Académique Documents
Professionnel Documents
Culture Documents
In the following pages, we provide an easy-to-follow, step-by-step methodology for navigating your way to a successfully implemented digital certificate management solution from planning, through designing, building and integration, and on to final implementation and training. By following the helpful navigational points and recommendations in this guide, you will stay on the path to a successful implementation.
Table of Contents
I. Introduction
Creating a Trusted Environment for Your e-Business Overview of a Digital Certificate Management Solution Gaining Valuable Assurance from RSA Professional Services
1
1 1 2
II.
Planning
Point 1 Assessing Your Readiness Point 2 Identifying Resources and Defining Objectives Point 3 Developing an Implementation Road Map
3
3 4 5
III.
7
7 9
IV.
11
11 12 12
V.
Conclusion
13
I.
Introduction
Overview of a Digital Certificate Management Solution
At the core of a public key infrastructure is a digital certificate management solution that creates and manages public and private key pairs. By using digital certificates to establish trust relationships among your internal and external users, you are able to provide a new level of security for your entire enterprise. For example, your RSA Keon CA can open the door to new e-business opportunities by providing a broad range of e-security capabilities, including: Authentication identifying with whom youre doing business, Confidentiality providing assurance that your information is kept private, Authorization enabling you to decide what is accessed by whom, Integrity ensuring that your transactions are not altered, Non-repudiation providing proof that transactions have occurred. Digital certificates are provided to end users and can be managed through web browsers, RSA Keon Web PassPort software or a variety of Smart Card and USB token systems including RSA Passage technology. The power and security provided by digital certificates can be quickly realized by your own certificate-enabled applications and by products such as RSA Secure e-Mail and RSA e-Sign. In addition, there are many other industry specific applications such as Adobe Accelio Capture FormFlow, Aventail Anywhere VPN and Lotus Notes that take advantage of digital certificates. For a complete list of RSA Keon CA ready products available from our extensive set of RSA Partners, see http://www.rsasecurity.com/partners/
Of all the providers we talked to, only RSA Security offered everything we were looking for: industry-leading technology, proven implementation expertise and a willingness to really listen and accommodate our needs.
Anna Berglund Senior Product Manager, PKI Bankgirocentralen BGC AB / Devise Business Transactions Sweden
Your initial implementation may be as simple as issuing your own digital certificates for authenticating and encrypting links between your SSL-enabled applications. Or, your business goals may require you to issue and manage digital certificates for each of your employees, customers, vendors and partners in order to provide a broad scope of secure, trusted e-business applications that link and integrate the business activities of your entire organization. A thorough assessment of your requirements and agreement within your enterprise on the goals for certificate usage are the first steps toward a successful implementation. If you havent yet completed these tasks, consider using the expertise of an RSA Professional Services consultant to assess and document your requirements and to facilitate reaching organizational agreement on your goals. However, whether your goals are large or small, you need an effective process for implementing the e-business security capabilities that a certificate management system can provide. This document details a basic methodology for accomplishing this result. The following steps are the key points of the methodology: Review and validate the business deliverables and requirements that define your goals for your use of digital certificates, Assemble team and develop a plan for implementation, Design your digital certificate management solution, including both the technology and the processes that support it, Next build the physical components required and integrate these with your core enterprise systems, Implement certificate-enabled applications so that this new technology effectively supports your business goals, Train your users in effective use of the new technology and processes. For small-scale, simple uses of digital certificates, your implementation project may be relatively quick and easy, accomplished in weeks or a few months. However, as the scale and complexity of your goals for digital certificate usage increase, so too will your implementation project.
Your certificate management solution will tie into many elements of your information technology infrastructure: your network, directory and application systems and may ultimately touch each of your end users whether they are internal (employees, temporaries, contractors) or external (customers, vendors, partners). As the numbers associated with each of these areas grow, the most difficult task of your implementation then shifts to communication and support rather than in designing and physically implementing the core components of your certificate management infrastructure.
II.
Planning
During the planning stage, you and your extended implementation team must analyze these factors and map them to your business requirements, establishing a solid foundation for the remaining steps. A look back at your enterprises prior experience in implementing other applications that affected large numbers of users such as e-mail or virus protection can also provide insight and useful guidance in planning your certificate management implementation.
In many ways, planning is the most extensive and important phase of your implementation. Planning allows you to identify the critical resources required at each stage of the project. It provides you with the tools needed to engage all members of your extended team. And it helps avoid pitfalls that could jeopardize your success. Especially with a technology that touches many parts of your IT infrastructure (such as certificate management), it is critical to have skilled technology experts on your team to help plan and architect the right solution for your business. RSA Professional Services can guide your organization through the essential planning process, providing you with a fundamental profile of your current state of e-security, an assessment of your current and future needs, an accurate risk assessment and a realistic road map to help you achieve your objectives. Whether you take on the task of planning your certificate management implementation with internal resources or work with a consultant, it is important that your team have a clear understanding of the key drivers affecting the overall effort and timeframe required to achieve your goals. These drivers include: The structure of your certificate architecture and the processes you choose to create and administer certificates (in-house or out-sourced), The general architecture you choose for certificate management implementation and support (centralized or decentralized), The number and types of applications that you will certificate-enable (e-mail, VPN, web sites, mission-critical applications, etc.), The number of end users who will be issued personal certificates (thousands, tens of thousands or hundreds of thousands), The types of end users who will be issued personal certificates (employees, partners, customers), The types and methods of integration required between your certificate management infrastructure and other information and security systems.
