Announcing Managed PKI Service v8.7
Follow Managed PKI on Twitter @SymantecMPKI
Symantec Managed PKI (MPKI) 8.7 is now live - with improvements to ease of use and manageability, stronger integrations with Mobile Device Management (MDM) solutions such as Airwatch, Fiberlink, and Symantec SMM; and broader ecosystem support with certificate support for LTE Base Stations, Smart Meters, and Airline e-Enabling.
Summary of New Features:
- Better integration with MDM solutions (Airwatch, Fiberlink, and Symantec SMM)
- Support for new ecosystems:
- Smart Meters – lightweight certificates to establish trust between devices
- LTE Base Stations – delivering operator certificates to support 3GPP standards
- Airline e-Enabling – operations security via authentication and digital signatures (wired and wireless)
- Ability for device manufacturers to order certificates asynchronously in a batch to support future enhancements in the Machine-to-Machine (M2M) interaction space
- PKI Client enhancements improve ease of use and support for 3rd party hardware vendors
- Administrative enhancements improve manageability and migration from competitive solutions
- Updated language support for PKI Manager, PKI Certificate Services, and PKI Client
The Symantec Managed PKI Service is not only a key component in supporting current standards such as 3GPP, but is committed to providing solutions for technology growth areas such as Smart Grids, Airline e-Enabling, and future M2M developments. Support for new ecosystems and enhanced integrations with MDM vendors increase the flexibility of MPKI and its ability to address a wide range of scenarios and BYOD initiatives, while administrative enhancements improve the user experience. Symantec is the leader in establishing a trusted relationship between a device and its user or other devices on the network.
Support for New Ecosystems
MPKI continues to enhance support for well known integrations such as with MDM solutions in additional to developing support for new growth areas such as those detailed below.
- LTE Base Station Security – 3GPP standards require key network elements of a wireless operator LTE network such as a base station (or eNodeB) or the Security Gateway (SEG) be secured using digital certificates. Vendor digital certificates, which are embedded at manufacturing time, and operator digital certificates are both required. MPKI 8.7 enhancements focus on the operator certificates that need to be delivered over a CMP v2 interface.
- Smart Grid Support - PKI Manager now includes optional functionality that allows an enterprise to issue certificates that are compliant with recent Smart Grid technology. Smart Grid-compliant certificates are lightweight certificates the do not include all of the certificate extensions of standard certificates. These certificates can be issued to operational devices (such as smart appliances) and other Smart Grid-compliant devices (such as Push and Server devices). The strong public key authentication of certificates is used to establish trust between these components of the Smart Grid network.
- Airline e-Enabling - Modern airplanes (ex. Boeing 787 Dreamliners) use a significant number of digital certificates in operations to ensure security via authentication and digital signatures. Applications include back office e-enabling, ground support, airplane identity and maintenance, terminal/hangar wired and WiFi connectivity, and external application integration. MPKI 8.7 provides the necessary certificates and management to secure these critical functions while allowing users the required flexibility and mobility.
Support for M2M interactions
There is a growing need in the Internet of Things (IoT) or the more technical term Machine-to-Machine (M2M) interaction space to embed digital certificates into a variety of devices which connect and autonomously communicate with each other. Early examples of such devices include Cable Modems, Digital TVs, and WiMAX devices, but the market is expected to evolve into a broad range of devices in the future beginning with network elements and smart meters and expanding far beyond that. Symantec MPKI Service provides a flexible way to configure certificate profiles that can be used with a batch interface for requesting these certificates. Device Manufacturers are expected to upload requests for certificates providing a batch of device identifiers and will in turn receive a batch of certificates and private keys, which can be injected into devices within the secure confines of the manufacturing process. This positions us to take advantage of new growth areas as they develop.
PKI Client Enhancements
With each successive release MPKI continues to improve ease of use and interoperability with 3rd party hardware vendors. With this release we have added several enhancements to our PKI Client.
- PKI Client supports post-processing for VPN networks on Mac-based devices, enabling you to take advantage of automated functions on the MPKI system to configure certificates for commonly used applications.
- Additional tokens and smartcards such as the SafeNet iKey 2032 and 4000 that work with the SafeNet CSP, or tokens such as the Gemalto SA .NET Dual that work with the Microsoft based CSP are now supported. This allows you to leverage your existing investment in hardware.
- Chrome browser support added to current support for IE and Firefox for Windows environments.
- Windows Vista (32-bit) support added to current support for Windows XP, Windows 7, MacOS X – providing more platforms to support your BYOD needs
- Simplified Chinese added to our supported languages for PKI Client
MPKI Administrator Enhancements
- Ease of migration - For migrating customers we have provided Administrators the capability to import files containing PKCS#12 files not generated from the MPKI into PKI Manager; and set policy to be used during key recovery of these certificates.
- Administrative Enhancements – Administrators may now assign seat counts to sub-accounts and more easily delete users, which will automatically revoke the certificates associated with that user. Additionally, by using search filters multiple certificates may be deleted. For Administrators this means:
- The dataset stays clean and manageable as test certificate profiles and dummy data can be deleted after Administrators finish testing new release features.
- Bulk deletion of certificates using various search filters make Administrators more efficient. For example if your organization is planning for a layoff you now have fewer steps to delete all users and all certificates.
- Being able to allocate seats to sub-accounts from the total number purchased makes it easier to track usage of seats across the sub-accounts. For example if you have sub-accounts based in multiple regions (i.e. APJ and the US) you may want to take advantage of this management feature.
Platform and OS Requirements:
The following are platform and OS requirements for MPKI 8.7.
PKI Certificate Service
*Chrome browser is supported for certificate lifecycle operations using PKI Client only
PKI Enterprise Gateway
Managed PKI v8.7 includes support for the following languages:
- PKI Manager supports English, French, and Japanese
- PKI Certificate Services supports English, French, German, Japanese, Portuguese, Norwegian, Spanish, and simplified Chinese
- PKI Client supports English, French, German, Japanese, Portuguese, Norwegian, Spanish, and simplified Chinese.
As the PKI market evolves, Symantec regularly assesses market trends and re-balances its solution portfolio to best meet its customer needs. Being a market leader in security services, Symantec continues to re-invent and strengthen its service technologies and solutions to deliver more business value to its customers. As the size and scope of its product portfolio increases and changes, Symantec must proactively end-of-life services and support for certain third-party platforms and applications. At the same time, Symantec will continue to add support for new platforms and applications to replace discontinued services and components.
Please note that as the announcement distributed in November stated all versions prior to Managed PKI 7.3 and all versions prior to Managed PKI for Windows 6.2 will end of life July 31, 2013.
Note that the date above is for planning purposes only. Symantec will not accelerate the date without prior notice. However, if the situation is warranted, we reserve the right to delay the date and continue supporting these products for longer than planned.
If you are unsure as to what version you have please contact your Sales representative or Support.
We value your business and are committed to customer care. Please contact us if we can assist or answer any questions. Symantec Support can be reached via email at: firstname.lastname@example.org or by phone at +1-650-426-3535 or 1-800-579-2848.
Disclaimer: Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.