Disk Encryption

Overview

Disk Encryption in zMan Director allows administrators to configure encryption settings for managed zTC devices during provisioning or device configuration workflows.

Disk encryption helps secure local device storage by requiring encryption protection before the device is fully available for use.

Encryption Methods

zMan Director supports disk encryption using the following methods:

Passphrase-based encryption
TPM-based encryption

The available encryption options may depend on the zTC hardware, firmware version, and deployment configuration.

Passphrase-Based Encryption

Passphrase-based encryption uses a configured passphrase to protect the encrypted disk.

Administrators should follow organizational password and security policies when defining passphrases.

Recommended practices include:

Use strong passphrases
Avoid shared or reused passphrases
Store recovery information securely
Rotate credentials according to security policy

TPM-Based Encryption

TPM-based encryption uses the Trusted Platform Module on supported devices.

TPM-based encryption requires compatible hardware. If TPM is not available or not enabled on the zTC device, TPM-based encryption may not be supported for that device.

Provisioning Workflow

Disk Encryption can be configured as part of the provisioning workflow.

When disk encryption is included in the provisioning configuration, the policy can be applied during device registration or after the device has been registered, depending on the deployment workflow.

Device Requirements

Before applying disk encryption, administrators should verify:

The zTC device supports the selected encryption method
TPM is available and enabled if TPM-based encryption is required
The device is online and communicating through zDM
The selected encryption policy matches the intended deployment scenario

Security Considerations

Disk encryption should be planned carefully before deployment.

Administrators should consider:

Recovery key handling
Passphrase storage
TPM availability
Device replacement workflows
Support procedures for locked or inaccessible devices

Notes

Disk encryption behavior may vary depending on zTC hardware and firmware.
TPM-based encryption requires TPM support on the device.
Disk encryption can be associated with provisioning workflows.
Some encryption changes may require device reboot or reprovisioning.
Administrators should test disk encryption on a small set of devices before broad deployment.

zWAN as a Solution

zTC as a Solution

Secure Endpoint Solutions

Zero Trust Network

Network Infrastructure

Network Storage

Disk Encryption

SnapOS

SnapOS

Getting Started

Session Connections

Peripheral & Application Management

Security & Certificates

System Administration & Updates

Diagnostics & Recovery

Support & Resources

zMAN

Overview & Architecture

Installation & Setup

Onboarding

Analytics & Monitoring

Device Management & Dashboard

Firmware & Repository Management

Profiles & Settings Management

Support & Resources

zDM Integration & Provisioning

User Management

Configuration

Firmware Update

Reset VNC

Task Management

Repository Management

Server Configuration

Provisioning

Group Management

Solutions

Voice-Over-IP/Video Conferencing

Validation and Test Cases

Proof of Concept Test Cases

zTC

Diagnostics & Recovery

Getting Started

Peripheral & Application Management

Security & Certificates

Session Connections

Support & Resources

System Administration & Updates

zWAN

Deployment

Getting Started

Introduction

Configuration

Installation Guides

POC Evaluation

Director

Device Management

Edge Controllers

Analytics

System

Backup and Restore

Network

Analytics

Reporting

Alerting

User Management

Edge Controllers

z25

Troubleshooting

z40

Device Management

z50

Troubleshooting

Frequently Asked Questions

zAccess

Endpoint Sessions

Event Logs

Gateway Devices

Network Configuration

Policy Configuration

StorTrends