Project management
Implementation projects of any complexity require strong planning, organization and coordination. In addition, most certificate management implementations are composed of a multitude of individual and cross-organizational tasks that require careful coordination to accomplish your business goals and achieve your roll-out schedule. Therefore, it is critical to assess your project management capabilities before beginning the implementation process and determine if outside assistance is needed to provide guidance and oversight or to augment in-house capabilities. This is an area in which RSA Professional Services can provide strong experience to coordinate your successful implementation of RSA Keon CA software and help you avoid known stumbling blocks.
Technical Expertise
Development of your certificate management system as with other security systems requires a broad range of expertise that must encompass both a big picture and a technically-detailed understanding of your security systems and the surrounding environment. In fact, the quality and success of your implementation depends largely on the expertise of the individuals who build and support it. Therefore, you must assemble a team of resources with the necessary technical knowledge and experience. If drawing from internal staff, you will need to ensure they have the necessary skills or implement a plan for developing those skills. Alternatively, you may choose to draw on the assistance of an outside consultant or a managed service that includes implementation and support. Regardless of your approach, you can count on the expert assistance of RSA Professional Services throughout the implementation process.
In addition to the extended team, you should assemble a stakeholder team to periodically review progress and issues related to the certificate management system implementation. This team generally includes senior representation from key organizations, such as the following: Executive management / sponsorship, Business management, Legal, Information and network systems management, Application systems (affected), End user support, Enterprise communications, Out-sourcing organizations, Vendors (including RSA Security).
10
Systems Piloted
Lab
Pilot Objectives
Acquaint implementation team with capabilities and daily operations required. Test production system infrastructure and familiarize support groups with system. Test production system infrastructure and user support. Test production system infrastructure and user support for remote users.
Lab or Production
Production
Production
11
Providing 24 x 7 Support
Like other mission-critical enterprise systems, this system requires a 24 x 7 support structure. In most cases, information security personnel and end user support personnel must be available or on call to handle any serious problems with components of the RSA Keon CA or desktop environment. In particular, if RSA Keon Web PassPort software is used to authorize each desktop logon, then users will be affected if both primary and fail-over server systems are inoperative.
RSA Keon Core PKI Installation and Administration RSA Keon Core PKI Installation and Configuration RSA Keon Web PassPort Installation and Configuration This critical technical training is provided at RSA Training Centers in North America and Europe and can be customized or provided at your site when required.
12
V.
Conclusion
A public key infrastructure is truly an enterprise environment, one that ultimately touches every employee, customer, partner, mission-critical application and much of your information system infrastructure. As discussed, implementation of an enterprise-wide digital certificate management solution requires policy, process, people and, of course, a suite of technology components. A digital certificate management system is not difficult to implement but success does not come as a shrink-wrapped package. Therefore, it is critical to determine your strategy for implementation in advance whether to tackle the process using in-house resources, out-sourcing everything to a third party or using combined in-house and out-sourced resources. Regardless of the approach you choose, it is fundamental to your success to employ a well-structured process that incorporates planning, followed by designing, building and integrating, and culminating with a phased implementation and training. By carefully considering the issues discussed in this document, as well as others specific to your environment and particular business needs, you can succeed in adding a powerful security enabler digital certificates to your information system infrastructure.
Planning Services
Digital certificate and business goals assessment Certificate Policy (CP) and Certification Practice Statement (CPS) development Project work breakdown and staffing plans Communications and change management plans Operations and end user support plans Quality control plans Pilot and production rollout plans
Implementation Services
RSA Keon CA installation and configuration Pilot and production rollout assistance
Training Services
Operations and end user support training
13
Notes
14
Notes
15
Additional Information
For additional details regarding this integration please visit http://www.rsasecurity.com/support/impguides/index.asp to review the RSA Security Implementation Guides. For additional information on any of our service offerings, please contact your RSA Security sales representative or RSA Professional Services directly. In the Americas:1-877-RSA-4900 In the UK: +44 (0) 1344 781 318. Send e-mail to proservices@rsasecurity.com. 174 Middlesex Turnpike, Bedford, Massachusetts 01730 Main Number: 781.515.5000 International Calls: Refer to our web site for specific countries. e-Mail: Proservices@rsasecurity.com Web Site: http://www.rsasecurity.com/services
BSAFE, Keon, RSA, RSA Security, SecurCare, the RSA logo and SecurID are registered trademarks or trademarks of RSA Security Inc. in the United States and / or other countries. All other trademarks are the property of their respective owners. Keo2003 RSA Security Inc. All rights reserved.
DCMNV GD 0503