|
Introduction
The GlobalAdmin is a central management system supporting the complete
range of CE-Infosys’ security solutions including Desktop and Notebook
Security, Mobile Device Security and Network Security. With GlobalAdmin,
company can reduce cost, training effort and simplify the administrative
work. Besides using traditional management techniques, GlobalAdmin
provides a complete PKI implementation to manage the security solutions.
GlobalAdmin can cooperate with existing Public Key Infrastructures.
The GlobalAdmin family consists of several products:
|
GlobalAdmin Lite
GlobalAdmin Lite comes as
easy-to-use management software, suitable for 200 or less
users.
|
GlobalAdmin Standalone
GlobalAdmin Station comes as
ready-to-use computer, suitable for small to middle-sized
organisations. There is no limitation on the number of users
managed.
|
GlobalAdmin Server
GlobalAdmin Server is optimized
for data centre usage. Two versions are available - a
standard GlobalAdmin server and a high reliability server.
The servers deploy redundant technologies and are designed
for unattended operation. GlobalAdmin Server uses a secured
communication to one or multiple GlobalAdmin Client stations
where the administrators perform their daily work.
|
GlobalAdmin Client
GlobalAdmin Client is for
organisation with GlobalAdmin Server. This management
station is used to operate the GlobalAdmin Server. The
administrators are authenticated at the GlobalAdmin Client
and the GlobalAdmin Server.
|
Security for
GlobalAdmin Stations
GlobalAdmin Standalone, GlobalAdmin Servers and GlobalAdmin Client use
CompuSec® HSM to protect the station itself and to encrypt the data
stored on hard disks or disk arrays. These stations use 2 smartcards,
one for the protection of the station itself and another one giving the
administrator the right to use the GlobalAdmin software. All backups
created by the GlobalAdmin stations are encrypted and can be stored on
standard servers or storage systems.
Complete
Management Concept
In many situations, a single GlobalAdmin
station will manage all the security products of an organisation. For
global companies with multiple locations and operating in different time
zones, GlobalAdmin stations can be built as a security cluster.
GlobalAdmin can also be used to manage security products for remote
locations. At a remote location, a e-Identity® Loading Station will be
used. The Loading Station allows remote personalization of e-Identity®
smart cards and e-Identity® tokens. Help-Desk users will use e-Help, a
password management feature to assist users when they have forgotten
their password.
GlobalAdmin provides a complete PKI including the Root-CA. The root
certification authority can be used in large organisations to sign the
certificates used in Sub-CAs.
Integration in
Microsoft User Management
GlobalAdmin can be used independently of the Microsoft user and group
management or can be tightly coupled to the Microsoft user management.
In the second case, all changes made to the user accounts are
automatically forwarded to GlobalAdmin. Certificates generated by
GlobalAdmin are passed to the Microsoft Active Directory. Revoked
certificates are also automatically processed.
Public Key
Infrastructure Functions
GlobalAdmin provides a complete and flexible PKI implementation. The
product supports RSA 1024bit, 2048bit and ECC public key algorithms.
Other features included:
- Functioning as Root-CA, as a Sub-CA or as RA
- Generation of key pairs
- Initiating key generation inside the smart card
- Creating of certificates
- Signing of certificates
- Creating certificate request to be signed by external CA
- Importing signed certificates from external CAs
- Sign a certificate request from external CA
- Managing the user certificates
- Renewing certificates
- Revoking certificates
- Importing from LDAP or Active Directory
- Managing of certificate revocation lists
- Linking of distributed GlobalAdmin stations as Sub-CAs
- Link to Root-CA if GlobalAdmin is not Root-CA
|
GlobalAdmin Function List
|
Functions
|
GlobalAdmin
Lite
|
GlobalAdmin
Standalone
|
GlobalAdmin
Server
|
|
| Import from third party LDAP |
No
|
Yes
|
Yes
|
Database selection
Encrypted database backup
Database restore
Multiple Database |
No
Yes
Yes
No
|
Yes
Yes
Yes
Yes
|
Yes
Yes
Yes
Yes
|
| Import filter for user or PC data |
Yes
|
Yes
|
Yes
|
PKI setup
General policies |
Yes
Yes
|
Yes
Yes
|
Yes
Yes
|
User definition
User certificates
User policies
User to product assignment |
Yes
Yes
Yes
Yes
|
Yes
Yes
Yes
Yes
|
Yes
Yes
Yes
Yes
|
| CompuSec® policy definition |
Yes
|
Yes
|
Yes
|
Product policies
Product profiles |
Yes
Yes
|
Yes
Yes
|
Yes
Yes
|
IPCryptor definitions
Network definitions
VPN configurations
VPN address pool definitions
Firewall rule definition
Firewall set of rule definition
Firewall set of rule appliance
Firewall address translation action |
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
|
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
|
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
|
Protocol definitions
Alert definitions
SNMP definitions
Syslog definition |
Yes
Yes
Yes
Yes
|
Yes
Yes
Yes
Yes
|
Yes
Yes
Yes
Yes
|
| User / Group access relations |
Yes
|
Yes
|
Yes
|
| Certificate management |
Yes
|
Yes
|
Yes
|
Report generator
Predefined reports
Pin letter generator |
Yes
Yes
Yes
|
Yes
Yes
Yes
|
Yes
Yes
Yes
|
| Menu configuration |
Yes
|
Yes
|
Yes
|
Service for smart cards
Service for e-Identity®
Remote password management for e-Identity® |
No
Yes
Yes
|
Yes
Yes
Yes
|
Yes
Yes
Yes
|
| Remote service menu for IPCryptors |
Yes
|
Yes
|
Yes
|
| Number of Users |
200
|
Unlimited
|
Unlimited
|
Support e-Identity® Loading Stn.
Support e-Help
Support GlobalAdmin Client |
Yes
Yes
No
|
Yes
Yes
No
|
Yes
Yes
Yes
|
Managed Product List
The GlobalAdmin station manages the following products:
|
Products Managed
|
GlobalAdmin
Lite
|
GlobalAdmin
Standalone
|
GlobalAdmin
Server
|
|
Free CompuSec® Security Suite
-
Software - Version |
Yes
|
Yes
|
Yes
|
CompuSec® Security Suite
e-Identity® with 1024 Bit RSA
e-Identity® with 2048 Bit RSA
|
Yes
Yes
|
Yes
Yes
|
Yes
Yes
|
| IPCrypt Client SW |
Yes
|
Yes
|
Yes
|
IPCrypt
Client USB
Using USB token or smart card
|
Yes
|
Yes
|
Yes
|
CompuSec® HSM
|
Yes
|
Yes
|
Yes
|
|
CompuSec® Mobile |
Yes
|
Yes
|
Yes
|
| SafeLan |
Yes
|
Yes
|
Yes
|
DataCrypt
|
Yes
|
Yes
|
Yes
|
| Single Sign On |
Yes
|
Yes
|
Yes
|
| IPCryptor Product Family |
Yes
|
Yes
|
Yes
|
|
MicroCryptor |
Yes
|
Yes
|
Yes
|
|
Minimum System Requirements for GlobalAdmin Lite
|
|
PC Workstation / Notebook with Intel architecture
Windows Server 2003, Windows XP, Windows 2000
100MB free hard disk space
|
|
|
CompuSec® is a registered trademark of CE-Infosys Pte Ltd in
Singapore.
|
|
