Case Study: Sandia

In the ever-changing landscape of cyber security and personnel authentication, one of the most time-consuming and difficult tasks is migrating or…

Moving devices, managing old certificates, and minimizing user overhead and issues is difficult at best without a strong migration path. With the announcement from Microsoft that its Microsoft Identity Manager and Forefront Identity Manager platforms (MIM and FIM) are approaching end-of-life dates, companies are scrambling to find the most seamless and cost-effective route of migration.

Enter Versasec’s vSEC:CMS S-Series.

vSEC:CMS addresses the sticky migration issue by allowing users to import and manage legacy credentials previously used in MIM and FIM. A good case example of how to use Versasec in this way comes from Sandia National Labs, which faced the same issue of an end-of-life management system and a user base of 25,000 employees/users with legacy cards and credentials that would potentially need to be migrated.

Migrating Smart cards from MIM and FIM is accomplished using a built-in export wizard in the vSEC:CMS S-Series Console. With this tool, users can export smart cards and tokens from Microsoft and third-party smart card managers into the vSEC:CMS console. As tokens are imported, they can be replaced or phased out as the new Yubikey PIV tokens are issued to users. Users can also request the new credential themselves using the vSEC:CMS User Self-Service tool, making it easier for IT staff to deploy new tokens.

In August 2020, Envoy Data, Versasec, and the Sandia National Labs Engineering staff began deploying the vSEC:CMS solution in a series of remote assistance sessions. Activities included the following:

Producing and deploying the CMS console
Configuring MD830 and Yubikey token templates
Building a CMS connection to Active Directory, CA, and other supporting services
Configuring User Self-Service Portal
Confirming working deployment to MD830 and Yubikey tokens
Creating documentation of the deployment and configuration process (conducted by Sandia in this case).

The main benefits from the vSEC:CMS, for us is the ability to manage the YubiKey FIPS, manage the Gemalto IDPrime series smartcards and give us the ability to import management data from MIM. The other capabilities that we are also using is the ability to manage the YubiKey PIV card stock and only issue certificates to devices that we have authorized in the CMS. We are also using the User Self-Service portal for device activation to help us with distribution during the Covid-19 pandemic. The ability to renew certificates from the User Self-Service portal will be a big gain on supporting the device.

After confirming creation of working tokens and verifying the token policies were in the correct format, the configuration services were concluded.

vSEC:CMS

Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Start here

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial

Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and… The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Visit Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.

Visit our Blog

Share this article

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
uncode_privacy[consent_types]	1 year	This cookie is set by Uncode WordPress theme and is used to manage privacy settings on the website.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_20104436_1	1 minute	Set by Google to distinguish users.
_gat_UA-20104436-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Case Study: Sandia

vSEC:CMS

Free Product Trial

Job Openings

Versasec Support

Company Blog

Sweden

United States

United Kingdom

Middle East

Asia

Germany