Skip to main content

Overview

The platform is carefully designed with the following goals in mind:

  • easy management of the data
  • extensibility and flexibility
  • technology agnostic
  • easy to use and maintain
  • quick installation

Concept of the platform

It is designed as a microservice architecture with the ability to be flexible in various occasions.

It is based on the principle that the Core is acting as a middleman between the Client and the Connector providing the logic of all operations. The Connector contains the full implementation of a particular technology. It accepts the request from the Core, processes it, and sends back the response in a format the Core can understand. Connector is also designed to be completely independent from other paltform components.

Architecture

The architecture of the platform is based on the following parts:

PartBrief description
DatabaseStores the data. SQL Database is used by default.
CoreThis is the brain of the platform. It contains the full logic of request processing.
InterfacesInterfaces provided and used by the platform.
ConnectorTechnology implementations that interact with the Core to perform the designated operation on the technology.
Access ControlRoles and permissions in the platform.
A^2 EngineA^2 Engine is a component that provides the ability to define and manage attributes.
NotificationsInternal and External notifications.

See the Architecture Overview for more details about the architecture of the platform.

Core Components

The platform consists of the following components:

ComponentsBrief description
CredentialStores the credentials for the Connectors.
AuthorityAuthority instances representing access to specific certification authority technology.
RA ProfileRA Profile abstracts the configuration of certificate-related attributes and provides a service for the Clients to manage them.
Compliance ProfileCollection of rules to be applied on a certificate to determine whether it satisfies the organizational compliance policy
EntityEntity representing the end user of the certificates and cryptographic key.
CertificateCertificate is an inventory object that contains all information about its lifecycle.
GroupGrouping allows to manage multiple certificates with the same characteristics.
TokenToken instance representing access to specific cryptographic device or technology.
KeyCryptographic key object that can be managed and contains relevant information about its lifecycle.
Token ProfileToken Profile abstracts the configuration of cryptographic service for the Clients to request cryptographic operations.
NotificationNotification instance representing access to specific notification technology.

Modules

Platform modules provides the following functionality:

ModuleBrief description
Certificate ManagementProvides certificate lifecycle management functions.
Certificate InventoryInventory of all certificates that are consistently visible and managed.
Certificate DiscoverySearching for certificates in various sources providing detailed results about discovered certificates.
DashboardsComprehensive visual dashboard providing quick information about the current certificate inventory state.
Key ManagementProvides key lifecycle management functions and cryptographic operations.
Key InventoryInventory of all keys that are consistently visible and managed in technology-agnostic way.