1.1 System Requirements

Refer to the sections in this chapter to learn about full disk encryption requirements for managed devices and pre-boot authentication.

1.1.1 Managed Device Requirements

The Managed Device Requirements in the ZENworks 2020 Update 1 System Requirements, provides a list of software and hardware requirements that must be met to install the ZENworks Agent on a device. Devices that you want to use for ZENworks Full Disk Encryption must meet those requirements. Exceptions to those requirements are provided in the following list:

Item

Requirements

Operating System

ZENworks Full Disk Encryption is not supported on all operating systems listed in Managed Device Requirements in the ZENworks 2020 Update 1 System Requirements reference. The supported operating systems for ZENworks Full Disk Encryption are:

  • Windows 7 (x86 and x86_64) SP1 — Professional, Ultimate, and Enterprise editions only

  • Windows 8 (x86 and x86_64) — Professional and Enterprise editions only

  • Windows 8.1 and Windows 8.1 Update (x86 and x86_64) — Professional and Enterprise editions only

  • Windows Embedded 8.1 Industry Pro

  • Windows 10 (x86 and x86_64) — Professional, Education, Enterprise, and Enterprise LTSB editions

Virtual Environments

ZENworks Full Disk Encryption is not supported in all virtual environments. This includes both virtual machines and machines accessed via thin-clients. When installing the ZENworks Agent to a virtual environment machine, do not enable Full Disk Encryption on VMs configured for SCSI drives. Pre-boot authentication should also not be used on VMs configured as “Thin Clients.”

Firmware

  • Both BIOS and UEFI firmware are supported.

Disks/Drives

  • IDE, SATA, and PATA disk interface standards are supported for hard disk drives, and both SATA and NVMe are supported for solid state drives, including M.2 drives.

    SCSI and RAID hard disks are not supported.

  • Multiple disks (one primary and multiple secondary) are supported in one device. When using multiple disks, all disks must be the same (for example, all IDE or all SATA).

Disk Communication Modes

  • ATAPI, AHCI, and NVMe are supported.

  • When using ZENworks Pre-Boot Authentication, we strongly recommend that you use the standard Microsoft drivers. Other drivers can cause issues such as CD and DVD drives disappearing.

Disk Types

  • Basic disks are supported. Dynamic disks and other disk types are not supported.

Disk Encryption

  • Software encryption on standard, solid state, and self-encrypted drives is supported. Encryption is not supported on devices with more than one of these types of hard drives on the same device.

File System

  • NTFS is supported. FAT32 and all other file system formats are not supported.

System Disk

  • The system disk (operating system) must be Disk0.

Partition Tables and Partitions

  • Disks can use a master boot record (MBR) or GUID partition tables (GPT), both types are supported.

  • ZENworks Full Disk Encryption creates a primary partition (referred to as the ZENworks primary partition) on the system disk to store files required for encryption and pre-boot authentication.

    Windows supports a maximum of four primary partitions; one primary partition must be available for ZENworks Full Disk Encryption. If all four primary partitions already exist, ZENworks Full Disk Encryption cannot create the required ZENworks primary partition and encryption fails.

    Non-GPT: A maximum of 10 partitions can be encrypted. The partitions can be on one disk or spread across multiple disks.

    GPT: A maximum of 128 partitions can be encrypted per disk.

Windows Secure Boot

  • Secure Boot is supported for Full Disk Encryption.

Disk Space

  • 500 MB of free disk space on the system disk (Disk0) for the ZENworks primary partition is created when the Disk Encryption policy is applied. To create the 500 MB partition, 500 MB of disk space must be available or the creation process will fail.

  • At least 200 MB of free disk space on the system disk for ZENworks Full Disk Encryption software files.

  • At least 50 MB of free disk space is required for the EFI system partition (ESP) when the system’s firmware is configured to run UEFI BIOS.

1.1.2 Pre-Boot Authentication Requirements

ZENworks Pre-Boot Authentication (PBA) requires the following:

Item

Requirements

Drivers

We strongly recommend that you use the Microsoft IDE/SATA drivers. Other drivers can cause issues such as CD and DVD drives disappearing.

Smart Cards

ZENworks PBA supports smart card authentication. For a list of supported smart card solutions, see Section A.0, Supported Smart Card Terminals and Tokens.

Single Sign-On

ZENworks PBA supports single sign-on with Windows via both the Windows Client and the Novell Client. When using the Novell Client, the following requirements apply:

  • Novell Client 2 SP3 IR5 or later is required on Windows 7/8/10.

  • When using user ID/password authentication with the Novell Client and DLU, the user needs to log in to the Novell Client once before single sign-on will work. During single sign-on, the ZENworks PBA passes the user ID and password to the Novell Client. However, the client requires other details (tree, server, context, and so forth) that are available only if the user has populated the details during a previous log in.

  • When using smart card authentication with the Novell Client, NESCM (Novell Enhanced Smart Card Method), and DLU, the user needs to be the last user to have logged in to the Novell Client. During single sign-on, the ZENworks PBA passes the pin to the Novell Client. However, the client requires other details (tree, server, context, and so forth) that are available only if the user was the last smart card user to log in to the client.

  • Smart card authentication with the Novell Client, NESCM, and Disconnected Workstation Only mode is not supported.