Review - Microsoft CLM Certificate Lifecycle Manager Beta 2
I reviewed CLM Beta 1 half year ago and rated it low. Now, CLM Beta 2 is ready for prime time and I'm going to deploy it in production environment. I've seen a lot of improvements in Beta 2 so many cons in Beta 1 are removed. Base CSP Smart Card support is a huge for me. For smart card PIN distribution to users, CLM provide 3 - 4 ways:
- User Provided: The admin or user will provide the initial PIN at the time of enrollment
- Random: Nobody knows the initial PIN; Users will need to do self service PIN unblock to get the initial PIN.
- Server Distributed: CLM will print the initial PIN on a hard copy of user letter; This simulates bank ATM PIN distribution; A template is provided with many configurable variables for letter customization.
- Custom Distributed: This allows you to program custom API if above ways don't work for you.
Pros:
- Microsoft Base CSP Smart Card support
- Custome API to enhance CLM functionalities
- Format (Initialize) smart card
- HSM support for agent key protection
- SQL 2005 support
- Turn key system and no coding is required
- Can manage both smart cards (including USB tokens) and certificates
- Feature rich self service Web UI
- Built-in work flow engine to handle approval and notification
- Flexable policies
- Temp smart card
- Easy installation
Cons:
- In multiple forest environment, each forest needs its own CLM and SQL database.
- Granting permission is tedious work
- CLM Client and .NET Framework 2.0 are required on client PC for self service.
Overall Rating:
8 out of 10
(0-2: fail to work, 3-5: work in demo/test environment, 6-8: work in production environment, 9-10: excellent quality, great value, highly recommended)
