|
|
 |
Signal Identity Manager Seamlessly Integrates with the for Microsoft Windows Server 2003, Enterprise Edition, and Active Directory
The SPYRUS Signal Identity Manager is a robust certificate and security device management product that enhances the functionality of the Microsoft PKI—Windows Server 2003 Certificate Services. Signal Identity Manager is seamlessly integrated with Microsoft Windows Server 2003 Certificate Services and Active Directory, making full use of their functionality, security features, and certificate management interfaces. Signal Identity Manager adds certificate registration capabilities to the Microsoft Windows Server 2003 CA and provides a broad set of functions for security device issuance and management.
Although many enterprises recognize that security devices provide added security and functionality, some fail to properly account for the total lifecycle management of their devices. Lifecycle management is often the single-most critical factor in the successful deployment of security devices. SPYRUS developed Signal Identity Manager specifically to handle these management issues. Signal Identity Manager includes back-up and key recovery mechanisms to enable restoration of lost or misplaced devices. Signal Identity Manager also provides device Admin PIN management so that user devices blocked because of too many incorrect logon attempts can be unblocked, either locally or remotely.
Signal Identity Manager adapts to specific customer registration and device management requirements through enterprise-wide configurable Business Rules templates, which allow organizations to enforce security policies that align with their business policies and practices.
Key Features and Functionality
Signal Identity Manager Architecture and Components
- Signal Admin Console - Enables Signal Administrators to define Business Rules that set operational policy, and perform Signal Audit Log and Signal device database management functions
- Signal RA Console - Enables RA Operators to perform registration, policy, and device management functions within defined Business Rules
- Signal Client Console - Enables end users to manage their dvices remotely
- SPYRUS LYNKS Hardware Security Module (HSM) - Enables centralized key generation and key archival when mandated by the Business Rules in effect at the Signal RA Console
- Signal Token Database - An SQL Server database that maintains token Admin PIN records
- Signal Audit Log - An SQL Server database that provides an integrated enterprise-wide audit mechanism
Microsoft Enterprise Support
- A simple interactive GUI design consistent with Microsoft Windows Server 2003 CA
- Uses Active Directory and Windows Server 2003 security features - certificate templates, enterprise users, security groups and access permissions
- Operates across domain boundaries, that is, in forests with multiple trees that contain root and peer domains
- Enforces enterprise-wide user role, access control and authorization management
- Designed for flexibility to achieve a rapid, cost effective deployment, tailored to suit individual organizations
Certificate & Request Management
- Remote certificate management - unlike the Microsoft Windows Server 2003 CA which is confined to the server room, Signal Identity Manager operates in the office environment
- Certificate browsing and certificate requests
- Approval, submission, and rejection of pending certificate requests
- Revocation and suspension of issued certificates
- Signal Administrator configured enterprise-wide registration, enrollment and approval process
- Signal Operator configurable views and report generation
Smart Token Management
- For Microsoft Crypto Service Provider (CSP) compliant security devices, including SPYRUS Rosetta Smart Card and USB
- Dynamic tracking of availablesecurity devices
- Browsing keys and certificates on devices
- Full security device and certificate lifecycle management that includes:
- Personalization of end user devices
- Request processing and programming of keys and certificates on devices
- Selectable on-token or centralized key generation
- Post-issuance certificate and key management on devices
- Key and certificate back-up and recovery using Microsoft Windows Server 2003 CA as archiving agent
- Token Admin PIN backup, recovery, and unblock
- Remote PIN reset
- Initialization of SPYRUS Rosetta Smart Cards and USBs
Policy Management
- Fully integrated with the security policy management of Microsoft Windows 2000 and Windows Server 2003:
- The Microsoft Windows Server 2003 CA authorizes, formats, issues and publishes certificates according to a set of predefined rules
- Certificate Templates specify the attributes a generated certificate will contain and a number of request handling requirements
- Microsoft network security facilitates user role management
- Active Directory provides the foundation for distributed secure networks
- Enterprise wide organizational policy managed through customizable Business Rules Templates providing:
- Flexibility to enforce a variety of security policies for any number of Microsoft Windows Server 2003 CAs
- Controlled access to Microsoft Windows Server 2003 CAs and the "User Community" serviced by each Signal Operator
- Controlled permissions for allowable Signal Operator certificate and device management operations
- Enforcement of unique evidence collection, certificate, device, and key management policy
- Management of the Signal Audit Log for integrity and high assurance
Complete Integration
Signal Identity Manager is integrated with the Microsoft Windows 2003 Certificate Services and designed to enhance the overall security and functionality available within the enterprise environment. It enforces the security policies of individual organizations from a centralized location using user role differentiation, evidence collection, tailored enrollment processes, and integrated enterprise-wide audit mechanisms with signed audit log entries. The combined policy, certificate, and security device management features make Signal Identity Manager the first truly integrated security management system to support the Microsoft Windows Server 2003 Certificate Services.
|
|
