Thales

Certificate Management and Secure Key Orchestration with Thales and AppViewX

AppViewX – Thales Joint Solution

AppViewX and Thales’s partnership helps enterprises overcome the challenges brought by managing private keys in a complex infrastructure. For enhanced security and compliance, private keys must be encrypted before they are stored in an enterprise’s infrastructure. Our combined solution gives the enterprise multiple options that cater to the specific needs of that infrastructure.

AppViewX acts as the automation and orchestration engine for the lifecycle management of X.509 certificates, and Thales Data Protection On Demand (DPoD) Cloud HSM or Luna HSM ensures the security of the private keys associated with those certificates in the cloud, on-premises or as a hybrid solution.

Solution Highlights

Certificate Management with Encrypted Private Key Storage in AppViewX

This solution is useful for enterprises seeking to generate and store private keys inside AppViewX and limit their encryption to the DPoD Cloud HSM service or on-premises Luna HSM for optimum resource utilization. Before being stored in an AES-256 encrypted database, the private keys undergo multiple layers of encryption by Data Encryption Key (DEK), Key Encryption Key (KEK) and Master Encryption Key (MEK). While the encrypted private key, encrypted DEK, and encrypted KEK reside inside AppViewX, the MEK is stored inside the HSM and cannot be retrieved. This solution is suitable for all ADC and server devices.

Certificate Management in AppViewX and Private Key Storage in Thales

Enterprises can use this solution to assign AppViewX to certificate management activities while the HSM is used to both generate and store private keys in the name of added security. The private key generated using the DPoD or Luna HSM cannot be removed and is completely shielded from tampering. This particular solution is suitable for all supported devices that can initiate direct communication with the HSM and use a key identifier to access private keys.

Comprehensive Role-Based Access Control

The first step in any access control process is having complete visibility into your certificate ecosystem. Sifting through the thousands of certificates in your inventory can be cumbersome. With our holistic view, CERT+ graphically represents important certificate information like chain of trust, associated devices and HSM. Users can also perform necessary lifecycle management tasks like issuing, renewing and revoking multiple certificates all within the holistic view itself.

Benefits

  • Encrypt and protect private keys using industry-standard, FIPS 140-2 Level 3 certified HSMs with the flexibility of either on-premises or cloud-based services.
  • Manage and automate multi-vendor X.509 certificates across multiple devices
  • Gain visibility and control across all certificates and its keys
  • Enforce policies and ensure compliance across the network
  • Deliver secure communications faster by reducing certificate deployment time by up to 70%

About Thales

The people you rely on to protect your privacy rely on Thales to protect their data. When it comes to data security, organizations are faced with an increasing number of decisive moments. Whether the moment is building an encryption strategy, moving to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.

SafeNet AT

AppViewX and SafeNet AT Joint Solution

Digital Certificate and Key Lifecycle Management and Automation with SafeNet Assured Technologies

AppViewX and SafeNet AT’s partnership helps enterprises overcome the challenges brought by managing private keys in a complex infrastructure. For enhanced security and compliance, private keys must be encrypted before they are stored in an enterprise’s infrastructure.

Our combined solution gives the enterprise multiple options that cater to the specific needs of that infrastructure. AppViewX acts as the automation and orchestration engine for the lifecycle management of X.509 certificates, and SafeNet AT aids in the security of the private keys associated with those certificates.

Solution Highlights

Certificate Management with Encrypted Private Key Storage in AppViewX

This solution is useful for enterprises seeking to generate and store private keys inside AppViewX and limit their encryption to the HSM device for optimum resource utilization. Before being stored in an AES-256 encrypted database, the private keys undergo multiple layers of encryption by Data Encryption Key (DEK), Key Encryption Key (KEK) and Master Encryption Key (MEK). While the encrypted private key, encrypted DEK, and encrypted KEK reside inside AppViewX, the MEK is stored inside the HSM and cannot be retrieved. This solution is suitable for all ADC and server devices.

