TECHNOLOGY
Introduction
SafeNet Authentication Manager is a set of services for automating smart-cards and electronic tokens management process.
SAM works with the following identifiers:
- Smart-cards – plastic cards with integrated chips;
- USB-keys;
- Hardware one-time password generators;
- Software one-time password generators;
- Virtual tokens.
This allows complete system usage if smart-cards and tokens are being used at your company and the number of employees exceeds 50 persons.
Functionality architecture
SAM architecture is developed using three-tier model (extended type of client-server model) and includes the following:
- Upper tier or client applications tier. This tire includes work of drivers required for working with smart-cards, USB-keys and when necessary smart-card readers; web-browser for interaction with SAM management interface; agent application for notifying user about actions that the device should do (update data, change PIN, etc.).
- Application server tire. SAM server which is the main component of solution works at this tier. Management software consists of a set of web-sites and web-services for users to interact with SAM. At this tier SAM interacts with external business applications via connectors. Connector is an additional program module which writes information formed using pre-arranged template (e.g. templates for writing RSA or GOST certificates to a token) to eToken on demand of the user or SAM operator.
- Database management system tier is represented by Active Directory. At this tier data required for SAM working are stored. Integration with Active Directory can be performed with or without extending AD schema. Objects and attributes of extending AD schema have all required confirmations of interaction security.
Product features
- Using several sites of various profiles provides balance between centralized smart-cards management and users’ possibility to solve some problems appeared when working without breaking their work.
- Integration with Active Directory allows implementing product in company as quick as possible. When the system is integrated with Active Directory the problem of database backup and restore is well solved.
- Open system architecture allows adding new business applications support.
- Secure remote access to Office 365.
- SAM audit system allows monitoring users work with tokens including information about device connection to workstation. Possibility to monitor token information on-board allows informing the user about requirements to update eToken content.
- In any system development possibility to guarantee fault tolerance is very important. Enabling clustering technologies of Windows Server allows developing reliable solution available for 99 per cent of time.
- Another one advantage of the system is possibility of centralized token management in several domains both within one forest and in separate forests.
- Agile SAM role model has built-in roles but allows creating custom ones. Possibility of delegating some operations increases security level in the company.
- Policies for eToken devices allow configuring various parameters and applications for both company organizational units and separate groups and users.
- Full support for Russian language.
- Centralized client software installation on user workstations.
All data mentioned above can be presented as a scheme given below:
Competition
Currently SafeNet Authentication Manager is an exclusive full-featured solution in the area of token management.
Special aspects
Certifyed version of SafeNet Authentication Manager solution (license FSTEC #2769 dated December 2nd, 2012) meets the requirements of Russian Data Protection Legislation and can be used in ISPD up to class 1 included and for developing automated information systems up to protection class 1G.