Ogwiritsa ntchito sangakhale odalirika. Kwa mbali zambiri, ndi aulesi ndipo amasankha chitonthozo mmalo mwa chisungiko. Malinga ndi ziwerengero, 21% amalemba mapasiwedi awo amaakaunti antchito pamapepala, 50% amawonetsa mapasiwedi omwewo a ntchito ndi ntchito zamunthu.
Chilengedwe nachonso ndi chaudani. 74% ya mabungwe amalola kuti zida zaumwini zibweretsedwe kuntchito ndikulumikizidwa ndi netiweki yamakampani. 94% ya ogwiritsa ntchito sangathe kusiyanitsa imelo yeniyeni ndi yachinyengo, 11% adadina pazowonjezera.
Mavuto onsewa amathetsedwa ndi makina opangira makiyi (PKI), omwe amapereka kubisa ndi kutsimikizika kwa makalata, ndikulowetsa mapasiwedi ndi ziphaso za digito. Zomangamangazi zitha kukwezedwa pa Windows Server. Malinga ndi
Koma yankho la Microsoft ndilokwera mtengo kwambiri.
Mtengo Wonse wa Mwini wa Private Certificate Authority kuchokera ku Microsoft
Kuyerekeza mtengo wa umwini wa Microsoft CA ndi GlobalSign AEG.
Nthawi zambiri, zimakhala zosavuta komanso zotsika mtengo kupanga maulamuliro achinsinsi omwewo, koma ndi kasamalidwe kakunja. GlobalSign Auto Enrollment Gateway (AEG) imathetsa ndendende vutoli. Mizere ingapo yamtengo wapatali imachotsedwa pamtengo wonse wa umwini (kugula zida, ndalama zothandizira, maphunziro a anthu ogwira ntchito, ndi zina zotero). Ndalama zitha kupitilira
AEG ndi chiyani
AEG imaphatikizana ndi Active Directory, kulola mabungwe kuti azitha kulembetsa, kupereka ndi kuyang'anira ziphaso za digito za GlobalSign m'malo a Windows. Posintha ma CA amkati ndi ntchito za GlobalSign, mabizinesi amawonjezera chitetezo ndikuchepetsa mtengo wowongolera Microsoft CA yovuta komanso yokwera mtengo yamkati.
GlobalSign SaaS Certificate Services ndi njira yotetezeka kwambiri kuposa satifiketi yofooka komanso yosayendetsedwa pamapangidwe anu. Kuchotsa kufunikira koyang'anira CA yogwiritsa ntchito kwambiri chuma kumachepetsa mtengo wonse wa umwini wa PKI komanso chiwopsezo cha kulephera kwadongosolo.
Kuthandizira kwa ma protocol a SCEP ndi ACME kumawonjezera chithandizo kupitilira Windows, kuphatikiza kupereka satifiketi yodziyimira payokha ya ma seva a Linux, mafoni, ma network ndi zida zina, komanso makompyuta a Apple OSX olembetsedwa mu Active Directory.
Chitetezo Chowonjezera
Kuphatikiza pakusunga bajeti, kasamalidwe ka PKI akunja amathandizira chitetezo chadongosolo. Monga tawonera mu kafukufuku wa Gulu la Aberdeen, ziphaso zikuchulukirachulukira ndi omwe akuwukira, omwe amapezerapo mwayi pazovuta zodziwika bwino monga ziphaso zofooka zodzisainira, kubisa kofooka komanso njira zovuta zochotsera. Kuphatikiza apo, achiwembu akwanitsa kuchita bwino kwambiri, monga kupereka ziphaso mwachinyengo kuchokera ku ma CA odalirika komanso ziphaso zabodza zosayina ma code.
"Mabizinesi ambiri sakhala okhazikika mokwanira pakuwongolera zoopsa zomwe zimakhudzidwa ndi ziwonetserozi ndipo sali okonzeka kuyankha mwachangu pazamalonda,"
Kodi AEG imagwira ntchito bwanji?
Dongosolo lodziwika bwino la AEG limaphatikizapo zigawo zinayi zofunika kuti zitsimikizire kuti ziphaso zolondola zimaperekedwa kumalo olondola olowera:
- Pulogalamu ya AEG pa seva ya Windows.
- Ma seva a Active Directory kapena olamulira madomeni omwe amalola oyang'anira kuyang'anira ndi kusunga zambiri zokhudzana ndi zothandizira.
- Mapeto: ogwiritsa ntchito, zida, ma seva ndi malo ogwirira ntchito - pafupifupi chilichonse chomwe ndi "ogula" satifiketi ya digito.
- GlobalSign Certificate Authority kapena GCC, yomwe imakhala pamwamba pa nsanja yodalirika yoperekera satifiketi ndi kasamalidwe. Apa ndipamene ma satifiketi amapangidwa.
Zitatu mwa zigawo zinayi zomwe zikuwonetsedwa zili pamalo ogula, ndipo chachinayi chili mumtambo.
Choyamba, mapeto amakonzedweratu pogwiritsa ntchito ndondomeko zamagulu: mwachitsanzo, chitsimikiziro cha satifiketi cha kutsimikizika kwa wogwiritsa ntchito, pempho la S / MIME la chiphaso, ndi zina zotero, kuti mugwirizane ndi seva ya AEG. Kulumikizana ndi kotetezeka kudzera pa HTTPS.
Seva ya AEG imafunsa Active Directory kudzera pa LDAP kuti ipeze mndandanda wa ma tempulo a satifiketi a matherowa, ndikutumiza mndandandawo kwa makasitomala limodzi ndi komwe ali ndi satifiketi. Pambuyo polandira malamulowa, mapeto akugwirizanitsa ndi seva ya AEG kachiwiri, nthawi ino kuti apemphe zikalata zenizeni. AEG imapanganso kuyimba kwa API yokhala ndi magawo omwe atchulidwa ndikuitumiza ku GlobalSign Certificate Authority kapena GCC kuti ikakonzedwe.
Pomaliza, GCC backend imayang'ana zopemphazo, nthawi zambiri mkati mwa masekondi angapo, ndikutumiza yankho ku API limodzi ndi satifiketi yomwe idzayikidwe pamapeto pa pempho.
Ntchito yonseyi imatenga masekondi angapo ndipo imatha kukhala yokhayokha pokonza ma endpoints kuti mupeze masatifiketi pogwiritsa ntchito mfundo zamagulu.
Zapadera za AEG
- Mutha kulembetsa kudzera pa nsanja ya MDM.
- Yopangidwa ndi antchito akale ochokera ku gulu la Microsoft Crypto.
- Clientless yankho.
- Kukhazikitsa kosavuta komanso kasamalidwe ka moyo wonse.
Zitsanzo za zomangamanga
Chifukwa chake, kuyang'anira kwakunja kwa PKI kudzera pachipata cha GlobalSign AEG kumatanthauza kuwonjezereka kwa chitetezo, kupulumutsa mtengo komanso kuchepetsa chiopsezo. Ubwino wina ndi scalability zosavuta ndi kuchuluka ntchito. Kuwongolera koyenera kwa PKI kumatsimikizira nthawi yayitali, kumathetsa kusokonezeka kwa ntchito zofunika kwambiri chifukwa cha ziphaso zosavomerezeka, komanso kumapatsa antchito akutali, mwayi wotetezedwa kumanetiweki amakampani.
GlobalSign ndi mtsogoleri wapadziko lonse lapansi popereka zidziwitso za mtambo ndi netiweki za PKI ndi mayankho a kasamalidwe ka mwayi. Kuti mudziwe zambiri za malonda, chonde lemberani
Source: www.habr.com