Aladdin Enterprise CA Enterprise Certification Authority for Linux

2024

As part of the process bundle

On December 16, 2024, Astra Group and Aladdin R.D. announced the launch of a technology bundle, which consists of a security domain under Linux (based on the ALD Pro catalog service) and Aladdin Enterprise CA, a corporate certificate release and maintenance center for trusted IT infrastructure based on PKI.

As reported, the joint the Russian solution allows you to efficiently migrate from the current infrastructure on the basis, Microsoft including the migration of the user directory and, computers as well as PKI infrastructure. This, in turn, improves safety and compliance. A key aspect of the bundle is the centralized management of security domain objects and parameters based on operating systems Linux (ALD Pro directory service), which optimizes management and monitoring for administrators. Implementation access control systems within a security domain and certificate lifecycle management enables authentication strict user ON and device compliance, minimizing the risk of unauthorized access and loss. data

All products that are part of the bundle are registered in the "Register of Domestic Software" of the Ministry of Digital Development and comply with the requirements of the FSTEC of Russia in terms of information security, which is confirmed by the presence of certificates of compliance with the 76th order of the FSTEC of Russia on level 4 of trust: Astra Linux operating system, ALD Pro software package, Aladdin Enterprise Certification Authority Certified Edition Enterprise Security Certificate Issuance Center and a client for Linux with support for strict authentication with PKI.

Experts from Astra Group and Aladdin R.D. tested and tested the solution for compatibility, organized single window technical support and comprehensive commissioning of products. Integration enables customers to build a sustainable, secure, trusted IT infrastructure that effectively addresses today's cyber threats.

The solution is designed taking into account the requirements for information security and can be used for GIS up to the 1st class of security, ISDS up to the 1st level of security, ZOKII up to the 1st category of significance. This IT solution is suitable for public sector companies, organizations with government participation, from the industrial and oil and gas industries, the financial and energy sectors for the tasks of increasing the level of protection of the information system, building an enterprise security domain with PKI, and implementing the requirement to ensure strict authentication.

Our main value lies in creating a joint solution that is not inferior in maturity and functionality to Microsoft CA, AD and Windows. Astra Group's portfolio already includes a replacement for AD and Windows, and the only certified replacement for Microsoft CA on the market is a product from Aladdin R.D. We are launching an import-substituted product bundle into the market as a single product so that our customers do not waste time assembling software in parts. Possible changes in tightening the requirements of the FSTEC of Russia next year create an additional focus of large customers and, as a result, interest in our bundle. told Olga Guruleva, Director of the Information Security Department of Astra Group

In the future, vendors are planning a significant expansion of the functionality implemented by the product bundle.

Trust in the information system can be obtained only when all elements are identified and authenticated, and a secure trusted interaction is implemented between them. This requires strict authentication of all objects and subjects: that is, only by certificates, the use of passwords (simple authentication) is not allowed in the IS. Native Public Key Infrastructure (PKI) must be deployed. Our engineering teams are tightly engaged, worked out and tested basic migration scenarios. told Denis Polushin, Aladdin Enterprise CA Product Manager at Aladdin R.D.

The technology bundle of Astra Group and Aladdin R.D. is already available for order. It can be purchased from the Axoft digital technology expertise and distribution center, which acts as a single window for all requests: from consultations and piloting to support and solving technical issues. Technical support calls are processed at the first line level.

We at Axoft are very enthusiastic and supported the initiative of colleagues from the Astra Group and Aladdin R.D. to release this bundle. During active import substitution and uncertainty, customers spend a large amount of time, effort and resources testing and selecting a stably working and meeting the requirements of a technological stack from solutions from different manufacturers. Bringing a pre-tested process bundle to market reduces commissioning times. noted the head of the business development department of information security solutions of Axoft Nikita Chernyakov

For ease of use, the bundle offers step-by-step installation and deployment instructions. Detailed information can be found on the bundle page.

