SEPPmail Secure E-Mail Gateways generally have client capability.
This allows corporate data centres and managed service providers (MSPs) to offer "secure email" services to independent business units and/or different smaller or larger clients. The operation of the appliance in this case is the responsibility of the service provider.
By means of a configuration interface, which is also separated by clients, the respective client can take on specific tasks themselves via optional client administrators to be set up; these tasks can include:
•Implementing GINA settings and layouts
•Checking log files
•Administration of SEPPmail Secure E-Mail Gateway users (for signing/encryption)
•Administration of GINA users
•Administration of LFT users (optional)
The manner in which emails are processed is generally administered globally, however, and is therefore identical for all clients in general. This means that the MSP provides specifications to their customers as to how emails are to be processed!
These global specifications are defined in the central regulations (ruleset) and contain, for example:
•Features for controlling the appliance
oTags (for example, [confidential], [sign], etc.)
oEmail headers (sensitivity parameter resulting from the Outlook Confidentiality flag, for example)
oX-headers (for instance from the free SEPPmail Microsoft Outlook Add-In)
•Markings for the feedback regarding implemented actions
oTags (for example, [secure], [signed OK], etc.)
oHeaders (setting the sensitivity parameter (confidentiality flag))
•Automatic creation of SEPPmail Secure E-Mail Gateway users
•MPKI, meaning from which CA S/MIME certificates are obtained automatically
If the individualisation of the email handling procedures (ruleset settings, different MPKI) cannot be avoided for the clients, this can be resolved in two ways:
•Installation of several instances with different rulesets and sorting the clients according to the respective suitable configuration
•Adapting the standard ruleset in such a way that the different rule requirements per client are mapped in it (see also Rule Engine). This may lead to a very complex ruleset.
