Single Solution Eases PKI Integration

The PKI (public-key infrastructure) market has not skyrocketed as was expected two years ago, but it has found a firm place in the enterprise. When used effectively, PKI technology can provide significant levels of security and overall cost savings. One of the long-standing issues with PKI technology is its lack of interoperability and integration with other enterprise technologies, even among PKI vendors and products with modified standards and proprietary protocols. Interoperability is slowly improving, but the only way around it is an end-to-end PKI solution.

Selecting a single vendor for a PKI solution has its pros and cons. On one hand, components are guaranteed to work together, and on the other hand, selecting a single vendor may be more expensive and the components may not integrate with and support new technologies.

Despite the drawback, it is worth checking out the only single-vendor solution currently available. Entrust Technology Inc.’s PKI 6.0 product suite can serve as the basis of a strong enterprise PKI, but understanding how all of its components work together to achieve a complete PKI solution can be a daunting task. (For a review of Entrust PKI 6.0 see

The central component of Entrust’s PKI solution is its Entrust PKI, but after this product is deployed, any of the other components can be added to the mix, in no particular order.

Entrust PKI: The heart of the Entrust solution consists of: Entrust Authority, the certificate authority; Entrust RA, the administrator console; Entrust AutoRA, the self-service registration; and Entrust Roaming.

Entrust PKI enforces policy, manages certificates and keys, and provides roaming capabilities so users can move from machine to machine and have their certificates, keys, and policies follow them wherever they go. Overall, it is the foundation of any Entrust enterprise infrastructure.

Building on this foundation, Entrust provides a suite of products that will provide an end-to-end PKI enterprise solution, encompassing file/folder protection, secure e-mail, corporate intranet connectivity, Web applications (including mobile access), and VPN authentication.

Entrust ICE: For file/folder protection, Entrust provides Entrust ICE, a program that runs in the background to automatically and transparently encrypt and decrypt files and folders. Entrust ICE utilizes Entrust PKI’s key management and back-up facilities so encrypted data can be recovered in case encryption keys are lost.

Entrust Entelligence: The Entrust client application that controls all Entrust-ready applications, Entrust Entelligence is the core component for secure e-mail. It works with Entrust PKI to manage certificates, encryption, digital signatures, and other user security issues.

getAccess: One of Entrust’s strengths is providing Web application portal security, whether dealing with intranet or Internet applications. Entrust getAccess provides granular authentication and authorization services and allows an organization to provide targeted and personalized Web experiences for each user.

getAccess Mobile Server: Entrust also provides the getAccess Mobile Server, which provides authentication, granular authorization, single sign-on, and personalization functions to multiple devices, such as wireless clients and gateways. This allows an organization to extend its reach beyond the traditional Web browser, yet still maintain a high level of security.

TruePass: While getAccess provides authentication and authorization functionality for Web portals, another Entrust solution, TruePass, works behind the scenes to provide privacy and confidentiality. TruePass is a “zero footprint” solution, meaning it does not require that any client software be installed on the user’s system. This allows TruePass to be quickly and easily deployed. Overall, TruePass provides end-to-end trust, keeping data encrypted as it travels from the Web client through the Web server to the back-end database.

Entrust Ready VPN gateway: For VPN implementations, Entrust provides the PKI for digital certificate-based authentication. Currently, Entrust supports the major VPN vendors, including Nortel, Cisco, and CheckPoint. A plug-in to the Entelligence desktop client allows seamless integration. Entrust also provides the VPN Connector, a solution that allows an organization to implement just about any VPN product.

To aid in the implementation of its components, Entrust provides a development kit along with in-house consulting services. In addition, a number of consulting firms partner with Entrust to help install and deploy PKI solutions. Making an application “Entrust Ready” eases integration into the Entrust PKI, allowing an organization to take full advantage of all the security services it provides. Whether your company chooses to go with one Entrust PKI component or the entire suite, its single end-to-end solution avoids costly interoperability issues.

Contributing Editor Mandy Andress ( is president of ArcSec Technologies.