How do Internal Users Register on CRES After a Mass Install?

Duane Gullett · ‎09-18-2015

Overview of our environment;

Rolling out the CISCO Ironport Email Security Plug-in for Outlook to our internal users
Email will only be encrypted if the email leaves our premises using the subject FLAG model for outbound
The plugin is being distributed using the "Mass Installation" method using "Custom Configuration Files", so no need for the Admin to send the BCE_Config_signed.xml file from CRES Admin. This saves a significant amount of Admin overhead throughout the year.
We are not using SAML2.0 for authentication to the CRES envelope management system, https://res.cisco.com

Because the Admin does not send an encrypted BCE_Config_signed.xml file the internal users never receive a prompt to register on CRES. Because they never receive the registration prompt, thus never registered, the Manage Messages button doesn't allow them to authenticate.

https://res.ciscocom does not have a register option.

How can an internal user register on CRES if they never receive an encrypted envelope containing the BCE_Config_signed.xml file because the plugin was installed with Custom Configuration files?

What is the registration URL?

Mathew Huynh · ‎09-20-2015

Hey Duane,

(I may be corrected by other engineers or users if chimed in)

I believe if you would like the internal users to register to CRES, any CRES signed envelope sent to their address will prompt a registration to access it.

There is no internal registry link to my memory, but if you send any type of CRES encrypted envelope to recipients, they'll be registered in.

Regards,

Matthew

Duane Gullett · ‎09-22-2015

Matthew, Greg,

Thanks for the feedback...

We are not planning on using CRES for internal to internal, only internal to external.

We are using TLS from CRES to Internal so even replies and new emails generated from res.cisco.com do not arrive encrypted, were are also turning off the mailbox feature in RES for our internal users.

As far as I can tell, this leaves the requirement to always push the BCE_config_Signed.xml file from the CRES Admin to the internal user even though we used the CISCO instructions for Mass Installation.

If there was an Admin option to send a "registration invitation" email instead of distributing the bce_config_signed.xml file, though still manual Admin work, would be an improvement. Or better yet, a domain specific URL that internal users could register for our domain. This seems like a big miss since we are using CISCO recommended options for installation and distribution of the plugin..

Greg, I understand your pain with CRES support, especially the xml file. I had two incidents opened, one for Cloud support and one from TAC, same question for both, neither one could tell me how to increase the maximum size limit in the XML for the plugin and I still have a pending question on the Help Links in the xml. It is almost a month now with no answers except the ones I figured out on my own.

Duane

Greg Muszynski · ‎09-22-2015

man I wish we kept our on premise email encryption appliances, I am kicking myself for not having renewed the hardware why we still could ~ we just missed the deadline by a month or two

the problem with pie in the sky solutions such as this one is that they cater to the lowest common denominator, take attachment size for example it was something like 10 MB for about 2 years before they finally uped it to 25 MB, what is 25 MB these days that is small, so are we to wait another 2 years for the next change

the CRES tech support went from bad to non existent me and my other administrator called them a few times when our user community complained and as expected the Tech Support's answer was "please contact your email administrator" my buddy and I would say WE ARE THE EMAIL ADMINISTRATORS

ha ha, nice

sorry not on point with your question but thought I would share