[1] The flexibility of the Digi-CA™ [2] Certificate Authority [CA] system design means that each installation is unique and customised to the precise needs of the customer. Once the Digi-CAST™ [3] Team have agreed and documented your requirements, your Managed CA [4], Digi-CA™ Service or CA Software [5], Digi-CA™ Server, is configured and activated. In certain projects, your specific needs may require a combination of CA Software and a Managed CA, to achieve the best results. Uniquely and unlike any other Traditional CA [6] system on the market, Digi-CA™ can offer the Shared CA [7] option.
The following are samples of different CA projects that use the different Digi-CA™ options and also combine other valuable services like the Digi-CAST™ Methodology [3] and consulting advice; the Total Trust Management™ [8] [TTM™] CA Management service; and the Digi-TaSC [9] on line system for CA Management and compliance.
The most substantial difference between Digi-CA™ and other Traditional CA [6]s is the flexibility and capabilities that are central to the design of the Public Key Infrastructure [PKI] system. This means that virtually any type of PKI design can be implemented using Digi-CA™ and because Digi-CA™ is probably the most modern CA available on the market, your specific design requirements can be delivered easily and cost effectively.
The following sub sections provide details of a typical project implementation and its stages. The Preliminary Analysis & Requirement Measurement stage of the project (stage I) is the first stage and this sets the project parameters and requirements from the very beginning of your project:
s
The most substantial difference between Digi-CA™ [2] and other Traditional CA [6]s is the flexibility and capabilities that are central to the design of the PKI system. This capability of transferring from a different service provider is a powerful capability that is simply not available from alternative vendor.
Digi-CA™ allows for easy migration from one data centre, or system, in an almost seamless manner. The transfer can be accomplished either physically through hardware transportation or by secure software and data migration whereby all software and database data is securely migrated in an encrypted format from one location to another.
The following sub sections provide details of the suggested project implementation stages for the transition plan. The plan is subject to decision on the re-use of existing HSMs, or the export/import of existing CA private keys and other project implementation considerations that will emerge during the Preliminary Analysis & Requirement Measurement stage of the project (stage I):
The most substantial difference between Digi-CA™ [2] and other Traditional CA [6]s is the flexibility and capabilities that are central to the design of the PKI system. This capability of transferring from a different service provider is a powerful capability that is simply not available from alternative vendor.
Digi-CA™ allows for easy migration from one data centre, or system, in an almost seamless manner. The transfer can be accomplished either physically through hardware transportation or by secure software and data migration whereby all software and database data is securely migrated in an encrypted format from one location to another.
The following sub sections provide details of the suggested project implementation stages for the transition plan. The plan is subject to decision on the re-use of existing HSMs, or the export/import of existing CA private keys and other project implementation considerations that will emerge during the Preliminary Analysis & Requirement Measurement stage of the project (stage I):
Digi-CA™ [2] is probably the most modern Certificate Authority [CA] system currently available in the market. It is modern because it leverages the many advances in open source technology including Linux, SQL and PHP.
Unlike Traditional CA [6]s, the Digi-CA™ system can create multiple instances of unique CAs in a single Digi-CAtrade; system. The Digi-CAtrade; model imposes delegation of trust downwards from CAs to their Subordinate Certification Authorities [Sub-CAs].
The same Digi-CAtrade; system also enables any CA or Sub-CA to be signed or cross signed by an external third party CA. And any number of CAs can have any number of cross signed Sub-CAs. As a result of this design principal, the Digi-CAtrade; model for trust levels increases towards the highest authority. This type of arrangement facilitates easy deployment and scalability of any PKI requirement from the smallest to the largest.
The following provides a high level overview of a typical Digi-CAtrade; Server installation at a Trust Centre [10]:
The Digi-CAST2™ [3] Team will install the Digi-CA™ PKI software and to do this the first data centre must be constructed 100%. This must include all power, cabling, fire detection, fire depressant and that the air conditioning is installed and fully tested. The air conditioning system testing is very important, as it can cause water issues if not fully tested.
The Trust Centre must then be cleaned to medical/hospital standards before any hardware is installed. The construction on the second disaster recovery data centre (if required) should start at the same time, or no more than two weeks after the first data centre. It is not required that this Disaster Recovery data centre is completed before the Digi-CAST2™ Team arrive at the Trust Centre, however it must be finished no later than one week after the Digi-CAST2™ Team arrive on site and again must be 100% finished and cleaned in that time.
Nothing will happen with the Digi-CA™ PKI software installation until the Trust Centre completion and cleaning date is confirmed. Once this date is confirmed and the hardwre is ordered, the Partner [12] should be capable fo getting all the servers, switches, network and server software, HSMs, etc delivered within 2-3 weeks of the contract being signed.
After the contract is signed the Trust Centre should be ready so that the installation of the IT infrastructure can be completed within 1 week. By the beginnning of week 4, the entire of the main Trust Centre is active and ready for the installation of the Digi-CA™ software.
Week 5 the Disaster Recovery data centre should be completed and the the Digi-CAST2 Installations Team will then arrive to begin work on the Trust Centre whilst the Digi-Trust™ Partner [12] to complete the second data centre IT infrastructutre totally and ready in one week so that by week 6, the second week for the the Digi-CAST2 Installations Team on site, they can begin the configuration of this Disaster Recovery Digi-CA™.
In week 7, after the contract is signed, the Digi-CAST2 Installations Team will be finished and can seek to have the User Acceptance Testing [UAT] sign off, to officially complete the installation process.
Links:
[1] https://www.digi-sign.com/downloads/download.php?id=digi-ca-pdf
[2] https://www.digi-sign.com/digi-ca
[3] https://www.digi-sign.com/service/digi-cast
[4] https://www.digi-sign.com/digi-ca/service
[5] https://www.digi-sign.com/digi-ca/server
[6] https://www.digi-sign.com/certificate+authority/traditional+ca
[7] https://www.digi-sign.com/digi-ca/shared
[8] https://www.digi-sign.com/digi-ca/total+trust+management
[9] https://www.digi-sign.com/digi-tasc
[10] https://www.digi-sign.com/en/digi-trust/trusted+services+provider
[11] https://www.digi-sign.com/books
[12] https://www.digi-sign.com/en/about/third+party