EMBASSY® Remote Administration Server for Self-encrypting Drive Management

Remotely manage self-encrypting drives in the enterprise

Enterprises choose ERAS to manage SEDs

Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.

SEDs are the most secure, best performing and most transparent encryption option for protecting data on laptops. ERAS is the only management solution that delivers drive initialization, user management, drive locking, user recovery and crypto erase for all Opal-based, proprietary and solid-state SEDs.

Easy proof of compliance

Your encryption is only as good as you can prove it to be. To comply with most data protection regulations, your organization has to prove encryption was in place at the time of a potential breach. ERAS provides secure audit logs to help you demonstrate compliance.

What’s more, once you turn on your SEDs, they automatically encrypt all data written to the drive – no more deciding what’s important enough to encrypt. If you lose a device with an ERAS-managed SED, there’s no wondering or guessing. You know encryption was on by default, and you can prove it.

No vendor lock-in

SED technology was created and standardized by a consortium of the best in the infosec industry, a standards body called the Trusted Computing Group (TCG). This means you can buy your drives wherever you want, from whatever vendor you want—any SED built to the TCG’s Opal specification can be managed by ERAS.

Our solution uses tools you already know

With ERAS, SED management is streamlined, which always saves money. And if your organization knows Microsoft, it already knows ERAS. It’s built on the familiar Microsoft Management Console framework. You’ll transition from BitLocker to SEDs with ease, and without much training.


Key Features: 

Easy security compliance

  • Active monitoring, logging and reporting of all user and device events

Data protection

  • Local changes are prohibited
  • Drive locking is supported in sleep or standby (S3) modes
  • Manage clients inside or outside the firewall and on non-domain machines


  • Everything is automatically encrypted—users don’t have to identify which data is sensitive
  • Windows password synchronization and single sign-on
  • Add or remove users remotely
  • MMC snap-in is familiar and easy—less administrator training
  • Role management allows delegation of tasks with customized or predefined roles.

No compromises

  • Encryption is completely transparent to your users—they won’t even notice it's there
  • Customizable pre-boot message at authentication screen

Copyright © 1997-2014 Wave Systems Corp. All rights are reserved.
Terms of Use I Privacy Policy I Contact Us