Certificate Management in AppViewX and Private Key Storage in SafeNet AT

Enterprises can use this solution to assign AppViewX to certificate management activities while HSM is used to both generate and store private keys in the name of added security. The private key generated within the HSM cannot be removed and is completely shielded from tampering. This particular solution is suitable for all supported devices that can initiate direct communication with the HSM and use a key identifier to access private keys.

Comprehensive Role-Based Access Control

The first step in any access control process is having complete visibility into your certificate ecosystem. Sifting through the thousands of certificates in your inventory can be cumbersome. With our holistic view, CERT+ graphically represents important certificate information like the chain of trust, associated devices, and HSM. Users can also perform necessary lifecycle management tasks like issuing, renewing and revoking multiple certificates all within the holistic view itself.

Benefits

  • Encrypt and protect private keys using an industry-standard, FIPS 140-2 certified HSM
  • Manage and automate multi-vendor X.509 certificates across multiple devices
  • Gain visibility and control across all certificates and its keys
  • Enforce policies and ensure compliance across the network
  • Deliver secure, encrypted communications faster by reducing certificate deployment time by up to 70%

About SafeNet Assured Technologies

SafeNet Assured Technologies, LLC protects the U.S. Federal Government’s most sensitive information systems. As a U.S. based company, SafeNet Assured Technologies’ mission is to provide high assurance data security products and technologies to the Federal Government. Defense, intelligence, and civilian agencies trust SafeNet Assured Technologies to provide encryption-based identity and authentication solutions, secure sensitive data and networks, and enable assured information sharing.

PagerDuty

Joint Solution: AppViewX and PagerDuty


This integrated solution was built to enable NetOps and SecOps teams to detect and fix network outages with greater agility and precision. Now, any system that uses AppViewX to orchestrate network workflows and PagerDuty to detect outages can leverage the joint solution to to get instantly notified on network outages, incidents, and anomalies via the PagerDuty service. The integration also simplifies incident creation and resolution on both platforms by unifying them, creating visibility and bi-directional operability.

Solution Highlights

  • Accelerated Incident Response

    Reduce latency by automatically notifying teams on outages through changes triggered by AppViewX, via PagerDuty incidents.

  • Synchronized Workflows

    Create and resolve incidents from both AppViewX and PagerDuty, with automated bidirectional synchronization of resolution.

  • Network Visibility

    Introduce PagerDuty’s monitoring services into any NetSecOps process with AppViewX’s flexible visual workflow builder.

Benefits

  • Transparency into incident response workflows
  • Reduced SLAs and turnaround time for remediation
  • Bi-directional operability
  • Increased Netops and SecOps agility

About PagerDuty

In an always-on world, teams trust PagerDuty to help them deliver a perfect digital experience to their customers, every time. PagerDuty is the central nervous system for a company’s digital operations. PagerDuty identifies issues and opportunities in real time and brings together the right people to respond to problems faster and prevent them in the future. From digital disruptors to Fortune 500 companies, over 12,000 businesses rely on PagerDuty to help them continually improve their digital operations—so their teams can spend less time reacting to incidents and more time building for the future.

Fortanix

AppViewX-Fortanix Joint Solution

The partnership between AppViewX and Fortanix helps enterprises overcome the challenges brought by managing private keys in a complex infrastructure. Our combined solution gives the enterprise multiple options that cater to the specific needs of that infrastructure. AppViewX acts as the automation and orchestration engine for the lifecycle management of X.509 certificates, and Fortanix Self-defending KMS ensures the security of the private keys associated with those certificates in the cloud, on-premises or as a hybrid solution.

