Archive

Archive for February 24, 2012

Setting up Cauliflower Vest using a Google Apps domain

February 24, 2012 8 comments

Google’s Cauliflower Vest, an open-source FileVault 2 recovery key escrow solution, solves a number of problems for Mac admins in the enterprise space. These problems included:

A. Allowing individual recovery keys to be automatically generated and escrowed for each Mac

B. The ability to have FileVault 2 encryption force-enabled on a Mac

C. Providing secure access to recovery keys and delegating secure access as needed to those recovery keys

Cauliflower Vest addresses those issues, along with providing csfde, a command-line tool for FileVault 2 setups which can be used independently of the rest of Cauliflower Vest infrastructure.

I wanted to see how easy it was to stand up a Cauliflower Vest instance with a Google Apps domain while following the instructions. I figured that I was a good tester for this because:

  • I’d never set up a Google Apps domain
  • I’d never before worked with Google App Engine
  • Python and I have a “we should really get together, but never do” relationship.

In short, hopefully the Cauliflower Vest project folks had posted good directions or this train was going to wreck pretty fast.

Fortunately, the Cauliflower Vest project folks have posted good directions on the project’s wiki and were also extremely responsive over email. With their help, I was able to get up and going. See below the jump for what I did.

Read more…

%d bloggers like this: