Video Screencast Help
Authentication (User) Blog

12 Things to Look for in a Managed PKI Solution, Part 2

Created: 04 Mar 2014 • Updated: 04 Mar 2014
MelanieLopez's picture
0 0 Votes
Login to vote

TCO_iceburg_PKI.png

This is the second part of a four-part series covering twelve fundamentals for choosing a managed PKI solution, and questions to ask in the buying process.

In Part 1, we shared four key differences between managed public key infrastructure (PKI) providers. This week, we will discuss three features of Symantec Managed PKI that provide your organization with the ability to easily administer and deploy your managed PKI while keeping costs low. Whenever an organization deploys a technology like PKI, the total cost of ownership must be considered. The Symantec Managed PKI offers customers tools and features to maximize the use of the PKI and minimize the total cost of ownership.

5. System Management

While most managed PKI offerings provide customers with a baseline set of features, it’s important to review them and their potential impact on your business. Some providers, like Symantec, give the user complete control of the system and allow you to use the certificate authority to meet current and future use cases. The system is designed to let your organization adapt the service to any situation in your enterprise.

Other providers, such as Entrust, take a different approach and only offer you a limited set of functionality determined at the time the certificate authority is created. If your organization needs to make a change to the functionality or features, then you must work through a support organization and potentially pay additional fees. This leads to an increase in overall cost, delays in deployment, and a general frustration with certificate based technology.

6. System Administration

When administering a managed PKI solution, you need a streamlined and user-friendly web interface that provides a simple yet powerful workflow for managing certificates. Symantec’s Managed PKI offers customer a broad set of base certificate templates to address many use cases. Symantec includes certificate templates for users, devices, MDMs, and many other use cases. These templates can be used in their default state or customized through a web interface that provides instructions, recommendations, and error-checking.  

All of this results in easy administration and rapid certificate deployment. These features take the complexity out of PKI deployments and allow the customer to focus on meeting their use cases. Other managed PKI vendors do not have such an easy-to-use interface. Often, these other systems require you to have extensive PKI knowledge to know how to use the system and implement basic certificate types to meet standard use cases. These organizations require expensive PKI personnel with specialized knowledge to operate the system which increases the total cost of ownership.

7. Ease of Deployment

Once an organization is set up to use a managed PKI service, they need to deploy certificates in a timely and efficient manner. Symantec Managed PKI provides you with multiple types of user registration methods that are built into the system. No custom coding or special systems required by the end user. User registration and authentication features are built into the Symantec workflow.

In addition, Symantec offers an easy-to-deploy auto-enrollment server that can seamlessly enroll Windows domain users and computers for certificates. Often this server is deployed by the customer in a short amount of time and without issue. Many other managed PKI vendors do not offer tools to ease deployment. For example, one of our major competitors does not provide built-in workflows for all certificate types, supports limited authentication options, and you cannot install the auto-enrollment server - it requires a professional services engagement which increases cost and delays deployment time.

Questions to Ask

When selecting a managed PKI, here are some questions you might want to ask your managed PKI provider regarding administration and certificate deployment:

  1. What certificate templates are included with the CA?
  2. How do I enable new features on the CA?  Does it require Support or can a customer do it?
  3. Is there built-in certificate creation workflows?
  4. What types of certificate registration options are supported?
  5. How do you support auto enrollment in a Windows environment?

Our next post, Part 3, in this series will cover how Symantec provides usability and ease of use for end users with its managed PKI service.