Connecticut State Colleges & Universities
IT Support Center

IT Support Center | Connecticut State Colleges & Universities - Protective Enclave - Adding Printers

Working in the Protective Enclave

Refer to the following sections when working in the Protective Enclave:

Working with Protective Enclave Libraries

When working in the Protective Enclave, you are provided access to the following folders/libraries:

These libraries are to be used for the following purposes:

Enclave-Docs
The documents in this library contain confidential (DCL3-related) information that only *you* have access to.  The files in this library can only be accessed from within the Protective Enclave virtual desktop.  Other people will not be able to access the files in this library.  This is your personal library for protected documents.
Enclave-Shared
The documents in this library contain system-wide shared folders (i.e. Banner Folders - FinAid, Finance, Student, HR; your college's department folders, etc.) that you and others have access to.  These are the folders you used to access from your workstation using a mapped drive letter but now will be accessing only from inside the Protective Enclave:

Before: Accessing Banner Folders using a mapped drive letter from workstation

After: Accessing Banner Folders from inside the Protective Enclave

NOTE: You will only be able to see the folders that you have access to and these folders can only be accessed from within the Protective Enclave virtual desktop.
Enclave-Transfer
This library should be used to store non-confidential (non-DCL3-related) information that only *you* will have access to and can be accessed from both your work PC and your Protective Enclave virtual desktop. It is used to transfer non-DCL3-related data out of the Protective Enclave.  You will need to work with your local IT department on how to access this area from your work PC.  You should not save any confidential (DCL3-related) information in this library. 

When you are working in the Protective Enclave, if you try to save a file containing DCL3 data to this library, you will see a McAfee Data Loss Prevention (DLP) popup in the lower right hand corner of the virtual desktop indicating sensitive content was found, and that the file copy was Encrypted:



When a file is encrypted, the file's icon shows a padlock in the corner as an indication that it is encrypted:



You cannot open encrypted documents from your work PC; only from within the Protective Enclave's virtual desktop. 

NOTE: If your libraries are not listed in a Save As window, right click in the white space under "This PC" to show menu:



There are security controls in place that prevent sensitive data from leaving the Protective Enclave. 

The Enclave-Transfer Library is used by Protective Enclave users to transfer files out of the Protective Enclave.  If you were to try to save a file from inside the Protective Enclave containing DCL3 data to the Enclave-Transfer Library, the file will be detected as containing sensitive data and will be encrypted. When a file is encrypted, it can only be opened from inside the Protective Enclave and cannot be opened from outside the Protective Enclave (i.e. from your workstation).

NOTE: If you copy an encrypted file containing DCL3 data, then remove the DCL3 data and save as another file - it may result in an encrypted file that still cannot be opened outside the Protective Enclave. Sometimes when using certain products (e.g. Word, PDF) if DCL3 is removed from an encrypted document and saved as another document, the new document may not be encrypted. However, other products (i.e. Excel) may result in an encrypted document even if the DCL3 data has been removed.

E-mailing Protective Enclave Documents

One of the most common purposes of using the Enclave-Transfer Library would be for the purpose of sending e-mail.  Often times when running a job in Banner, there is a need to e-mail the output to someone; for example, you produce a STUDENT SCHEDULE/BILL in Banner and you need to e-mail the PDF output to the student. 

Since E-mail is restricted within the Protective Enclave, you will need to e-mail from outside the Protective Enclave:

  • From inside the Protective Enclave, launch Banner and run the appropriate report
  • Save the PDF output file to your Enclave-Transfer Library
  • Switch to your workstation's desktop and access the mapped drive to your Enclave-Transfer file share
  • If the file was not found to have contained DCL3, it will not have the lock icon and can be e-mailed. However, if the file was found to have contained DCL3, it will have the lock icon and the content will not be accessible outside the Protective Enclave.
  • If the file does not have the lock icon, use your E-mail program to attach the file found in the Enclave-Transfer folder.

Moving DCL3 Data into the Protective Enclave

The process of moving DCL3 data into the Protective Enclave is currently being defined and will be outlined here.

Reporting a False Positive

Sometimes a file is flagged as containing sensitive data and ends up being encrypted when it does not contain sensitive data. This is known as a False Positive and will require a bypass in order to allow the file to be allowed out of the Protective Enclave. Contact your institution's Protective Enclave Liaison.