Aladdin has invested 1.5 billion rubles in the creation of a fully Russian PKI stack. Aladdin eCA began to be implemented at Gazprom

Aladdin announced on January 24, 2024 the release of the second version of Aladdin Enterprise CA, a certificate management product that is an analogue of Microsoft CA. The product allows you to issue certificates for hardware, software and users, creating a single trust space in the corporate infrastructure based on certificates and public key infrastructure (PKI). Moreover, it can work together with Microsoft CA, gradually replacing the latter's certificates and transferring the infrastructure to its own trust center.

Key features of Aladdin Enterprise CA 2.0

It should be noted that Microsoft CA now occupies a key place in Windows-based infrastructures. It provides certificates for mutual verification of all devices using the 802.1x protocol, signatures of all installed applications and sent commands. Certificates issued by Microsoft CA usually form the basis of corporate PKI and provide key distribution enciphering across all elements of the domain, Microsoft Active Directory ensuring communications protection, command and data integrity, and non-predictability of user and administrator actions.

In most companies, it is Microsoft CA that is the root of trust in the entire infrastructure, but it itself is part of the trust infrastructure of Microsoft, which at any time can revoke the root certificate, and the infrastructure will become completely defenseless. The rejection of Microsoft CA, and the transfer of the trust infrastructure to a domestic solution, allows you to protect yourself from this global threat. The company believes that the release of the second version of Aladdin Enterprise CA, which would help gradually replace Microsoft CA and transfer the trust infrastructure to local certificates, is important for ensuring technological sovereignty.

According to the developers of Aladdin Enterprise CA, the first version, released last summer, was rather a demonstration - to show the possibility of replacing Microsoft CA. In addition, it used third-party libraries to implement interaction and encryption protocols. Aladdin invested 1.5 billion rubles in the creation of Aladdin Enterprise CA. In the second version, the kernel was rewritten from scratch to fully control the product and ensure its entry into the register of domestic software.

The second version of the product was completely rewritten from scratch to Java for subsequent certification by FSTEC in conjunction with Axiom JDK. It works only under the control of domestic operating systems based on Linux, but it can also issue certificates and interact with computers running Windows.

Aladdin says that the product was created on the pipeline, where all the necessary procedures are implemented for secure development up to the fulfillment of the requirements for processing information levels "top secret."

The product can work in conjunction with the Red ADM solution from Red Software, an analogue of Microsoft Active Directory, which just uses certificates to manage the corporate trust space. It can also be implemented gradually, with the replication of all data from the already built Microsoft AD and then replaced with its own IT maintenance management and automation infrastructure. However, the product is also compatible with the following domestic and open source developments: ALD Pro, Alt Domain, Samba DC and FreeIPA.

The joint installation of Red ADM and Aladdin Enterprise CA is now being implemented by Gazprom Inform in Gazprom's corporate networks, Aladdin said. Details about this project have not yet been publicly disclosed.

According to Red Soft, the number of objects in one domain controller of their Red ADM Prom can reach millions. A joint solution between Aladdin and Red Software may be required for all companies whose infrastructure is built on Microsoft AD and CA to ensure technological sovereignty.

The joint solution is planned to be distributed through partners, and there is interest in products both within Russia and in friendly countries, the companies say. However, Aladdin and Red Soft refused to name the payback period for the development, citing the fact that the market for replacing the trust infrastructure is new has not yet been formed, and therefore its volume and even the number of possible projects on it is now quite difficult to determine.

𝓲

TAdviser

Our partner strategy is as follows: those who previously implemented Microsoft can now implement our solution, - explained for TAdviser Sergey Gruzdev, CEO of Aladdin, a further implementation strategy. "We're betting on them. These are mainly integrators, implementation partners and others. When similar solutions for PKI from Microsoft were implemented, we had a St. Petersburg company of 6 people in our partners. We taught them to implement solutions, and they hired more than 120 people in a year, and we sent them all the requests. They were deploying PKI on Windows along the pipeline - it took them about three days to complete one project. I now want to restore and start such a pipeline.

2023: ALD Pro Compatibility

Astra Group and Aladdin have completed a project to confirm the technological compatibility of Aladdin Enterprise CA products. и ALD Pro. Astra Group of Companies announced this on July 14, 2023. Read more here.