Partner Flyer

Novell® eDirectory™ and cv act PKIntegratedThe public key infrastructure solution, cv act PKIntegrated, from cv cryptovision integrates PKI seamlessly into Novell® eDirectory™. Together, eDirectory and cv act PKIntegrated offer an ideal solution for organizations that need to deploy a powerful, yet affordable, PKI system. The combination offers a pragmatic approach in which PKI functionality is presented to users as part of the identity management feature set.Stronger Security with Novell eDirectory and cv act PKIntegratedClassic enterprise security soon reaches its limits when organizations need to open up their networks and provide users with outside access to critical data. Passwords alone afford insufficient protection and need to be substituted by stronger authentication methods. Encryption and digital signatures, too, are important in this context. This kind of capability can be implemented properly only using a public key infrastructure (PKI), preferably as an integral part of an identity management system.

The ideal answer is to deploy a PKI solution that extends identity manage - ment functionality unobtrusively. All of the PKI services should work directly with the base of data managed by an existing directory service and make use of the functions it supports.

These functions include registration, log file recording, authorization management and backup. The solution should also be admin-istered through existing front ends.

Solutions: Identity and Security

Products: Novell eDirectory

Businesses looking to deploy a public key infrastructure (PKI) can reduce the effort involved by building on a current or future identity management system. With Novell eDirectory and cv cryptovision’s PKI extension, cv act PKIntegrated, you get a first-rate solution.

Large companies typically have a complex and heterogeneous IT landscape.

Identity management solutions from Novell and the integrated PKI components from

cv cryptovision enable the creation of a public key infrastructure with an optimum

price performance ratio.

When implemented as an integral solution within Novell eDirectory, the concept of a public key infrastructure loses some of its aura of complexity. With cv act PKIntegrated, organizations avoid creating an additional infrastructure and can incorporate PKI as a directory service feature.

Lower Total Cost of OwnershipA high level of integration translates into low total cost of ownership. Deploying a PKI solution is less complex if it doesn’t involve

introducing additional components and processes that are similar to others already in place. This can be seen, for example, from the most complex individual process in the majority of public key infrastructures: the registration of a new user. Integrated into Novell eDirectory, cv act PKIntegrated handles registration entirely through eDirectory and the extensive range of capabilities it delivers. In the majority of cases, potential users are already registered in eDirectory when PKI deployment begins. If an entry for a user already exists in the directory service, users can request and generate a certificate simply by clicking a button in a browser-based interface.

In addition, there are numerous other areas in which cv act PKIntegrated uses eDirectory’s rich array of functions for PKI purposes:

Authorizations. The extensive authorization management capabilities in eDirectory can be used to set up more or less any kind of authorization model for PKI.

Key recovery. Lost keys can be recovered through the eDirectory extension, Novell SecretStore.

Data storage. Other PKI solutions need a separate database to store the requisite information, but cv act PKIntegrated uses eDirectory.

Log data recording. Using Novell Sentinel™ Log Manager, cv act PKIntegrated provides rich log data recording features.

Backup. cv act PKIntegrated works directly with eDirectory data, so it automatically also uses the existing backup mechanisms.

Using existing functionality in this way also helps to lower substantially the total cost of ownership of a PKI project.

Novell eDirectory and cv act PKIntegrated

www.novell.com

cv act PKIntegrated Doesn’t Need a Separate Administration InterfaceNovell iManager provides a powerful admin i stration interface for eDirectory. Novell iManager is browser-based, so administrators can simply work through a Web browser to manage the directory service.

Because it integrates seamlessly with eDirectory, cv act PKIntegrated does not need its own administration interface; instead, all of the functions are provided through extended menu items. For administrators, this means that working with cv act PKIntegrated

does not require installing or learning to use completely new software on their PCs.

The deliberately unobtrusive interface pro-vides a wide array of functions. For instance, cv act PKIntegrated supports a variety of certificate formats, smartcards, certificate revocation lists, online certificate revocation list requests via OSCP, registration via SCEP, multiple cryptographic service providers (CSPs), and a range of methods and key lengths. Besides RSA encryption, it also sup-ports highly advanced cryptographic methods based on elliptic curve crypto graphy (ECC).

cv act PKIntegrated uses identity management technology from Novell to integrate the CA engine and to communicate with other directory services, ERP systems and databases.

cv act PKIntegrated provides a PKI that is integrated seamlessly with an identity manage ment system based on Novell eDirectory. It is managed using iManager; applications are connected using standard protocols. The CA engine creates the certificates requested—generally user or machine certificates (802.1x).

cv act PKIntegrated References Numerous customers have deployed eDirectory in combination with cv act PKIntegrated, including the following:

MTA New York City Transit. The largest transportation network in North America uses cv act PKIntegrated for e-mail encryption and signing.

Postbank. The bank with the largest retail customer base in Germany uses cv act PKIntegrated to implement a virtual private network and for code signing.

Debeka. A successful financial services company operates a VPN and other applications secured using cv act PKIntegrated.

GaVI. The central IT services supplier of many German insurance companies uses cv act PKIntegrated to protect their

LAN/WLAN infrastructure with machine certificates and their corporate network with person certificates (smartcard log on).

Conclusion By using existing eDirectory functions and by integrating seamlessly with the iManager user interface, cv act PKIntegrated offers numerous advantages. Besides the low integration effort and easy maintenance, it also offers outstanding scalability: With 5,000, 100,000 or 500,000 users, it operates according to the same principles and works with standardized procedures. It provides a consistent level of security, even when user numbers grow, and it can be adapted without major effort. The linchpin of cv act PKIntegrated’s performance is eDirectory, the market leading and most advanced directory service available.

www.novell.com

For more information on Novell products, contact a Novell partner or visit: www.novell.de

Novell GmbHNördlicher Zubringer 9-1140470 DüsseldorfTel: +49-211-56 31-0Fax: +49-211-56 31-250www.novell.de

Novell GmbHim Regus Business CenterOffice Park 1Tob B02A - 1300 WienTel: 0800-293735www.novell.at

Novell (Schweiz) AGLeutschenbachstrasse 41CH - 8050 ZürichTel: +41-43-456 23 00Fax: +41-43-456 23 03www.novell.ch

cv cryptovision gmbHMunscheidstr. 1445886 GelsenkirchenTel: +49-(0)209-16 72 45 0Fax: +49-(0)209-16 72 46 1www.cryptovision.com

461-001334-001 | 03/10 | © 2010 Novell, Inc. All rights reserved. Novell, the Novell logo and the N logo are registered trademarks, and eDirectory and Sentinel are trademarks of Novell, Inc. in the United States and other countries.

*All third-party trademarks are the property of their respective owners.

Novell Logo1 The registered trademark, ®,

appears to the right and on thesame baseline as the Logo.

Minimum Size RequirementsThe Novell Logo should NOT beprinted smaller than 3 picas(0.5 inches or 12.5 mm) in width.

Clear-space Requirements2 Allow a clean visual separation

of the Logo from all other elements.The height of the "N" is themeasurement for the minimumclear-space requirements aroundthe Logo. This space is flat andunpatterned, free of other designelements and clear from the edgeof the page.

3 picas(0.5 in)

(12.5 mm)

21 3

3

For more information about this joint solution, visit: www.novell.com/partnerguide/product/210498.html

Integration with Novell eDirectory offers a number of benefits that together translate into low effort and low total cost of ownership.