Pulogalamu ya ProHoster > Blog > Ulamuliro > Njira ina ku Microsoft Certificate Authority

Njira ina ku Microsoft Certificate Authority

Ogwiritsa ntchito sangakhale odalirika. Kwa mbali zambiri, ndi aulesi ndipo amasankha chitonthozo mmalo mwa chisungiko. Malinga ndi ziwerengero, 21% amalemba mapasiwedi awo amaakaunti antchito pamapepala, 50% amawonetsa mapasiwedi omwewo a ntchito ndi ntchito zamunthu.

Chilengedwe nachonso ndi chaudani. 74% ya mabungwe amalola kuti zida zaumwini zibweretsedwe kuntchito ndikulumikizidwa ndi netiweki yamakampani. 94% ya ogwiritsa ntchito sangathe kusiyanitsa imelo yeniyeni ndi yachinyengo, 11% adadina pazowonjezera.

Mavuto onsewa amathetsedwa ndi makina opangira makiyi (PKI), omwe amapereka kubisa ndi kutsimikizika kwa makalata, ndikulowetsa mapasiwedi ndi ziphaso za digito. Zomangamangazi zitha kukwezedwa pa Windows Server. Malinga ndi kufotokoza kuchokera ku MicrosoftActive Directory Certificate Services (AD CS) ndi seva yomwe imakupatsani mwayi wopanga PKI m'gulu lanu ndikugwiritsa ntchito makiyi achinsinsi a anthu onse, satifiketi ya digito, ndi siginecha ya digito.

Koma yankho la Microsoft ndilokwera mtengo kwambiri.

Mtengo Wonse wa Mwini wa Private Certificate Authority kuchokera ku Microsoft

Njira ina ku Microsoft Certificate Authority
Kuyerekeza mtengo wa umwini wa Microsoft CA ndi GlobalSign AEG. Kuchokera

Nthawi zambiri, zimakhala zosavuta komanso zotsika mtengo kupanga maulamuliro achinsinsi omwewo, koma ndi kasamalidwe kakunja. GlobalSign Auto Enrollment Gateway (AEG) imathetsa ndendende vutoli. Mizere ingapo yamtengo wapatali imachotsedwa pamtengo wonse wa umwini (kugula zida, ndalama zothandizira, maphunziro a anthu ogwira ntchito, ndi zina zotero). Ndalama zitha kupitilira 50% ya mtengo wonse wa umwini.

AEG ndi chiyani

Njira ina ku Microsoft Certificate Authority

Chipata Cholembetsa Magalimoto (AEG) ndi ntchito yamapulogalamu yomwe imakhala ngati chipata pakati pa ntchito za satifiketi ya GlobalSign's SaaS ndi malo abizinesi a Windows.

AEG imaphatikizana ndi Active Directory, kulola mabungwe kuti azitha kulembetsa, kupereka ndi kuyang'anira ziphaso za digito za GlobalSign m'malo a Windows. Posintha ma CA amkati ndi ntchito za GlobalSign, mabizinesi amawonjezera chitetezo ndikuchepetsa mtengo wowongolera Microsoft CA yovuta komanso yokwera mtengo yamkati.

GlobalSign SaaS Certificate Services ndi njira yotetezeka kwambiri kuposa satifiketi yofooka komanso yosayendetsedwa pamapangidwe anu. Kuchotsa kufunikira koyang'anira CA yogwiritsa ntchito kwambiri chuma kumachepetsa mtengo wonse wa umwini wa PKI komanso chiwopsezo cha kulephera kwadongosolo.

Kuthandizira kwa ma protocol a SCEP ndi ACME kumawonjezera chithandizo kupitilira Windows, kuphatikiza kupereka satifiketi yodziyimira payokha ya ma seva a Linux, mafoni, ma network ndi zida zina, komanso makompyuta a Apple OSX olembetsedwa mu Active Directory.

Chitetezo Chowonjezera

Kuphatikiza pakusunga bajeti, kasamalidwe ka PKI akunja amathandizira chitetezo chadongosolo. Monga tawonera mu kafukufuku wa Gulu la Aberdeen, ziphaso zikuchulukirachulukira ndi omwe akuwukira, omwe amapezerapo mwayi pazovuta zodziwika bwino monga ziphaso zofooka zodzisainira, kubisa kofooka komanso njira zovuta zochotsera. Kuphatikiza apo, achiwembu akwanitsa kuchita bwino kwambiri, monga kupereka ziphaso mwachinyengo kuchokera ku ma CA odalirika komanso ziphaso zabodza zosayina ma code.