Solution Highlights

  • Certificate Management with Encrypted Private Key Storage in AppViewX
  • Certificate Management in AppViewX and Private Key Storage in Fortanix
  • Comprehensive Role-based Access Control

Benefits

  • Encrypt and protect private keys using industry-standard, FIPS 140-2 certified HSMs with the flexibility of either on-premise or cloud-based services.
  • Manage and automate multi-vendor X.509 certificates across multiple devices
  • Gain visibility and control across all certificates and its keys

  • Enforce policies and ensure compliance across the network
  • Deliver secure, encrypted communications faster by reducing certificate deployment time by up to 70%

Manage and Automate F5 BIG-IP

Manage and Automate F5 BIG-IP

AppViewX and F5 Networks Joint Solution

AppViewX and F5 share a common mission to provide the most reliable application delivery systems to organizations. AppViewX platform is fully integrated with the BIG-IP® platform and is compatible with all the latest versions of the platform, including BIG-IP LTM, DNS, AFM, and ASM modules as well as VIPRION hardware and the new cloud-ready BIG-IP iSeries hardware. The solution allows users to centrally manage, automate, and orchestrate F5 BIG-IP devices across data centers. AppViewX bridges the gap between application owners, network administrators, and security teams by providing an application-centric view and control over the F5 application delivery network. AppViewX also complements F5 BIG-IQ® Centralized Management with enhanced management capabilities.

Solution Highlights

  • Centralized BIG-IP management

    AppViewX provides application-centric control and visibility over F5 physical and virtual devices, including BIG-IP LTM, DNS, ASM, and AFM modules. It empowers application owners to add, remove, create, and delete objects along with numerous other capabilities. It allows security teams to easily add, modify, and manage security policies and rules. It also integrates with BIG-IQ management platform for simplified and rapid orchestration of load balancing services.

  • Automated ADC deployment

    Automated workflows deliver a high level of automation and decrease the need for manual intervention. AppViewX allows users to create self-service forms that are built on top of F5 configurations to automate creation, modification, and deletion of a virtual IP, wide IP, or security policy. It automates the creation of DNS entries and generation of free IPs with a single click through integrations with DDI systems.

  • Granular, role-based access control (RBAC)

    Superior self-servicing capabilities provide granular, object-level, role-based access control. The AppViewX platform allows the administrator to define multiple roles and empower different teams with limited privileges to address configuration change requests and implement the changes on devices in brownfield and greenfield environments.

  • Application-Centric Visibility

    AppViewX provides a topological map of the application infrastructure, including mapping of global and local load balancer dependencies. Networking engineers can recursively look up the pool members(end servers) to address the complexities in load balancing architectures where multiple devices are handling traffic for a single application.

  • Real-Time Alerting and Reporting

    Threshold alerts, certificate validity alerts, device alerts, and application health alerts are available to help eliminate the risk of outages at various levels. Alerts can be sent via email or SNMP traps to enable quick responses. A statistics heat map supplies complete BIG-IP device details such as CPU, memory, and bandwidth utilization.

  • Backup and Restore of BIG-IP Configurations

    AppViewX can take device-level (UCS) and object-level configuration backups, which can be scheduled or generated on demand. Backups may be compared across devices and archives and can be restored during troubleshooting at either the device level or object level.

  • Seamless Migration Across BIG-IP Platforms

    Patch upgrades and version upgrades to the latest F5 version can be done on multiple devices in a single window and with minimum application downtime. With AppViewX, you can migrate configurations across different platforms, such as BIG-IP virtual editions and BIG-IP hardware, including the new iSeries platform. Migration through AppViewX ensures clean installation and eliminates errors.

  • SSL/TLS Certificate Lifecycle Automation

    AppViewX enables discovery and management of certificates on F5 devices as well as those on application servers, web servers, and proxy servers. In addition to providing alerts on validity, it facilitates the renewal of certificates and provides the capability to push certificates to end devices, automating certificate lifecycle management.

Benefits

  • Automation and self-servicing for ADC deployments
  • Increased operational efficiency among cross-functional network teams
  • Reduced manual configuration errors across the network
  • End-to-end lifecycle management of SSL certificates on F5 BIG-IP devices

About F5 Networks, Inc.

