For example, a contractor could be allowed to write and read discs during their tenure at a company, but when he or she is no longer with the company, the discs can be made unreadable by the contractor.Ê The disc can still be read by authorized users within the company.
Roxio Burn communicates with an authorization server.Ê When a user tries to read or write a disc, Roxio Burn sends an authorization request to the server.Ê The server returns a command to Roxio Burn that authorizes the user to continue (or not).
Is it complicated for users?Ê
It is not complicated to use.Ê If the user is in the corporate domain, there are no special dialogs or workflow.Ê To burn data, just drag it to the Roxio Burn icon.Ê To access data, use the Roxio Burn Reader in My Computer.
If the user is not in the domain, they can still access the data.Ê Roxio Burn will present a dialog where users can enter their user name and password.
Authorized users can then proceed to read and write discs with Roxio Burn as usual.Ê Unauthorized users will be presented with a dialog that informs them that they are not authorized.
This user name and password credentials can be set by the system administrator on the web console per Optical Disc User Group.
What if the user is offline.Ê For example, what if the user is traveling on a plane and wants to read a disc?
A local keystore is periodically sent to the userÕs PC by the server.Ê This keystore allows the user to read discs for a limited period of time as set by the system administrator.Ê After the time period expires, the user will need to go online again before discs burned with Roxio Secure Managed can be read.
How does the system administrator set authorizations?
System administrators log into a web console.Ê On the web console, user authorizations are set for individual users and can also be set for groups.
Setting authorizations in the web console
How many system administrators can be allowed to use the service?
There is no limit to the number of admins.Ê However, one administrator must be designated as the lead, and only this administrator has permission to create new admin accounts.
What kinds of authorizations can be set?
Group authorizations:Ê Users can be authorized to access only discs created by themselves, discs created by any member of a defined group of users, discs created by users in other groups, or any disc created by Roxio Burn.
- Domain authorization:Ê Disc access can be authorized only if the user is logged into the corporate domain, and can also be authorized outside of the corporate domain.
- Offline authorization:Ê If the user is offline, authorization to access discs can be cancelled until they log in again, or they can be allowed to access discs for a limited time, e.g. 1 week.Ê This is useful in case the user is traveling and does not have internet access.
- Incorrect login:Ê If a user logs in incorrectly several times, authorization can be revoked until the system administrator resets it.
How do I read an encrypted disc?Ê
When Roxio Secure Managed is installed, it also installs the Roxio Burn Disc Viewer plugin.Ê To read the files on the disc, click on the Viewer in My Computer.ÊÊ If you are an authorized user, you will be able to read the files on the disc.
Note:Ê Although it is possible to explore the disc using Windows Explorer,
the files will not be readable because they are encrypted.Ê
If an authorized user is on a system that does not have Roxio Secure Managed installed, the disc can be read by using the Roxio Burn Reader which is on the disc.Ê The reader will autoplay, just like in Roxio Secure Burn Plus (as mentioned previously in this FAQ).
Does Roxio Secure Managed also allow the system administrator to monitor disc activity?
Yes, the following information is logged:
- User who accessed the data
- Files added along with time.Ê Files appended along with time.Ê Discs accessed along with user and time
- If a disc is erased, the time of erasure is tracked
Is there a log of what system administrators do?
Yes, every action that system admins make is logged, and this log cannot be edited or modified by the admin.Ê This is called the audit log.Ê Logged activities include:
- Group added (with time and admin)
- Group deleted (with time and admin)
- Disc set deleted (with time and admin)
- Admin added (with time and admin)
- Admin deleted (with time and admin)
- Group password reset (with time and admin)
Does Roxio Secure Managed also support USB flash memory devices?
Yes.Ê Roxio Secure Managed includes LDDFlash from Beachhead Software Solutions.Ê Flash devices can be not only encrypted and authorized, but the data can also be destroyed according to rules set up by the system administrator.Ê For example, a rule can be created by the system administrator such that if the device is not logged in for more than 14 days, all the data on the device self-destructs.Ê This is especially useful in case a device is stolen.
Are flash memory devices administered the same as optical media?
Flash memory devices are administered per device and groups of devices.Ê Optical media is administered per user and groups of users.
Are USB hard drives also supported?
No.Ê However, if you require support for internal and external hard drives, a solution is available from RoxioÕs partner, Beachhead Solutions.Ê Ask your account representative for details.
Is company confidential data sent to a third party server?
The data files that are written to discs or USB flash devices do not get sent to the server.Ê Information about the files, such as filename, user and time get sent to the server and can be logged.
Does the server control my ability to install or uninstall the software?Ê Do I need to be logged in to install, or uninstall?
Yes, the installer requires authorization from the server.Ê This prevents unauthorized installation of the software, and also prevents employees from removing the software without permission.
In order to install Roxio Secure Managed, you will need an Activation Code.Ê You can get this from your Roxio Enterprise account manager.
I tried to uninstall the software, but I received an error code.Ê What should I do?
If your PC is online, then the system administrator needs to set this PC to ÔInactiveÕ on the web console before the software can be uninstalled.
I re-imaged my PC, and now I canÕt install the software, even though the PC is online.Ê What should I do?
The PC is probably still registered on the web console as ÔActiveÕ, and the installer is preventing a dual installation to the same PC.Ê The solution is to set the computer to ÔInactiveÕ on the web console, Save the setting, and then set the computer to ÔStolenÕ and save this setting.Ê This will remove the ghost item from the server, so you can start fresh.
What if I want to host the service within my own organization, and do not want to use an external server to host it?
Ask your Roxio Account Manager about the availability of this option for your organization.
Does it require Microsoft Active Directory?Ê I have already created groups in Active Directory.Ê What if I want to use Active Directory to control policies?
Active Directory is not required, but if it is present, Roxio Secure Managed can use it to confirm that the user is in the domain.
Active Directory groups cannot be imported into Roxio Secure Managed.Ê In Active Directory, a user can be a member of multiple groups, but in the Roxio product, a user is only a member of one group, so it is not practical to use Active Directory to manage groups.Ê
Although Active Directory groups cannot be imported, it is very easy to set up groups in the Roxio Secure Managed.Ê
What is my subscription expires and I no longer have access to the authorization server?Ê Can I still read encrypted discs I created when the subscription is active?
When the subscription is cancelled, customers can optionally obtain a keystore that will authorize reading of discs created earlier.Ê Since this keystore will unlock all discs, it is up to the customer to ensure that only authorized personnel can use it.
Does LDDFlash use the same encryption module as Roxio Burn?Ê Is it FIPS 140-2 certified?
LDDFlash uses a non certified proprietary strong encryption module using AES and SHA (HMAC) algorithms with 256-bit key.