Axis of Authentication
Datakey Axis is a simple solution for smart card deployment.
- By Rick A. Butler
- November 01, 2004
Smart cards are rapidly becoming accepted as a standard authentication device in many organizations. Historically though, smart cards have been a challenge for IT administrators to deploy. Datakey is trying to address this with its Axis smart card reader system that simplifies deployment
for administrators and
sign-on for users.
And smart card systems aren't commonplace yet, so preparing to deploy a smart card system may leave many administrators scratching their noggins.
Quick and Painless
Datakey has greatly simplified the process of setting up a smart card environment. Axis uses a comprehensive system of policies that takes the confusion out of setup and makes it quick and painless—essentially a turnkey solution. You configure your certificate server to use smart card certificate templates (if you want to use PKI), install the administrator station, and define your policies. Then you plug in your smart card readers at client stations, issue cards to users and let them start signing on.
I particularly like that Datakey uses existing technologies, rather than trying to come up with something completely new. The installers for the drivers and client are cleanly packaged in MSI file format, making deployment a snap through Group Policy Objects or System Management Server (SMS). If you configure your machines equipped with smart card readers into their own Windows Security Group or SMS Collection, it becomes much easier to deploy both the client and drivers for whichever smart card reader you use. At the client station, the administrator or user only has to connect the smart card reader.
|Figure 1. The Axis Administrator console—simple yet effective. (Click image to view larger version.)
Axis' shining feature is support for single sign-on (SSO). Whether defined at the administrator side through the admin tool or on the client side by putting tokens on the card, in a single step Axis enables users to log on to Citrix MetaFrame and Novell applications as well as Web sites. With a quick tie into the Active Directory support for Kerberos 5, Unix-based stations can also participate in SSO.
The Axis client has a
simple interface with just the right amount of features. You can configure it to perform sign-on for applications and Web sites, storing those credentials on the card in addition to the tokens defined in the Axis administration tool. Each client also has a utility that helps troubleshooters check the status of tokens to ensure that they work properly without compromising security. If a user loses a card, the system locally caches an encrypted recovery file to restore and load all tokens onto another card. It can also work in temporary mode without a card.
Datakey Axis is simple
to use, functional and
modular. It is a no-nonsense smart card system that you can quickly put online and start using, without being bogged down by extraneous features. Administrators preparing to deploy smart cards for authentication should give Axis serious consideration.
About the Author
Rick A. Butler, MCSE+I, is the Director of Information Services for the United States Hang Gliding Association.