F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software-defined networking (SDN) deployments to successfully
deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends. For more information, go to www.f5.com.

PrimeKey

Joint Solution : AppViewX and PrimeKey

AppViewX CERT+ and PrimeKey created this solution to provide users with a seamless certificate lifecycle management experience. Now, any system that leverages EJBCA-issued certificates can use the AppViewX platform as a single-pane-of-glass console that can detect, issue, provision, and renew/revoke digital certificates. The integration is comprehensive, providing visibility and permitting end-to-end automation of PKI infrastructure.

Solution Highlights

  • Network Scanning and Monitoring

    The solution enables the scanning of multi-cloud, multi-platform, and multi-device network environments to detect x.509 certificates on the network, grouping them, and inventorizing them. It also provides post-discovery monitoring and reporting on key PKI metrics.

  • Certificate Lifecycle Management

    Issue, provision, renew, revoke, and manage certificates from a single platform. Enable zero-touch pushing of EJBCA certificates to endpoints from within the platform.

  • Key Operations Automation

    Secure private keys with AES-256 encryption and automate the provisioning of keys to associated endpoints with user-definable workflows.

  • Compliance and Security

    Enable AppViewX to act as a registration authority to define and enforce policies, in order to ensure compliance.

Benefits

  • Increased visibility into certificate and network infrastructure
  • Full-cycle lifecycle management from a single hub
  • Heightened threat deterrence and reduced manual configuration errors
  • Maximized security of keys and certificates

About PrimeKey

One of the world’s leading companies for PKI solutions, PrimeKey Solutions AB has developed successful technologies such as EJBCA Enterprise, SignServer Enterprise, PKI Appliance, SignServer Appliance, the PrimeKey SEE. PrimeKey is a pioneer in open source security software that provides businesses and organisations around the world with the ability to implement security solutions such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation. For more information, go to www.primekey.com.

Centralized Citrix NetScaler Management

Centralized Citrix NetScaler Management

AppViewX and Citrix Joint Solution

AppViewX’s Application Delivery Automation solution is a comprehensive platform to manage and monitor NetScaler ADCs (compatible with versions v9 and v10). AppViewX leverages NetScaler NITRO APIs to offer the abstraction of device and application service management in a centralized interface. It offers various management capabilities that include backup and restore and configuration creation and modification. It also provides predictive analysis of statistics, operational functionalities for service rotation, and end-to-end certificate lifecycle management.

Solution Highlights

  • Trusted and verified solution to manage all versions of NetScaler 9.x and 10.x series ADCs
  • Automated device backup with device- and object-level restoration
  • Granular, role-based access control, supporting self-servicing capabilities for application and network teams across different silos
  • Holistic view of application services across NetScaler ADCs
  • User-defined dashboards to monitor and manage application services
  • Customizable, template-based request system for change management that is tied to a workflow engine
  • Integration with ticketing system for incident and change management
  • Integration with DDI systems
  • REST API availability for integration with in-house/other automation tools
  • Alerting and reporting capabilities on application services
  • Audit log and change modification logs to keep track of changes
  • Predictive analysis of device and application statistics up to 3 months, leveraging a built-in big data Hadoop engine
  • SSL certificate generation, renewal, and revocation on NetScaler ADCs
  • Advanced alerting and reporting on certificate status, renewal, and expiration

Benefits

  • Single management window for all NetScalers
  • Automation and self-service for ADC deployments
  • Increased operational efficiency among cross-functional network teams
  • Reduced manual configuration errors across the network
  • End-to-end lifecycle management of SSL certificates on NetScalers

About Citrix System, Inc.

