SEC 330 Microsoft Certificate Lifecycle Manager CLM ADFS
- Slides: 39
课程编号: SEC 330 Microsoft Certificate Lifecycle Manager (CLM) 预览
身份管理和访问控制平台 访问服务 ADFS 活动目录联盟服务 Federation Services 企业前端服务 自服务接口 企业级 用户管理 企业级 角色管理 审计和报告 身份相关的 作流管理 策略管理 身份的生命周期管理 Quest /Centrify HIS & ESSO ISA Server MOM & ACS Info Card Microsoft Identity Integration Server 目录服务 Active Directory ADAM, Kerberos Az. Man Quest / Centrify 目录服务扩展服务 Windows PKI MS Alacris RMS Server
证书(用户身份)管理 客户需求 法律法规 要求 HIPAA Sarbanes-Oxley Graham-Leach-Bliley Basel II Qualified Certificates and Signatures 21 CFR Part 11 HSPD-12 业务驱动 Opening Corporate Resources Protecting IP Improved Efficiencies Competitive Advantage Security and Risk Management VPN Access Secure Email
证书(用户身份)管理 现有解决方案 为了实现上一页所说的需求,企业需要: 部署多个彼此分散的管理系统 伴随着和身份管理、证书相关系统数量的增多,成本和系统复杂度也随之上升 Management System 1 Digital Certificate Management System 2 Smart Cards USB Tokens Management System 3 Biometrics RFID Access Cards Mobile Devices OTP
Windows Certificate Services great solution for distributing digital certificates Microsoft Certificate Lifecycle Manager is based on technologies acquired from Alacris in September 2005 Alacris was completely integrated into Microsoft and no longer exists as an independent corporation
Certificate Lifecycle Manager Beta 1 Launch Feb. 14, 2006 Launch vehicle: RSA 2006, San Jose Billg Keynote / Demo MS Booth Axalto Booth Press Release
功能性概述 对数字证书和智能卡提供单点集中的管理 对一些通常的管理任务,提供可配置的和基于策略的 作流 Enroll/renew/update Recover/card replacement Revoke Retire/disable smart card Issue temporary/duplicate smart card Personalize smart card 详细的审核和报表 同时支持“集中”和“自服务”的场景 和现有的架构充分集成,保护投资 Windows Active Directory; Windows Certificate Services
架构概述 物理架构 组件架构 Microsoft Certificate Authority E-mail SQL CLM Policy Module AD Microsoft CAs Microsoft Certificate Lifecycle Manager CLM Exit Module CLM AD Integration CLM Web App Internet Information Server Internet Explorer End User CLM Browser Control Smart Card Middleware
服务器端组件 Certificate Lifecycle Manager (CLM). NET web application,提供所有的管理相关功能 为订阅者和管理者提供Web Portal 基于Active Directory的ACL进行权限控制和 作流管理 Windows Server 2003 Certificate Services Add-on 扩展现有的默认策略模块,提供高级证书申请功能 替代现有的默认Exit Module,提供集中的审核功能
其他解决方案相关的组件 Windows Active Directory Windows Certificate Services Hardware Security Module (HSM) Email/SMTP Service
使用CLM在企业中部署Smart Card
解决方案组件 Windows Certificate Services Windows 2003 Server 企业版 Key Recovery Issuance of v 2 certificate templates 和Certificate Authority通讯 CLM Policy Module CLM Exit Module RPC for CA Manager access
解决方案组件 Windows Active Directory CLM使用现有的Active Directory架构 CLM Profile Templates存储在AD中 Must provide Certificate Subscribers and Certificate Managers with appropriate access 为CLM提供身份验证 Uses AD user and group permissions to grant users rights Configurable for Integrated User Authentication CLM基于AD组进行授权 Provides CLM the ability to determine what user can and cannot do within a session All CLM permissions based on ACLs provisioned with standard AD tools
解决方案组件 AD extended rights 通过创建Active Directory安全组,为用户分配访问自服务组 件的权限 提供如下可选的权限 CLM Audit CLM Enrollment Agent CLM Recover CLM Renew CLM Revoke CLM Unblock
了解和试用Certificate Lifecycle Manager http: //www. microsoft. com/windowsserversystem/ clm/default. mspx 阅读Quick Guide 获取测试版软件,目前最新的版本是Beta 1 体验CLM和智能卡集成 和微软智能卡合作伙伴联系获取测试设备 合作伙伴列表 http: //www. microsoft. com/windowsserversystem/clm/p artners. mspx 其他一切相关需求,Talk to me !!! Mail or IM me: ffqian@microsoft. com
微软Beta Program网站 http: //connect. microsoft. com
身份管理和访问控制平台 访问服务 ADFS 活动目录联盟服务 Federation Services 企业前端服务 自服务接口 企业级 用户管理 企业级 角色管理 审计和报告 身份相关的 作流管理 策略管理 身份的生命周期管理 Quest /Centrify HIS & ESSO ISA Server MOM & ACS Info Card Microsoft Identity Integration Server 目录服务 Active Directory ADAM, Kerberos Az. Man Quest / Centrify 目录服务扩展服务 Windows PKI MS Alacris RMS Server
Windows Certificate Services great solution for distributing digital certificates Microsoft Certificate Lifecycle Manager is based on technologies acquired from Alacris in September 2005 Alacris was completely integrated into Microsoft and no longer exists as an independent corporation
Certificate Lifecycle Manager Beta 1 Launch Feb. 14, 2006 Launch vehicle: RSA 2006, San Jose Billg Keynote / Demo MS Booth Axalto Booth Press Release
- Microsoft certificate lifecycle manager
- Duo2fa
- Artytrus
- Vodacom zimbra email login
- Clm software
- Clm
- Ultria revenue
- Slido.clm
- Www menti.com
- Council of logistics management 1998
- Legal operations maturity model
- Clm
- Maturity continuum
- Cap clm
- Microsoft student lifecycle
- Microsoft security development lifecycle
- Ehealth certificate manager
- Avatax certs
- Portfolio manager synergy manager parental developer
- Senior manager vs general manager
- Microsoft virtual academy certificate
- Microsoft test manager tutorial
- Forefront identity manager tutorial
- Microsoft partner program manager
- Identity management roadmap
- Mim reporting
- Kerberos delegation sql server
- Microsoft engagement manager
- Microsoft partner program manager
- Identity integration server
- Microsoft elp
- Principal program manager microsoft
- Microsoft identity manager end of life
- 550+330
- Bts 330
- Csci 330
- Great schism 1054
- Isa 330
- Actimel quanti ml
- Astm c 330