Standards Compliance

ADSS SCVP Server is compliant with the proposed IETF RFC5055 standard.

Well proven core services

ADSS SCVP Server is built on the same core ADSS Server platform and as a result it inherits all the scalability, resilience, performance, management, security and reporting capabilities.

Dual Control

Optionally turn on dual control feature to ensure two or more operators are required to make any changes to the configuration.

Reporting

ADSS SCVP provides unparalleled views for every transaction that it processes. The human-readable request/response viewers show exactly what went on, even with back-end operations like checking a certificate using an OCSP server. These are an essential tool to avoid lengthy support calls and also for dispute resolution purposes.  screenshot | screenshot 1 | screenshot 2

High Availability

Two or more ADSS SCVP Servers can be load balanced to share network traffic for high performance and high availability.

Auto Archiving

Automatically archive logs based on configurable policy to keep your database size in check. Log files are auto signed upon archiving. screenshot

Real-Time Alerts

Configure emails and/or SMS alerts for specific events and send these to specific operators. SNMP alerting is also supported. screenshot

Supports multiple validation policies and algorithms

ADSS SCVP Server can be configured to operate under different validation policies with their configuration parameters such as the Trust Anchors. It can support basic validation algorithms and name-based validation algorithms as defined by the SCVP specifications. Additional validation algorithms can be added if required. screenshot

Supports multiple back-end PKIs

ADSS SCVP Server can work with multiple back-end PKIs including Certificate Authorities, CRL Issuers and OCSP responders to ensure global interoperability of trust services without have to get involved in complex trust schemes which require Root CA cross-certification or Bridge CAs.

Security

ADSS SCVP Server has been designed with maximum security features in mind, including:

• Secure event and transaction logs are maintained with details that show pre- and post-change state for all database record changes.
• An optional dual control capability is provided so that a separate security role holder is required to review and approve configuration changes.
• PKCS#11 compliant HSMs are supported for effective signing key protection.
• Automated database integrity checking is provided (with optional manual checks).

Clustering

For high performance needs SCVP Server can easily be installed as part of a load-balanced clustered environment.

Identification & Authentication

Strong I&A for both ADSS Server operators and client business applications to ensure only trusted entities are allowed in. screenshot

Access control

Fine grain Role-Based Access Control (RBAC) ensures operators can access and see only authorised functionality. screenshot

Operating System independence

ADSS SCVP Server is a standard J2EE application and supported on Windows, Linux (Centos, Suse) and Solaris (X86 and Sparc). Other UNIX flavours can be supported also upon request.

Database independence

ADSS SCVP Server configurations and transaction logs are stored within a DBMS, however because of our use of Hibernate® technology, it is DBMS independent. We support SQL Server, Oracle, MySQL and PostgreSQL.

HSM / Smartcard Independence

Any PKCS#11 crypto device (i.e. HSM, smartcard or USB token) can work with SCVP Server to generate cryptographic keys, store them and utilise them within the secure device.

PKI independence

SCVP Server relies completely on open PKI standards so it can work with any CA, CRL issuer, OCSP server, LDAP repository and TSA server. We have taken away all the complexities of interoperability!