Citrix Systems is the world’s most advanced application delivery controller for mobile and web. Citrix NetScaler is deployed in thousands of networks around the globe to optimize, secure and control the delivery of all enterprise and cloud services, and to maximize the end user experience for all users including mobile clients. Citrix currently services around 330,000 organizations worldwide and is based in Fort Lauderdale, Florida. For more information, visit www.citrix.com.

A10 Networks

Application-Centric Management of Thunder ADCs

A10 and AppViewX Joint Solution

The AppViewX and A10 partnership gives customers a single pane of glass for managing and monitoring their ADC infrastructure. The AppViewX solutions fully integrate into the A10 Thunder ADC line of application delivery controllers, supporting Thunder ADC hardware appliances. This joint solution enables organizations to have application-centric visibility and configuration management capabilities across the ADC infrastructure.

Solution Highlights

  • Centralized device management

    The Application Delivery Automation solutions provides an inventory of all ADCs in the infrastructure, including information on how multiple services are configured. Users can perform device-level and application-level configuration backups that can be scheduled and stored in the database. These backups can be compared across devices and archives and can be restored during troubleshooting. It also provides a single window to perform software upgrades and hotfixes across the ADC infrastructure.

  • Configuration agility with change management automation

    Manual configuration management in individual controllers is risky and has no change control and validation. Errors on Thunder ADC configurations can lead to application downtime that results in a major business impact. AppViewX allows users to build cookie-cutter templates for configurations that can be provided to application teams through self-service forms. These templates are integrated with DDI systems for IP allocation and to automate DNS record creation. The Application Provisioning System (APS), a subsystem of AppViewX, is tied to external ticketing systems for change control and implementation validation. This significantly reduces manual configuration errors and provides change management automation.

  • Configuration Automation

    Manual configuration management in individual controllers is risky and has no change control and validation. Errors on ADC configurations can lead to application downtime leading to severe loss in business for companies. Allows users to build cookie cutter templates for configurations that can be self-serviced back to the application teams and can also be integrated with DNS/IPAM systems for IP allocation and automating DNS record creation.

  • Cross-team collaboration with self-service portal

    AppViewX provides a secure, role-based access control (RBAC) system, allowing organizations to define granular roles and enable access to a limited set of objects on the ADC. The authorized functions and access control checks provide security and allow the application and operations teams to self-serve for a limited set of application services functions. The RBAC module integrates with external directory service systems to offload user management and administration overload for the application.

  • Customizable dashboards to optimize operations

    Customizable dashboards provide insights into application health, status, and performance. Application and operations teams can use the dashboards to perform simple tasks, such as enabling and disabling objects during server rotation. The Platform creates a topological map of the ADC infrastructure, including mapping out global and local load balancer dependencies. Users can search for application services across the network service infrastructure, allowing them to quickly identify failures and rectify them immediately.

  • Certificate lifecycle automation

    AppViewX is a one-stop solution for management of SSL/TLS certificates and SSH keys across networks. It provides automated discovery of SSL certificates and allows the user to monitor the expiration status of certificates, and it sends alerts at configurable intervals through emails/SNMP traps. It also provides the capability to renew certificates and deploy certificates on load balancers through an efficient, workflow-based process.

  • Capacity management

    AppViewX has a big data engine that collects statistical data from all ADCs. Users can look at historical data by creating custom graphs for different device- and application-level statistics. It provides a heat map report of all ADCs in the environment, with CPU utilization, memory, connections, and bandwidth utilization details on load balancers. Various reports and graphs can be created to achieve efficient capacity planning of the infrastructure. Device-level reporting and alerting can be leveraged to monitor device performance.

Benefits

  • Increased visibility across the application delivery infrastructure
  • Increased operational efficiency among cross-functional network teams
  • Reduced manual configuration errors across the network
  • Capacity planning and performance management through big data
  • End-to-end lifecycle management of SSL certificates

About A10 Networks

A10 Networks is a leader in application networking, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, California, and serves customers globally with offices worldwide. For more information, visit: www.a10networks.com.