Review – Microsoft CLM Certificate Lifecycle Manager Beta 2


I reviewed CLM Beta 1 half year ago and rated it low. Now, CLM Beta 2 is ready for prime time and I'm going to deploy it in production environment. I've seen a lot of improvements in Beta 2 so many cons in Beta 1 are removed. Base CSP Smart Card support is a huge for me. For smart card PIN distribution to users, CLM provide 3 - 4 ways:


- User Provided: The admin or user will provide the initial PIN at the time of enrollment


- Random: Nobody knows the initial PIN; Users will need to do self service PIN unblock to get the initial PIN.


- Server Distributed: CLM will print the initial PIN on a hard copy of user letter; This simulates bank ATM PIN distribution; A template is provided with many configurable variables for letter customization.


- Custom Distributed: This allows you to program custom API if above ways don't work for you.


 


Pros:


- Microsoft Base CSP Smart Card support 


- Custome API to enhance CLM functionalities


- Format (Initialize) smart card


- HSM support for agent key protection


- SQL 2005 support


- Turn key system and no coding is required


- Can manage both smart cards (including USB tokens) and certificates


- Feature rich self service Web UI


- Built-in work flow engine to handle approval and notification


- Flexable policies


- Temp smart card


- Easy installation


 


Cons:


- In multiple forest environment, each forest needs its own CLM and SQL database.


- Granting permission is tedious work


- CLM Client and .NET Framework 2.0 are required on client PC for self service.


 


Overall Rating:


8 out of 10


(0-2: fail to work, 3-5: work in demo/test environment, 6-8: work in production environment, 9-10: excellent quality, great value, highly recommended)


Comments (0)

Skip to main content