Encryption Manager Tool

This subsystem enables the user to view and optionally change the system's encryption status and backup encryption keys. The screen is divided into four functional areas:

Change Encryption State: Encryption may either be turned off, turned on persistently (such that it will remain on across system reboots), or turned on non-persistently (such that it must be reenabled across system reboots.) While turning on encryption non-persistently offers the highest security, it also means that if the system undergoes a reboot for any reason that the administrator of the system must be present to re-enter the passphrase before normal system operation can resume. As an example, if a backup is scheduled for 3:00AM and power cycles and the system reboots at 2:00AM, unless the passphrase is re-entered the system will not execute the scheduled backup operations.

View Encryption State: This is a visual indication and confirmation concerning the current encryption state of the system.

Backup Master Key: This allows the encryption master key to be backed up to a CD.

Change Passphrase: This allows the encryption passphrase to be changed. This is only visible if encryption is currently enabled - encryption must be turned on in order to change the passphrase.