk Encryption is not supported on all operating systems listed in Managed Device Requirements in the ZENworks 2017 System Requirements reference. The supported operating systems for ZENworks Full Disk Encryption are:

  • Windows 7 (x86 and x86_64) SP1 — Professional, Ultimate, and Enterprise editions only

  • Windows 8 (x86 and x86_64) — Professional and Enterprise editions only

  • Windows 8.1 and Windows 8.1 Update (x86 and x86_64) — Professional and Enterprise editions only

  • Windows Embedded 8.1 Industry Pro

  • Windows 10 (x86 and x86_64) — Professional, Education, Enterprise, and Enterprise LTSB editions

Virtual Environments

ZENworks Full Disk Encryption is not supported in virtual environments. This includes both virtual machines and machines accessed via thin-clients. When installing the ZENworks Agent to a virtual environment machine, do not enable Full Disk Encryption.

Firmware

BIOS firmware is required. UEFI firmware is not supported.

1.1.2 Standard Hard Disk Requirements

Standard disks are any disks that do not provide hardware-based encryption. When used with ZENworks Full Disk Encryption, standard disks must meet the following requirements:

Item

Requirements

Disks

  • IDE, SATA, and PATA hard disks are supported. SCSI and RAID hard disks are not supported.

  • Multiple standard disks (one primary and multiple secondary) are supported in one device. When using multiple disks, all disks must be the same (for example, all IDE or all SATA).

  • Encryption of both standard and self-encrypting hard disks in the same device is not supported. A device can have standard disks or it can have self-encrypting disks, but it cannot have both.

Disk Communication Modes

  • ATAPI and AHCI are supported.

  • When using ZENworks Pre-Boot Authentication, we strongly recommend that you use the standard Microsoft drivers. Other drivers can cause issues such as CD and DVD drives disappearing.

Disk Types

  • Basic disks are supported. Dynamic disks and other disk types are not supported.

File System

  • NTFS is supported. FAT32 and all other file system formats are not supported.

System Disk

  • The system disk (operating system) must be Disk0.

Partition Tables and Partitions

  • All disks must use a master boot record (MBR) partition table. GUID partition tables (GPT) are not supported.

  • ZENworks Full Disk Encryption creates a primary partition (referred to as the ZENworks primary partition) on the system disk to store files required for encryption and pre-boot authentication. Windows supports a maximum of four primary partitions; one primary partition must be available for ZENworks Full Disk Encryption. If all four primary partitions already exist, ZENworks Full Disk Encryption cannot create the required ZENworks primary partition and encryption fails.

  • A maximum of 10 partitions can be encrypted. The partitions can be on one disk or spread across multiple disks.

Disk Space

  • 100 MB of free disk space on the system disk (Disk0) for the ZENworks primary partition that is created when the Disk Encryption policy is applied. To create the 100 MB partition, 300 MB of disk space must be available or the creation process will fail.

  • 140 MB of free disk space on the system disk (Disk 0) for ZENworks Full Disk Encryption software files.

1.1.3 Self-Encrypting Hard Disk Requirements

Self-encrypting disks are any disks that provide hardware-based encryption. When used with ZENworks Full Disk Encryption, self-encrypting disks must meet the following requirements:

Item

Requirements

Disks

  • Self-encrypting hard disks that comply with the Trusted Computing Group OPAL 2.0 specification. For detailed information, see ZENworks Full Disk Encryption Deployment on Self-Encrypting Drives.

  • Encryption of both standard and self-encrypting hard disks in the same device is not supported. A device can have standard disks or it can have self-encrypting disks, but it cannot have both.

System Disk

  • The system disk (operating system) must be Disk0.

Disk Space

  • 140 MB of free disk space on the system disk (Disk0) for ZENworks Full Disk Encryption software files.

1.1.4 Pre-Boot Authentication Requirements

ZENworks Pre-Boot Authentication (PBA) requires the following:

Item

Requirements

Drivers

We strongly recommend that you use the Microsoft IDE/SATA drivers. Other drivers can cause issues such as CD and DVD drives disappearing.

Smart Cards

ZENworks PBA supports smart card authentication. For a list of supported smart card solutions, see Section A.0, Supported Smart Card Terminals and Tokens.

Single Sign-On

ZENworks PBA supports single sign-on with Windows via both the Windows Client and the Novell Client. When using the Novell Client, the following requirements apply:

  • Novell Client 2 SP3 IR5 or later is required on Windows 7/8.

  • When using user ID/password authentication with the Novell Client and DLU, the user needs to log in to the Novell Client once before single sign-on will work. During single sign-on, the ZENworks PBA passes the user ID and password to the Novell Client. However, the client requires other details (tree, server, context, and so forth) that are available only if the user has populated the details during a previous log in.

  • When using smart card authentication with the Novell Client, NESCM (Novell Enhanced Smart Card Method), and DLU, the user needs to be the last user to have logged in to the Novell Client. During single sign-on, the ZENworks PBA passes the pin to the Novell Client. However, the client requires other details (tree, server, context, and so forth) that are available only if the user was the last smart card user to log in to the client.

  • Smart card authentication with the Novell Client, NESCM, and Disconnected Workstation Only mode is not supported.