Review – Microsoft CLM Certificate Lifecycle Manager Beta 2


I reviewed CLM Beta 1 half year ago and rated it low. Now, CLM Beta 2 is ready for prime time and I’m going to deploy it in production environment. I’ve seen a lot of improvements in Beta 2 so many cons in Beta 1 are removed. Base CSP Smart Card support is a huge for me. For smart card PIN distribution to users, CLM provide 3 – 4 ways:


– User Provided: The admin or user will provide the initial PIN at the time of enrollment


– Random: Nobody knows the initial PIN; Users will need to do self service PIN unblock to get the initial PIN.


– Server Distributed: CLM will print the initial PIN on a hard copy of user letter; This simulates bank ATM PIN distribution; A template is provided with many configurable variables for letter customization.


– Custom Distributed: This allows you to program custom API if above ways don’t work for you.


 


Pros:


– Microsoft Base CSP Smart Card support 


– Custome API to enhance CLM functionalities


– Format (Initialize) smart card


– HSM support for agent key protection


– SQL 2005 support


– Turn key system and no coding is required


– Can manage both smart cards (including USB tokens) and certificates


– Feature rich self service Web UI


– Built-in work flow engine to handle approval and notification


– Flexable policies


– Temp smart card


– Easy installation


 


Cons:


– In multiple forest environment, each forest needs its own CLM and SQL database.


– Granting permission is tedious work


– CLM Client and .NET Framework 2.0 are required on client PC for self service.


 


Overall Rating:


8 out of 10


(0-2: fail to work, 3-5: work in demo/test environment, 6-8: work in production environment, 9-10: excellent quality, great value, highly recommended)


Comments (0)