|
DV is available in Standard and Enterprise editions. DV Standard enables digital certificate validation in desktop applications like Microsoft Internet Explorer, Outlook, Outlook Express, Adobe Acrobat, or Silanis ApproveIt. DV Enterprise enables certificate validation in Microsoft Windows Server applications like Domain Controller, Internet Information Server, and Exchange Server. With DV, enterprises can deploy single sign-on applications based on digital certificates stored on smart cards such as the DOD Common Access Card. DV enables secure workflow applications based on digitally signed documents and secure email (S/MIME) messages. The Tumbleweed Desktop Validator (DV) leverages the native Microsoft Windows Cryptographic API (CAPI) so it can transparently provide digital certificate validation to CAPI enabled client or server applications. DV enables digital certificate validation via standard protocol queries to a VA Server (or other OCSP or SCVP standards based responder) or via CRL lookups. The reliability and performance of CRL lookups can be greatly improved by using the VA Server and the Tumbleweed VACRL protocol to distribute CA or VA manufactured CRLs and delta CRLs to DV enabled systems.
DV is CA neutral and can support CRL data from multiple CA or VA sources and provides a robust mechanism for CA specific validation policies. DV can support complex trust models and supports RFC 3280 certificate policy controls for path processing and policy enforcement. DV will perform end-to-end (complete) certificate validation if one or more intermediate CAs or VAs are used, and the validation policy requires end-to-end (complete) certificate chain validation. DV can communicate securely with a VA Server by utilizing SSL/TLS. DV supports different trust models and can support validation of the VA Server certificate. DV can also digitally sign requests to the VA server for deployments that require a high degree of audit and non-repudiation. DV also offers support for digital certificates stored on smart cards. DV provides support for two separate, configurable validation caches. One is an in-memory repository of all certificate validation requests, regardless of the validation mechanism used. The other is a disk-resident CRL repository. Caching parameters, including the time-to-live of response and the total size of the cache, are flexible to meet the requirements of a specific deployment. Caching can be used to improve performance and increase reliability in environments where the underlying network is not always available. DV can be managed through an easy to use graphical user interface. Additionally DV can be automatically configured using parameters obtained from the VA Server. This integration between the DV and the VA Server greatly facilitates the operation of DV in a large-scale application deployment. DV also provides well tested support for numerous proxy servers and load balancers. A key application of DV is smart card login. To enable Tumbleweed's revocation checking for users' smart card certificates, DV Enterprise is installed on the Domain Controller and DV Standard is installed on the client systems. DV can check for revocation status using different protocols, CRLs, or utilize it cache to ensure performance and a high degree of reliability. Interested in Tumbleweed solutions? Please contact us.
|
|
