Developers: | Aladdin R.D. |
Last Release Date: | 2023/07/14 |
Branches: | Information security |
Technology: | Information Security - Authentication |
2024: Aladdin invested 1.5 billion rubles in the creation of a fully Russian PKI stack. Aladdin eCA began to be implemented at Gazprom
Aladdin announced on January 24, 2024 the release of the second version of Aladdin Enterprise CA, a certificate management product that is an analogue of Microsoft CA. The product allows you to issue certificates for hardware, software and users, creating a single trust space in the corporate infrastructure based on certificates and public key infrastructure (PKI). Moreover, it can work together with Microsoft CA, gradually replacing the latter's certificates and transferring the infrastructure to its own trust center.
It should be noted that Microsoft CA now occupies a key place in Windows-based infrastructures. It provides certificates for mutual verification of all devices using the 802.1x protocol, signatures of all installed applications and sent commands. Certificates issued by Microsoft CA usually form the basis of corporate PKI and provide key distribution enciphering across all elements of the domain, Microsoft Active Directory ensuring communications protection, command and data integrity, and non-predictability of user and administrator actions.
In most companies, it is Microsoft CA that is the root of trust in the entire infrastructure, but it itself is part of the trust infrastructure of Microsoft, which at any time can revoke the root certificate, and the infrastructure will become completely defenseless. The rejection of Microsoft CA, and the transfer of the trust infrastructure to a domestic solution, allows you to protect yourself from this global threat. The company believes that the release of the second version of Aladdin Enterprise CA, which would help gradually replace Microsoft CA and transfer the trust infrastructure to local certificates, is important for ensuring technological sovereignty.
According to the developers of Aladdin Enterprise CA, the first version, released last summer, was rather a demonstration - to show the possibility of replacing Microsoft CA. In addition, it used third-party libraries to implement interaction and encryption protocols. Aladdin invested 1.5 billion rubles in the creation of Aladdin Enterprise CA. In the second version, the kernel was rewritten from scratch to fully control the product and ensure its entry into the register of domestic software.
The second version of the product was completely rewritten from scratch to Java for subsequent certification by FSTEC in conjunction with Axiom JDK. It works only under the control of domestic operating systems based on Linux, but it can also issue certificates and interact with computers running Windows.
Aladdin says that the product was created on the pipeline, where all the necessary procedures are implemented for secure development up to the fulfillment of the requirements for processing information levels "top secret."
The product can work in conjunction with the Red ADM solution from Red Software, an analogue of Microsoft Active Directory, which just uses certificates to manage the corporate trust space. It can also be implemented gradually, with the replication of all data from the already built Microsoft AD and then replaced with its own IT maintenance management and automation infrastructure. However, the product is also compatible with the following domestic and open source developments: ALD Pro, Alt Domain, Samba DC and FreeIPA.
The joint installation of Red ADM and Aladdin Enterprise CA is now being implemented by Gazprom Inform in Gazprom's corporate networks, Aladdin said. Details about this project have not yet been publicly disclosed.
According to Red Soft, the number of objects in one domain controller of their Red ADM Prom can reach millions. A joint solution between Aladdin and Red Software may be required for all companies whose infrastructure is built on Microsoft AD and CA to ensure technological sovereignty.
The joint solution is planned to be distributed through partners, and there is interest in products both within Russia and in friendly countries, the companies say. However, Aladdin and Red Soft refused to name the payback period for the development, citing the fact that the market for replacing the trust infrastructure is new has not yet been formed, and therefore its volume and even the number of possible projects on it is now quite difficult to determine.
Our partner strategy is as follows: those who previously implemented Microsoft can now implement our solution, - explained for TAdviser Sergey Gruzdev, CEO of Aladdin, a further implementation strategy. "We're betting on them. These are mainly integrators, implementation partners and others. When similar solutions for PKI from Microsoft were implemented, we had a St. Petersburg company of 6 people in our partners. We taught them to implement solutions, and they hired more than 120 people in a year, and we sent them all the requests. They were deploying PKI on Windows along the pipeline - it took them about three days to complete one project. I now want to restore and start such a pipeline. |
2023: ALD Pro Compatibility
Astra Group and Aladdin have completed a project to confirm the technological compatibility of Aladdin Enterprise CA products. и ALD Pro. Astra Group of Companies announced this on July 14, 2023. Read more here.