Trusted Drive Manager

To specialize your search, enter a keyword, phrase or question in the box below.

Frequently Asked Questions

Click on the question to show the answer. Expand All Answers

1. What is involved in recovering data from a failed hard drive that has been encrypted?

   Similar to a normal ATA drive: if the drive fails, backup data can be restored to a new drive. Similar to a normal ATA drive, it is very difficult to recover data from multiple raw platters on a spindle.

2. What is EMBASSY Remote Administration Server (ERAS) and what does it do for my network?

   The EMBASSY Remote Administration Server (ERAS) enables IT administrators remotely deploy and manage clients that are equipped with Trusted Platform Modules (TPM) and/or Seagate Momentus 5400 FDE.2 Trusted Drives.

3. What do I have to do to use a Trusted Drive?

   For more information on using a Trusted Drive, please see our Wave TDM Getting Started Guide.

4. Will utilities such as "Ghost" work?

   Utilities such as Ghost will work as long as a correct username and password for the Trusted Drive have been entered.

5. What is the Embassy Trusted Drive Manager?

   EMBASSY Trusted Drive Manager is a robust application to enable the Trusted Drive 's advanced capabilities and allow the drive to operate in Trusted Mode.

   EMBASSY Trusted Drive Manager supports the following:

   • Management access to all drive security functions
   • Initialization of the Trusted Drive security functions
   • Remote ownership and administration functions

6. How is a Trusted Drive different from a regular hard drive?

   A Trusted Drive has embedded hardware data encryption. Trusted Drives encrypt all drive data all the time, in hardware.

7. Why is a Trusted Drive better at protecting data than a regular hard drive that is using full disk encryption software?

   Security hardware cannot be modified by software, so a Trusted Drive is more secure that a regular drive with software encryption.

   Hardware encryption is also faster than software encryption. A Trusted Drive will encrypt at host interface speeds.

   Hardware encryption is independent of the processor. A Trusted Drive using encryption has no impact on the PC processing speed (throughput).

8. Will I notice any differences in using my PC with a Trusted Drive?

   If pre-boot authentication is chosen, it will be necessary to enter a Trusted Drive password before the system boots.

9. Do I need training to use a Trusted Drive?

   No training is required for the day to day use of a Trusted Drive with Wave software. It simply works like the regular hard drives users are working with today. However, there is a simple one time set-up requirement to enable the security features on a Trusted Drive.

10. Can multiple user accounts be configured on a single Trusted Drive?

    Yes, Wave ETDM allows up to 4 users to use the Trusted Drive in secure mode.

11. What about data recovery on a Trusted Drive, is it possible?

    Drive level data recovery for a Trusted Drive works exactly as it does for a regular hard drive. Existing data backup and restore tools may be used with Trusted Drives as part of a normal and proper IT process.

12. How do I recover from a lost or forgotten password?

    In the standalone client configuration, the Drive Administrator password for the Trusted Drive is placed in a file and the Drive Administrator is instructed to store that file in a physically secure location.

    In an enterprise configuration, ERAS maintains a recovery password which can be provided to the user in the event of a lost or forgotten password.

13. Is initialization needed (like a disk wipe) when reassigning the Trusted Drive to another user?

    ETDM allows the drive owner or IT Administrator to cryptographically erase the drive for repurposing or disposal. This is possible only after the proper authorizations have been completed so normal users will not have access to this capability.

14. From a systems management point of view how are Trusted Drives different?

    To get the benefit of a trusted drive it is necessary to provision / activate the Trusted Drive, this is known as Initialization.

    A drive without the Trusted Drive security initialized behaves just like a normal ATA drive. Therefore it can be managed like a normal drive.

    Initialization may be completed locally at the PC or remotely from the EMBASSY Remote Administration Server.

15. What is meant by lock mode?

    When in lock mode the Trusted Drive will remain inaccessible until a valid password is presented during the boot process.

16. What management functions exist for the drive encryption key?

    The drive encryption key never leaves the drive controller hardware and is only used by the drive controller. Therefore no management functions are required or provided for the drive encryption key.

17. Can other encryption products be used on a Trusted Drive?

    Yes, ETDM plus ERAS with the Trusted Drive provides a completely managed and protected Data At Rest solution. If an organization wants to layer the security with file and folder based encryption for protecting data while logged-in, Wave provides a compatible solution for this function.

18. How will encryption effect un-attended re-boot?

    When pre-boot authentication is enabled (locked mode), then the entry of the drive password is required before the boot process can begin. ERAS can be used to temporarily disable pre-boot authentication, this enables unattended re-boot.

19. What are the main features of ERAS?

    ERAS gives IT administrator the tools they need to boost enterprise security while keeping deployment and management costs at a minimum.

20. Is there a client server infrastructure for manageability?

    Yes, Wave provides a complete manageability solution called ERAS (EMBASSY Remote Administration Server) that allows an enterprise to fully provision and manage a Trusted Drive. User provisioning is accomplished in conjunction with Active Directory.

21. Is there a default option to have the Trusted Drive user password and the Windows user password to be identical?

    The Trusted Drive Manager user password and the Windows password are not synchronized.

22. What are the auditability benefits of ETDM and trusted drive technology?

    The Wave ERAS server logs all Trusted drive initialization and enrollment operations.

    The Wave ERAS server can also be used to routinely log the status of all trusted drives in an enterprise. This can be used as forensic evidence in case of laptop theft or loss.

23. Is there event logging and locking in the case of multiple password attempts?

    The Trusted Drive hardware has a tamper-resistant feature that forces the drive to be power cycled if more than 5 consecutive failed authentication attempts occur.

24. What attacks does the Trusted Drive protect against?

    Trusted Drives are designed to protect against off-line or Data at Rest attacks. The attacks are most commonly performed on lost or stolen laptops. For an appropriately configured drive, physical theft of the drive or platform will require knowledge of a pre-boot password.

    Should the Trusted Drive be removed from the PC and mounted as a secondary drive in another PC, the data cannot be read unless the proper password is used to unlock the Trusted Drive .

Additional Support

If you need additional information, please submit a Support Request Form. Customer Service will contact you within one business day with a response to your inquiry. To ensure quality customer service, please include your email address and a detailed description of the issue/inquiry.

Support Request Form