"Mabizinesi ambiri sakhala okhazikika mokwanira pakuwongolera zoopsa zomwe zimakhudzidwa ndi ziwonetserozi ndipo sali okonzeka kuyankha mwachangu pazamalonda," analemba Derek E. Brink ndi wachiwiri kwa purezidenti komanso mnzake wachitetezo cha IT ku Aberdeen Group. "Pothandizira mabizinesi kuti aziyika magwiridwe antchito a kasamalidwe ka satifiketi m'manja mwa akatswiri kwinaku akusunga kayendetsedwe kamakampani pamigwirizano yamagulu mu Active Directory, GlobalSign ikufuna kuthandizira kukula kwamtsogolo pakugwiritsa ntchito satifiketi pothana ndi zovuta zachitetezo komanso kudalirika mwachilungamo, mtengo- njira yabwino yotumizira."

Kodi AEG imagwira ntchito bwanji?

Njira ina ku Microsoft Certificate Authority

Dongosolo lodziwika bwino la AEG limaphatikizapo zigawo zinayi zofunika kuti zitsimikizire kuti ziphaso zolondola zimaperekedwa kumalo olondola olowera:

  1. Pulogalamu ya AEG pa seva ya Windows.
  2. Ma seva a Active Directory kapena olamulira madomeni omwe amalola oyang'anira kuyang'anira ndi kusunga zambiri zokhudzana ndi zothandizira.
  3. Mapeto: ogwiritsa ntchito, zida, ma seva ndi malo ogwirira ntchito - pafupifupi chilichonse chomwe ndi "ogula" satifiketi ya digito.
  4. GlobalSign Certificate Authority kapena GCC, yomwe imakhala pamwamba pa nsanja yodalirika yoperekera satifiketi ndi kasamalidwe. Apa ndipamene ma satifiketi amapangidwa.

Zitatu mwa zigawo zinayi zomwe zikuwonetsedwa zili pamalo ogula, ndipo chachinayi chili mumtambo.

Choyamba, mapeto amakonzedweratu pogwiritsa ntchito ndondomeko zamagulu: mwachitsanzo, chitsimikiziro cha satifiketi cha kutsimikizika kwa wogwiritsa ntchito, pempho la S / MIME la chiphaso, ndi zina zotero, kuti mugwirizane ndi seva ya AEG. Kulumikizana ndi kotetezeka kudzera pa HTTPS.

Seva ya AEG imafunsa Active Directory kudzera pa LDAP kuti ipeze mndandanda wa ma tempulo a satifiketi a matherowa, ndikutumiza mndandandawo kwa makasitomala limodzi ndi komwe ali ndi satifiketi. Pambuyo polandira malamulowa, mapeto akugwirizanitsa ndi seva ya AEG kachiwiri, nthawi ino kuti apemphe zikalata zenizeni. AEG imapanganso kuyimba kwa API yokhala ndi magawo omwe atchulidwa ndikuitumiza ku GlobalSign Certificate Authority kapena GCC kuti ikakonzedwe.

Pomaliza, GCC backend imayang'ana zopemphazo, nthawi zambiri mkati mwa masekondi angapo, ndikutumiza yankho ku API limodzi ndi satifiketi yomwe idzayikidwe pamapeto pa pempho.

Ntchito yonseyi imatenga masekondi angapo ndipo imatha kukhala yokhayokha pokonza ma endpoints kuti mupeze masatifiketi pogwiritsa ntchito mfundo zamagulu.

Zapadera za AEG

  • Mutha kulembetsa kudzera pa nsanja ya MDM.
  • Yopangidwa ndi antchito akale ochokera ku gulu la Microsoft Crypto.
  • Clientless yankho.
  • Kukhazikitsa kosavuta komanso kasamalidwe ka moyo wonse.

Njira ina ku Microsoft Certificate Authority
Zitsanzo za zomangamanga

Chifukwa chake, kuyang'anira kwakunja kwa PKI kudzera pachipata cha GlobalSign AEG kumatanthauza kuwonjezereka kwa chitetezo, kupulumutsa mtengo komanso kuchepetsa chiopsezo. Ubwino wina ndi scalability zosavuta ndi kuchuluka ntchito. Kuwongolera koyenera kwa PKI kumatsimikizira nthawi yayitali, kumathetsa kusokonezeka kwa ntchito zofunika kwambiri chifukwa cha ziphaso zosavomerezeka, komanso kumapatsa antchito akutali, mwayi wotetezedwa kumanetiweki amakampani.

AEG Imathandizira mitundu yosiyanasiyana yogwiritsira ntchito yomwe imafunikira kutsimikizika kwazinthu ziwiri: kuchokera kwamakasitomala akutali omwe amalumikizana ndi netiweki kudzera pa VPN ndi Wi-Fi, kufikira mwayi wopeza zinthu zovutirapo kwambiri kudzera pamakhadi anzeru.

GlobalSign ndi mtsogoleri wapadziko lonse lapansi popereka zidziwitso za mtambo ndi netiweki za PKI ndi mayankho a kasamalidwe ka mwayi. Kuti mudziwe zambiri za malonda, chonde lemberani oyang'anira athu.

Source: www.habr.com

Kuwonjezera ndemanga