System Logic

The AACD™ System Logic

The Project Vesuvius approach was to separate the Certificate Discovery component from the rest of the project and create a customized ‘search engine’ capable of spidering any network and returning any, and all, SSL information in list format. The first version of this was available by Q4, 2002.
The second component that would ultimately give the project its name (i.e. Automated & Authenticated Certificate Delivery™) was returned to the Board almost four years later and the project’s Logic was confirmed as follows:

Project Vesuvius for Certificate Life cycle Automation will:

1. Add additional layers of security, where possible, without adding additional complexity or control issues to the environment
2. Take less time to implement/deploy on a single server than it would take an Administrator to apply/renew a single SSL
3. Not require the Administrator to have extensive IT experience to configure or deploy it in a single or a multi server environment

The effect of this is that:

1. A single server can have the software installed and configured in less than 5 minutes
2. Once installed the software introduces three new levels of further security on the server
3. The same software can be installed on multiple instances of the same server

The completed solution also exceeded the initial brief because

…when deploying the AACD™ system, regardless of how large (or small) the environment, the IT practices and policies within the organization remain completely unaffected.

Project Vesuvius was renamed AACD™ and was immediately moved into production prior to its release in 2007.

AACD™ Automation

In considering the medium to large IT environment, Administrator and User roles, server grouping, permissions, reporting and report designing, planning, implementation, harden and quality checking are components of the total project. When considering SSL automation, each of these requirements must be examined.

Returning to the AACD™ Logic in sub-section 3.2, the design of the AACD™ system means that, with exception of the Certificate Discovery Search Engine™ [CDSE™] (see sub section 2.5.4), it will have little, or no, impact on your current infrastructure. Also, on the basis that the CDSE™ is an optional addition to the AACD™ system and that it has no impact on your environment, there is no requirement to plan for developing reports, specialist configuration and/or subsequent vulnerability checks on the network either.