A Global Law Firm Eliminates Application Outages, Boosts Efficiency, and Improves Security Posture with Certificate Lifecycle Automation from AppViewX CERT+

Tags

Agricultural Financial Services Company Improves Efficiency and Security with Certificate Lifecycle Automation from AppViewX

Tags

Multinational Apparel Company improves security posture with end-to-end Certificate Lifecycle Automation

Tags

The City of Cape Town Significantly Improves Service Delivery with AppViewX CERT+

Tags

Fortune 500 Energy Firm achieves 90% time savings and 100% visibility into PKI with AppViewX CERT+, Powered by AWS

Client Information

A leading energy and utilities holding company that acts as an energy supplier in eight states across the USA. It operates multiple coal plants, wind farms, and nuclear power stations.

Get a Copy of our Case Study Now!

Background

Lack of defined PKI processes and visibility resulted in outages

Public certificate authority (CA)s were used to provide transport layer security (TLS) certificates for hundreds of external access points. The cyber-security identity and access management (IAM) team was responsible for certificate management, issuance support, and PKI processes. They would assist application support teams by responding to certificate task requests raised via tickets, as necessary. There were thousands of servers and employees that made use of PKI, but there was no well-defined process that dictated how certificates and keys were managed.

Problem Faced

  • Manual PKI configuration errors
  • Certificate outages caused due to lack of visibility
  • Scattered ownership of certificates
  • Cumbersome key regeneration/re-keying
  • Lack of defined PKI process
  • Lack of PKI self-service resulting in increased reliance on IT

Primary Business Challenges

Lack of PKI Visibility

A lack of clear visibility into where every certificate was located resulted in frequent expiry-related outages, certificate duplication, cumbersome troubleshooting and complicated maintenance. Detecting the presence of all self-signed certificates and certificates with weak keys and deprecated algorithms was quite difficult to achieve manually, exposing the firm to vulnerabilities.

Manual, Decentralized Certificate Operations

Certificate tasks such as expiry monitoring and installations were done manually by the PKI team. There was a need for an automated system to inventory and group certificates, which would serve the purpose of providing visibility post-discovery. Most importantly, the customer desired a centralized system using which all aspects of PKI could be managed in a secure manner.

Insecure Endpoint Deployment

There were several different device types that certificates needed to be deployed to Windows servers, Red Hat servers, F5 LTMs, and so on. Key distribution was done in an un-encrypted fashion, and pushing the certificate to its respective endpoints required significant work due to its decentralized nature. The entire process of certificate deployment needed to be streamlined and made fully secure, as it was a critical component of the certificate lifecycle.

Results Achieved

The AppViewX deployment worked seamlessly with our customer’s IT infrastructure, and started delivering results right from the start.

Certificate Discovery and Inventory

AppViewX scanned and located certificates on a multitude of devices and servers, and across multiple CAs. The discovered certificates were automatically added to the inventory, and AppViewX allowed for grouping based on certain criteria. The discovery process could be carried out using a range of parameters – including scanning by subnet/IP, or by issuing CA, device, and so on. AppViewX also integrated with Rapid7 in order to query the asset group identified by the customer, in order to discover certificates.

Alerts and Monitoring

AppViewX provided constant visibility into certificate health with reports that displayed validity statuses. Periodic alerts for imminent certificate expirations could be configured to be sent via email to the respective certificate/group owner, ensuring that a renewal was never missed. AppViewX also permitted the transfer of certificate ownership to solve the issue of alerts being sent to the wrong people (people who were no longer employed by the firm, for instance).

Self-Service of PKI

AppViewX made a self-service portal accessible to application maintenance teams that could be used to directly requisition certificates as necessary. This minimized their reliance on the PKI security team for trivial certificate tasks, and was a huge time-saver. Role-based control was also applied, ensuring that only authorized personnel would be able to make changes to PKI. Most importantly, AppViewX’s low-code page builder was used to design self-service forms in such a way that different teams were exposed to only the information that was relevant to them.

Automation

Tasks such as certificate signing request (CSR) generation, email notifications, certificate signing, and CLM (more on that below) were completely abstracted and automated. AppViewX’s automation engine tied together disparate tasks and was able to execute them in an orderly fashion based on activity triggers from users, minimizing significant manual effort.

End-to-end Certificate Lifecycle Management

The AppViewX platform integrates with most endpoints and commercial CAs available on the market. In this case, teams were able to discover, request, renew, revoke, deploy, and create certificates from right within the AppViewX console, without having to switch between various CA and device vendor portals. SSL policy could be defined and enforced across the organization as well.

Tags

  • Certificate Automation
  • certificate lifecycle management

Slovakian Commercial Bank eliminates outages and saves compliance costs with automation

Tags

Rabobank reduces certificate creation time with automation

Tags

The Australian Bureau of Statistics (ABS) achieves PKI visibility and saves time with AppViewX CERT+

Tags

Fortune 500, Global Insurance Provider Uses AppViewX to Automate F5, Cut TCO by 92%

Client Information

The client is a leading global insurance organization, operating across more than 80 countries and jurisdictions. Also, a Fortune 500, providing insurance and other financial services to support their clients in business and in life.

Get a Copy of our Case Study Now!

Business Objectives

With a rapidly-growing customer base of over 100 million and thousands of internal and public-facing applications, the company’s IT infrastructure team was constantly challenged with endless service requests. Despite having one of the most powerful ADC infrastructures supporting their applications, the team found its core processes to be painfully manual, slow, and inefficient. They realized the immediate need for a more comprehensive, scalable and automated solution that could catapult them into the digital world.

