Messaging Server - basic functioning | Messaging Server - components

Messaging Server - delivery and mailclients

Basic functioning

Entrust Entelligence Messaging Server allows multiple email encryption deployment models and flexible delivery options to suit both internal and external user requirements. The Messaging Server appliance hosts an email encryption application. The application encrypts email messages on the server side before sending them to recipients. This behavior contrasts with many competitive email encryption solutions in which email encryption is completed on the client side.

In an End-to-End encryption scenario for example, the Messaging Server user sends an email to a recipient. The email is encrypted for Messaging Server, sent to Messaging Server where it is re-encrypted for the intended recipient and then sent to the recipient. The sender does not need to exchange encryption keys with the recipient, or even know the recipient’s type of email application or preferred method of secure delivery in order to send a secured message, while content scanning and other compliance securing measurements can be done on the interim unencrypted Mail.

The EMS has the ability to deliver the secured message to the recipient in various ways, depending on the receivers ability. If the receiver is in an organisation using an EMS Server too, the mail will be encrypted vor the gateway of the recipient. If the recipient has an x.509 certificate for S/Mime or an OpenPGP certificate, the e-mail will be encrypted for him with these certificates, which have to be harvested for the first time. If the recipient has no encryption possibility at all, then the secured information can be accessed by the recipient via web-mail.



	Entrust Messaging Server - Delivery Options source: Entrust Inc.

Web-based secure email

The Entrust Entelligence Messaging Server offers secure web-based email to reach recipients that are uncomfortable using S/MIME or OpenPGP. This capability enables users to view encrypted emails through their Web browsers and reply to them. Two deployment models are available to suit customer preferences: WebMail Pull and WebMail Push. With WebMail Pull users receive a notification message indicating that a secure email is available for viewing by clicking on a URL. With WebMail Push the entire message contents are delivered in encrypted form to the recipient and are decrypted upon successful authentication.

Push and Pull Technology: Secure Web Mail Delivery

One of the key advantages of Entrust’s Boundary based email security solution is that, in addition to S/MIME delivery, organizations can employ secure web mail to exchange secure email with external partners who do not have S/MIME or OpenPGP capabilities. Entrust Entelligence Messaging Server uses both push and pull technology. Using a compatible Web browser and any common email account, external recipients can receive (and authenticate) secure messages with
internal desktop users. Specific features and benefits of the Web-based delivery are as follows:

• Facilitates secure email communication with external recipients without the need for S/MIME certificates or OpenPGP keys
• Does not require client-side software (leverages existing email client and browser)
• Provides rich email functionality: read, reply, compose, delete, send/receive attachments, sort and manage personal folders
• Enables self-service account management (register, enroll, reset password and set preferences)
• Offers a Web-based administration model with support for user self-administration

Sending an encrypted E-Mail via Messaging Server

When using Entrust Entelligence Messaging Server, there are several different ways in which a secure email message can be sent. The server can be set up to encrypt messages ‘automatically’ based on certain criteria, or messages can be encrypted by individual users. Here are some of the possible send options:

• Automatic (Autonomous) encryption: autonomous encryption of a message if it is coming from certain individuals or departments (such as CEO), is going to a specific domain or partner company, has a particular key word in the subject line, or if there are specific identified features of the message (such as attachments)

• Click-to-Encrypt: on-demand encryption of specific messages based on ‘click-to-encrypt’ basis, by using the Entrust Entelligence Boundary Encryption Plug-in for Microsoft Outlook

EMS does all the harvesting of certificates and the email encryption etc., while outbound scanning to occur is still possible.

Microsoft Outlook an other Mail Clients and Entrust Messaging Server

Entrust Entelligence Messaging Server works in conjunction with the Entrust Entelligence Security Provider for Outlook to enable Microsoft Outlook users to send secure emails to external partners and customers. Using the E-mail Plug-in, the user sends an encrypted and/or digitally signed Outlook email addressed to one or more recipients. The email is encrypted for and delivered to the Entrust Entelligence Messaging Server. EMS expands any distribution lists and determines the appropriate secure delivery method for each recipient. If a secure delivery method has not been determined for a certain recipient, the message is queued until one is established (e.g. via certificate harvesting). Delivery occurs using the appropriate secure delivery method.

