If you're familiar with DE, you know that initial encryption of your entire drive can take 3–6 hours. This period depends on the size, speed of the drive, and CPU.
The reason for 3–6 hours of encryption time is that every available sector on the drive is read and encrypted, regardless of whether the sector contains any data or not.
For in-field deployments, initial encryption is throttled, so that it's processed in the background to avoid affecting you.
Improvements:
- Customer feedback indicates a requirement to move away from in-field deployment, and a preference to hand over pre-encrypted laptops to the user. So, with DE 7.1 and later, we've added support for Offline Activation.
- With this new capability, administrators can generate an offline installer package from ePolicy Orchestrator (ePO), and use this executable multiple times to pre-encrypt computers without requiring ePO connectivity.
- You can also safely share this executable to an external vendor. The vendor can quickly embed and integrate the EXE with their laptop imaging workflow processes.
- The vendor ships your pre-encrypted computers with a default policy.
- When the laptop is brought onto the corporate network, ePO takes over, and replaces the default policy with a corporate policy in seconds.
- Although this offline activation feature helps with cost savings, there's still a 3–6 hour wait for the initial encryption process to complete.
In DE 7.1.0 and later, enhancements were made to the Offline Activation feature with two new capabilities that enable you to perform the following actions:
- Disable the power fail throttling capability
- Encrypt only used sectors on the drive
When both of the above capabilities are used together, you can encrypt a new drive in minutes. As you use new sectors on the drive, these sectors are encrypted on the fly.
For example, on a new Dell latitude E6410 laptop with a fresh Windows image, regular encryption would take 5.93 hours. In contrast, Fast Initial Encryption can complete in just 4.53 minutes.
NOTE: To review performance data for DE 7.1, see
KB77844 - Performance data for the new Fast Initial Encryption feature (Used Sector Only).
For scenarios where you pay IT by the hour, this feature can result in savings of about $125 per laptop, assuming $25 per hour, with no loss in security posture.
For more technical information about this new capability, see KB79784 - FAQs for Drive Encryption 7.x.
NOTE: Fast Initial Encryption is available only as a part of the offline activation process. The offline activation option is Skip Unused Sectors.
Offline activation process overview:
- Create and configure the offline activation package.
- Install the McAfee Agent package.
- Install the Agent and PC software packages.
- Install the offline activation package and activate DE.
- Log on to the client.
For installation advice, see your respective DE Best Practices Guide and Product Guide.