Review - Microsoft CLM Certificate Lifecycle Manager Beta 2

I reviewed CLM Beta 1 half year ago and rated it low. Now, CLM Beta 2 is ready for prime time and I'm going to deploy it in production environment. I've seen a lot of improvements in Beta 2 so many cons in Beta 1 are removed. Base CSP Smart Card support is a huge for me. For smart card PIN distribution to users, CLM provide 3 - 4 ways:

- User Provided: The admin or user will provide the initial PIN at the time of enrollment

- Random: Nobody knows the initial PIN; Users will need to do self service PIN unblock to get the initial PIN.

- Server Distributed: CLM will print the initial PIN on a hard copy of user letter; This simulates bank ATM PIN distribution; A template is provided with many configurable variables for letter customization.

- Custom Distributed: This allows you to program custom API if above ways don't work for you.

Pros:

- Microsoft Base CSP Smart Card support 

- Custome API to enhance CLM functionalities

- Format (Initialize) smart card

- HSM support for agent key protection

- SQL 2005 support

- Turn key system and no coding is required

- Can manage both smart cards (including USB tokens) and certificates

- Feature rich self service Web UI

- Built-in work flow engine to handle approval and notification

- Flexable policies

- Temp smart card

- Easy installation

Cons:

- In multiple forest environment, each forest needs its own CLM and SQL database.

- Granting permission is tedious work

- CLM Client and .NET Framework 2.0 are required on client PC for self service.

Overall Rating:

8 out of 10

(0-2: fail to work, 3-5: work in demo/test environment, 6-8: work in production environment, 9-10: excellent quality, great value, highly recommended)