If you Lotus Notes instead of Outlook, there is Boundary Encryption Plug-in (BEP) similar to Outlook plug-in for encrypting the E-mail for the EMS. If you are using the RIM Blackberry Solution, there is an EMS plug-in on the Blackberry developed & sold by RIM so automated End to End e-mail encryption via Blackberry is possible.

Performance for end users doing email encryption

In many email encryption systems, if a user sends an encrypted email to several recipients the client-side software encrypts the message for all these recipients. The key lookup process can take time for a large recipient list. Using the Messaging Server, the sender encrypts the message for a single recipient–Messaging Server–so the email encryption process is much faster on the client side.



	Sending an encrypted email via Messaging Server source: Entrust Inc.

Offline end users and email encryption certificate

Users who are not connected to the Directory (also called "offline users") don't have access to other users' public encryption keys stored in the Directory. Typically, users who work offline must use either the encryption certificates of other users stored in their certificate cache or import the certificates into their Personal Address Book (PAB) on their local machine. Using the Messaging Server, the task of importing certificates is virtually eliminated because the Messaging Server rather than the sender performs the encryption for recipients. The only encryption certificate that offline users must have cached before they try to encrypt is that of the Messaging Server.

Policy-based security at organizational boundary

If your primary concern is securing email communications with external entities such as partners and customers, you can enable the Entrust Entellignce Messaging Server's "Boundary Only" feature. With this feature, email encryption is conditionally applied to messages being sent outside your organizational boundary. The decision to encrypt an outbound email is made 'automatically' based on an encryption policy that you set up either on the Messaging Server itself, or on a separate content control solution such as Vericept Protect. For example, you can set up a policy that causes the Messaging Server to encrypt emails containing certain keywords, or that are addressed to specific recipients or domains. For more advanced encryption policy requirements, the Entrust Entelligence Messaging Server is designed to operate with any content control solution to examine email content and attachments in more depth and look for sensitive documents, corporate intellectual property, or privacy-protected information.

Message Queuing

Message queuing enables the Messaging Server to store messages that have been sent, until the recipient specifies an appropriate key or a delivery method to send the message securely. The Messaging Server administrators are able to configure the message queuing options and to monitor and delete the messages in the queue.

Administrators can track e-mail messages within a Messaging Server cluster to analyze and troubleshoot issues associated with undeliverable mail. Entrust EntelligenceMessaging Server provides many search options. You can search by the e-mail address of sender or recipient or by time range, to name a few. From the Administration Interface, administrators can view the following information when tracking a message:

• Which nodes in the cluster were successfully/unsuccessfully contacted during the search.
• The direction of the message (enter or leaving a node)
• The sender, recipient, and status of the message.
• The date and time
• The node where the event occurred

Administrators can also drill down further into a specific message to obtain more detailed information that can help to locate a problem. Tracking is accessible from the Tracking page.



	EMS - Options for sending and receiving e-mails source: Entrust Inc.

		DOWNLOADS

	Entrust Encryption Solutions
	Data sheet: Entrust Entelligence Messaging Server
	Entrust White Paper: Encryption 101
	see the Messaging Server Flash Tutorial
	of course, there are more information material for interested customers - please contact us

Messaging Server - benefits What do companies gain from the usage of Entrust Entelligence Messaging Server? What security targets are covered by EMS?

Messaging Server - basic functioning How is Entrust Entelligence Messaging Server functioning? What are the key features and how facilitates EMS the handling of receiver certificates and PKI.

Entrust Messaging Server Entrust Entelligence Messaging Server is a comprehensive e-mail encryption gateway appliance solution which secures information transfered through open networks. It is easy to deploy and maintain but extrem flexible in its capabilities.