Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The Cryptocard Blackshield Server v3.1 is designed as an authentication service delivery platform, automating all tasks around user and token management, provisioning, reporting and billing.
The model we evaluated was the Service Provider Addition, a version that allows for provisioning and/or on-boarding virtual servers to deliver a multitenant model, which means that a single instance can support multiple organizations or directories, each appearing to have their own enterprise server. We kicked off the software load on our Windows server, and the process was fairly simple. The installer loads the software and a default PostgreSQL database. We then browsed to the localhost, a web-based interface, and used our Active Directory (AD) administrator credentials to login to the site.
Through the web interface, we could import the license, configuring the connection to the database, and set up account information, self-enrollment policies and portal details.
The documentation walked us through the process without issue. Once we completed the server setup, we installed the Blackshield Windows Logon client on one of our Windows test systems. (The client does require one to provide the path to the enterprise server, so that must be completed first.) Users were added automatically through the lightweight directory access protocol (LDAP)/AD integration. Policy engines are easily configured to perform routine tasks, such as the automatic issuing of tokens, provisioning of users, revocations, and access control based on changes to a user's security group memberships made in LDAP/AD. Tokens can be manually assigned and PINs issued, or there is the ability to bulk assign through LDAP/AD. There is support for all cloud applications and services that support SAML 1.1 or 2.0. Additionally, there is support for virtual private network (VPN) and firewall devices supporting RADIUS, as well as vendor-specific applications, such as Outlook Web Access, Citrix, SharePoint, Salesforce.com, Google Apps and Microsoft Remote Web Workplace. New features in this version include support for SAML, support for MP-1 tokens on Android OS, SMS/one-time passwords via email, and additional token management reports. There was standard/canned and customized reporting available. Alerting was also offered on both the dashboard and through email and text messaging. The management interface on the device is clean and is a good tool for viewing the enterprise at a glance and drilling down to user-level detail and management. The documentation was helpful. We were even provided with welcome guides for various token types that might prove helpful in rolling out the various authentication components to a user base. Both eight-hours-a-day/five-days-a-week and 24/7 support options are available. Typical costs are 15 and 20 percent of server pricing for customers purchasing a license. Support is rolled into the monthly usage fee for clients adopting subscription licensing.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.