• Maintain data persistence through near real time high availability replication of your eIDs and CRLs.

• Recover from disasters by restoring your eID database to its 100% valid state if it ever becomes corrupted.

Data Persistence & Disaster Recovery Services

WISeKey’s CertifyID Guardian is an integral part of the CertifyID global solution for Certificate Management Services. WISeKey Guardian is a software module that offers professional grade database redundancy and high availability services for the Certification Authorities (CAs) on the Microsoft Windows Server platform.

The risk

Certificate Services in Microsoft Windows 2000 and 2003 stores all of its data in the file-based certificates database, which does not have fault-tolerance and redundancy capabilities of SQL databases. CA database can be backed up but there are no possibilities to perform real-time backup operations. In the case the database becomes corrupted, all the Digital Certificates and related information since the last backup could be totally lost. Corruption of such a database is a real risk; and reducing this risk is one of the most important issues risk managers face when planning to deploy a Certification Authority infrastructure based on the Microsoft Windows platform. Digital certificates and related information should be stored in a database, and mirrored to another location. The fact that Certificate Services in Windows does not support clustered configurations makes it even more critical that the database is safeguarded. In case of an incident it must be possible to rapidly recover a 100% accurate version of the database without any lost of Certificates and related information.

Features and Benefits

WISeKey’s CertifyID Guardian adds database redundancy and resiliency to Windows Certificate in order to provide high availability services. It is a standard exit module which is installed on Windows Certificate Services. The module stores all Certificates and related information such as Certificate Status History (the changes of a certificate status during its lifecycle) in an SQL database. This database can be mirrored, or replicated at an offsite location to provide effective disaster recovery.

Data persistence - offers permanent high availability storage of certificates and CRLs.
• CA Disaster Recovery – allows recovery of the Certificates Services database to its 100% valid state following data corruption or loss.
• Improve the efficiency of certificate management activities by implementing a central certificate information database to support lookup and reporting .
• Implement near-real time data updates - so information remains always up-to-date.
• Implements batch load/update/audit capability allowing mass loading and update, and consistency audits.

In addition to the data persistence, and Certificate Status History, WISeKey’s CertifyID Guardian also provides important reporting analysis and audit tools, allowing administrators to track:

• Number of Certificates per user – How many Certificates have been issued to an individual user? Has any user requested more that one Certificate of the same type, or did any user request several Certificates from different Certificates Authorities?
• Who’s got a certificate - If you goal is to fully deploy Certificates, it would be good to know if all users belonging to a given domain or Organizational Unit (OU) have requested a Certificate already. Using WISeKey Guardian the administrator can check which users in Windows Active Directory have requested a Digital Certificate.
• Request peaks (day/month) – Determine how your Certificate Authorities are utilized.
• What Certificates types are issued – determine what kind of certificates have been issued based on the certificate templates in use.

An SQL engine is packaged with CertifyID Guardian allowing data storage not exceeding 4GB (approximately 1.000.000 digital certificates). For larger implementations SQL 2000/2005 databases are supported (licenses not included).

Technical Description Software and Hardware Compatibility Windows Server 2000 Certificate Services Windows Server 2003 Certificate Services Minimum Hardware Requirements PC with a 133-MHz processor required; 550-MHz or faster processor recommended 128 MB of RAM required; 256 MB or more recommended 1 MB free disk space required (does not include space for certificate storage which depends on number of certificates)

Business Continuity

Additional Uses

The CertifyID Guardian XM also enables real time eID validation responses when used in conjunction with the CertifyID OCSP Server.