BestCrypt Volume Encryption can be installed as a Client component of BestCrypt Base Software. BestCrypt Base provides centralized control of encrypted client computers in a local network. The client computers are encrypted with BestCrypt Volume Encryption, which in this configuration acts as a client software receiving commands from BestCrypt Base Server.
BestCrypt Base components are shown on the following picture, where Clients have BestCrypt Volume Encryption running on their systems.
A computer that needs to be encrypted is connected to the local network and it receives configuration from BestCrypt Server. Encryption process is managed on BestCrypt Base Console installed on a separate computer. BestCrypt Base Console creates a Client Installation Package containing BCBASE_CLIENT_INSTALL.EXE setup file uniquely generated for a particular Server.
After installation, the software requires minimal attention from a user. Depending on which mode (Encrypt/Managed Locally/Decrypt) and Security Level (3/2/1/0) are chosen by Administrator, the user on the Client computer may be prompted to enter password.
A local user is unable to modify the encryption process if the Client computer is in Encrypt or Decrypt mode. In case, the encryption is run in Manage By Local User mode, the user is allowed to run BCVE in Administator mode and encrypt/decrypt disk volumes on a computer manually.
BestCrypt Base allows using maximum Two-Factor Authenticated protection for the client computers. In this case BestCrypt Base will ask the user to choose Boot-time password and then enter it when the computer boots.
When the administrator sets Encrypt option for the Client, BestCrypt Base starts encryption process on the client computer. BestCrypt Base on the Client may ask the user to choose Boot-Time Protection Password (or will not require that and work fully automatically) according to the Security Level set for the client in BestCrypt Base Console
When the administrator sets Decrypt option for the Client, BestCrypt Base on the client decrypts the computer automatically and not any actions from the client are required.
If the administrator sets Manage By Local User option, it means that the administrator delegates the right to encrypt or decrypt the client computer to the local user. BestCrypt Base installs BestCrypt Volume Encryption program as its client software, so the local user should become familiar with the software and run its Encrypt and Decrypt commands from the program to secure his/her computer.
There are 4 Security levels:
NOTE: BestCrypt Base Administrator can change Security Level for the Client that is already encrypted. If old Security Level does not require entering Boot-Time Password (like Level 2), but new Level does, BestCrypt Base on the Client will display a dialog window like the one above to receive the password from a local user.
If the administrator changes Security Level from the one where entering Boot-Time Password is required (like Level 3) to the Level where entering the password is not required (like Level 2), BestCrypt Base will ask the user to enter the password, like the following window illustrates.
After entering the password, BestCrypt Base will not ask to enter the password at boot time anymore.
NOTE that when BestCrypt Base Client software encrypts the Client computer, it sends the encryption keys in encrypted form to BestCrypt Base Server. Besides, it also sends recovery information to the Server so that in critical situations the administrator could recover the Client.