SEC 330 Microsoft Certificate Lifecycle Manager CLM ADFS
- Slides: 39
课程编号: SEC 330 Microsoft Certificate Lifecycle Manager (CLM) 预览
身份管理和访问控制平台 访问服务 ADFS 活动目录联盟服务 Federation Services 企业前端服务 自服务接口 企业级 用户管理 企业级 角色管理 审计和报告 身份相关的 作流管理 策略管理 身份的生命周期管理 Quest /Centrify HIS & ESSO ISA Server MOM & ACS Info Card Microsoft Identity Integration Server 目录服务 Active Directory ADAM, Kerberos Az. Man Quest / Centrify 目录服务扩展服务 Windows PKI MS Alacris RMS Server
证书(用户身份)管理 客户需求 法律法规 要求 HIPAA Sarbanes-Oxley Graham-Leach-Bliley Basel II Qualified Certificates and Signatures 21 CFR Part 11 HSPD-12 业务驱动 Opening Corporate Resources Protecting IP Improved Efficiencies Competitive Advantage Security and Risk Management VPN Access Secure Email
证书(用户身份)管理 现有解决方案 为了实现上一页所说的需求,企业需要: 部署多个彼此分散的管理系统 伴随着和身份管理、证书相关系统数量的增多,成本和系统复杂度也随之上升 Management System 1 Digital Certificate Management System 2 Smart Cards USB Tokens Management System 3 Biometrics RFID Access Cards Mobile Devices OTP
Windows Certificate Services great solution for distributing digital certificates Microsoft Certificate Lifecycle Manager is based on technologies acquired from Alacris in September 2005 Alacris was completely integrated into Microsoft and no longer exists as an independent corporation
Certificate Lifecycle Manager Beta 1 Launch Feb. 14, 2006 Launch vehicle: RSA 2006, San Jose Billg Keynote / Demo MS Booth Axalto Booth Press Release
功能性概述 对数字证书和智能卡提供单点集中的管理 对一些通常的管理任务,提供可配置的和基于策略的 作流 Enroll/renew/update Recover/card replacement Revoke Retire/disable smart card Issue temporary/duplicate smart card Personalize smart card 详细的审核和报表 同时支持“集中”和“自服务”的场景 和现有的架构充分集成,保护投资 Windows Active Directory; Windows Certificate Services
架构概述 物理架构 组件架构 Microsoft Certificate Authority E-mail SQL CLM Policy Module AD Microsoft CAs Microsoft Certificate Lifecycle Manager CLM Exit Module CLM AD Integration CLM Web App Internet Information Server Internet Explorer End User CLM Browser Control Smart Card Middleware
服务器端组件 Certificate Lifecycle Manager (CLM). NET web application,提供所有的管理相关功能 为订阅者和管理者提供Web Portal 基于Active Directory的ACL进行权限控制和 作流管理 Windows Server 2003 Certificate Services Add-on 扩展现有的默认策略模块,提供高级证书申请功能 替代现有的默认Exit Module,提供集中的审核功能
其他解决方案相关的组件 Windows Active Directory Windows Certificate Services Hardware Security Module (HSM) Email/SMTP Service
使用CLM在企业中部署Smart Card
解决方案组件 Windows Certificate Services Windows 2003 Server 企业版 Key Recovery Issuance of v 2 certificate templates 和Certificate Authority通讯 CLM Policy Module CLM Exit Module RPC for CA Manager access
解决方案组件 Windows Active Directory CLM使用现有的Active Directory架构 CLM Profile Templates存储在AD中 Must provide Certificate Subscribers and Certificate Managers with appropriate access 为CLM提供身份验证 Uses AD user and group permissions to grant users rights Configurable for Integrated User Authentication CLM基于AD组进行授权 Provides CLM the ability to determine what user can and cannot do within a session All CLM permissions based on ACLs provisioned with standard AD tools
解决方案组件 AD extended rights 通过创建Active Directory安全组,为用户分配访问自服务组 件的权限 提供如下可选的权限 CLM Audit CLM Enrollment Agent CLM Recover CLM Renew CLM Revoke CLM Unblock
了解和试用Certificate Lifecycle Manager http: //www. microsoft. com/windowsserversystem/ clm/default. mspx 阅读Quick Guide 获取测试版软件,目前最新的版本是Beta 1 体验CLM和智能卡集成 和微软智能卡合作伙伴联系获取测试设备 合作伙伴列表 http: //www. microsoft. com/windowsserversystem/clm/p artners. mspx 其他一切相关需求,Talk to me !!! Mail or IM me: ffqian@microsoft. com
微软Beta Program网站 http: //connect. microsoft. com
身份管理和访问控制平台 访问服务 ADFS 活动目录联盟服务 Federation Services 企业前端服务 自服务接口 企业级 用户管理 企业级 角色管理 审计和报告 身份相关的 作流管理 策略管理 身份的生命周期管理 Quest /Centrify HIS & ESSO ISA Server MOM & ACS Info Card Microsoft Identity Integration Server 目录服务 Active Directory ADAM, Kerberos Az. Man Quest / Centrify 目录服务扩展服务 Windows PKI MS Alacris RMS Server
Windows Certificate Services great solution for distributing digital certificates Microsoft Certificate Lifecycle Manager is based on technologies acquired from Alacris in September 2005 Alacris was completely integrated into Microsoft and no longer exists as an independent corporation
Certificate Lifecycle Manager Beta 1 Launch Feb. 14, 2006 Launch vehicle: RSA 2006, San Jose Billg Keynote / Demo MS Booth Axalto Booth Press Release
Microsoft certificate lifecycle manager
Duo2fa
Artytrus
Vodacom zimbra email login
Clm software
Clm
Ultria revenue
Slido.clm
Www menti.com
Council of logistics management 1998
Legal operations maturity model
Clm
Maturity continuum
Cap clm
Microsoft student lifecycle
Microsoft security development lifecycle
Ehealth certificate manager
Avatax certs
Portfolio manager synergy manager parental developer
Senior manager vs general manager
Microsoft virtual academy certificate
Microsoft test manager tutorial
Forefront identity manager tutorial
Microsoft partner program manager
Identity management roadmap
Mim reporting
Kerberos delegation sql server
Microsoft engagement manager
Microsoft partner program manager
Identity integration server
Microsoft elp
Principal program manager microsoft
Microsoft identity manager end of life
550+330
Bts 330
Csci 330
Great schism 1054
Isa 330
Actimel quanti ml
Astm c 330