Key Technical Objectives

  • Streamline F5 BIG IP configuration management
  • Automate LTM provisioning and VIP lifecycle management
  • Enable Application and Security teams with self-servicing capabilities
  • Obtain granular visibility into Network Infrastructure
  • Perform device backups on regular basis and restore when required

Business Challenges

With over 120 ADC devices and no management & automation platform, the network and application teams were unable to efficiently leverage the full potential of their F5 ADC infrastructure

  • Long queue of tickets and subsequent service delays – Every change request had to go through the network team. Application teams had to wait long hours even for a simple enable/disable operation, which again had to be done manually.
  • Outages due to implementation of faulty configurations – ADC configuration change requests were raised by multiple teams across organization without being vetted thoroughly at multiple levels (completely manual).The change records were manually opened, approved and executed.
  • 3 – 4 days to provision an LTM instance – Backup, rollback, migration, and provisioning of device configurations were all manual and error-prone.
  • Time-consuming software upgrades – The team was manually handling the high CVE upgrades, which was highly time-consuming thus were unable to run adequate validation checks, causing production outages.
  • No VIP clean-up process – Utilizing Orion and custom SNMP discovery to generate reports and were analyzed and validated manually. The change records were manually opened, approved and executed.

AppViewX ADC+ as a Solution

AppViewX’s ADC+, application delivery automation solution provided role-based management, automation, and orchestration of F5 BIG-IP services. It simplified version upgrades and enabled self-service capabilities to multiple lines of business for the client.

  • Self-Servicing with Controlled Network Dashboards
    Multiple teams could get real-time visibility into the state, status, health, and performance of devices and applications from the Controlled Network Dashboards. Network engineers could create automation workflows for application-centric tasks like application enable/disable for rerouting traffic or spinning up virtual instances for testing. These workflows could then be shared with application owners using role-based access controls to self-service application-centric tasks without relying on network teams, leading to a significant drop in tickets.
  • Configuration Management with Out-of-the-Box Automation Flows
    AppViewX ADC+ fully automated the migration of configurations across devices and reduced configuration errors with out-of-the-box automation flows, change control through ITSM, pre- and post-validations, and built-in approval management process. The Visual Workflow module of the ADC+ solution generated templates of existing device configurations that could be updated with the required variables and automatically pushed to the new devices after the automated mandatory checks. Visual Workflow also supports bulk migrations, eliminating the need to type out configurations from scratch. These templates could also be self-serviced by the application teams, further saving time and effort.
  • VIP/WIP Lifecycle Management
    It automated the lifecycle of VIP/WIP management on BIG-IP LTM and DNS – from creation, modification, deletion, and decommissioning. AppViewX ADC+ is integrated with BlueCat to reserve & fetch free IPs and map them to the virtual server(s). It enabled teams with configurable parameters to track the VIPs/WIPs that are up/down for ‘X’ time frame. It also automated the approval and validation processes involved in creating virtual IPs.
  • Software Version Upgrades
    Software version upgrades, too, could be easily accomplished with the APS templates. Configurations could be migrated to a new/unused instance where the upgrade could be applied and tested, and finally brought to production. AppViewX automated the whole gamut of pre- and post-validation checks, ensuring zero possibility of outages and other service disruptions.
  • Backup and Restore
    AppViewX ADC+ enabled engineers to take on-demand or scheduled backups of device configurations and attributes and store them in a centralized repository. It also facilitates easy rollbacks to the last working configuration in case of failure during migration.
  • End-to-End detailed Reporting
    The platform enabled F5 administrators with app-centric topology views through customized reports and dashboards. Leveraging REST APIs, it helped the client optimize application and ADC performance with real-time auto-generated reports on CPU utilization, application traffic statistics, and unused VIPs.

Business Benefits

  • 99% reduction in time taken to provision LTM/GTM configurations
  • 98% reduction in application service delays with self-serviceability
  • 75% reduction in time taken for software upgrades – 1 GB or bigger files copied to multiple devices via single workflow in minutes
  • 10X increase in application availability with almost zero outages
  • Total Cost of Ownership reduced by 92%

Tags

  • ADC Automation
  • Application Delivery Controller
  • F5 ADC
  • F5 BIG-IP

Nationwide Building Society Simplifies and Automates Certificate Lifecycle Management with AppViewX

Client Information

Nationwide Building Society is the seventh-largest cooperative financial institution and the largest building society in the world, with over 15 million members. It is headquartered in Swindon, England.

Get a Copy of our Case Study Now!

Business Challenges in Certificate Management

Prior to AppViewX, Nationwide was using a generic solution to manage certificates. The solution was manually-intensive – certificate request, issuance, renewal, etc. required multiple steps and several back-and-forth exchanges between stakeholders. Manual certificate management resulted in considerable delays and inefficiencies.

The AppViewX Advantage

AppViewX provides Nationwide with a unified, automated solution to manage its certificates end-to-end. The certificate team receives automated certificate alerts and can request and download certificates from a single point. Issuing and renewing certificates have also got a lot easier, as AppViewX collects all the data necessary for requesting a certificate, which means users no longer need to go back and forth to gather missing information. This has significantly reduced enquiries.

The solution sends notifications to the team to enable access whenever someone requests a certificate and allows them to quickly approve or decline requests after viewing, eliminating multiple steps from the previous process.

AppViewX comes with a made-to-measure workflow which integrates the customer’s Active Directory, simplifying access and creating more efficient processes for users. The interactive GUI makes navigation easy and intuitive for users, adding to efficiency.

Customer Testimonial

“The implementation of AppViewX has materially saved time and effort for users across the whole certificate management lifecycle, which is a great outcome.”

Tags

  • certificate lifecycle management
  • Certificate Management
  • SSL Certificate Lifecycle Management