Published on Digi-Sign, The Certificate Corporation (http://www2.digi-sign.com)

Home > Installation Guidelines

By Digi-Sign
Created Feb 25 2008 - 12:45

Installation Guidelines

The following are sample Digi-CA™ installation diagrams, schedule and technical schematics for review.

Single Server Digi-CA™ Server Xs Installation Diagram

PDF [1] The following diagram explains the ideal environment for running the Digi-CA™ Server Xs single server system. The Strong Room/locked server cabinet should be a secured with biometric access, ideally with main power supply and a backup power supply with at least one reliable internet connection. Access to this area should be restricted to Administrators only. Two trusted and approved Administrators should be present at all times when the area is being accessed.

Single Server Digi-CA™ Server Xs Technical Diagram

PDF [1] The following technical installation diagram outlines the typical network requirement to run and operate a single server Digi-CA™ Server Xs system without a HSM. Backup server is optional.

Single Server Digi-CA™ Server Xs Installation Schedule

PDF [1] The following is the time required to install a single server Digi-CA™ Server Xs system without a HSM. Backup server is optional.

Days Project Part Persons Description


0.5 Server Configurations

  • Qualified IT Technical The operating system with necessary software modules will be installed on each server machine and configured for the Digi-CA™ network environment.
  • Network Engineer



0.5 RA Core configuration, Digi-CA™, RA and Public services configuration

  • Qualified IT Technical The Digi-CA™ Certificate Engine core software will be installed and configured for Digi-CA™ network environment. Also the Public services such as RA Administration Access, CRL Distribution Point(s), TimeStamping Services, LDAP Directory will be installed and configured for Digi-CA™ network environment.
  • Network Engineer



0.5 Network connectivity and service accessibility tests

  • Qualified IT Technical The entire Digi-CA™ infrastructure will be tested from the network connectivity and software functionality perspective. Digi-CA™ module activity tests will be completed in order to ensure proper communication between each hardware and software based Digi-CA™ service/module
  • Network Engineer



0.5 Root and Intermediate CA Key Ceremony

  • Qualified IT Technical During the Key Ceremony, the Root CA certificate will be generated using the Digi-CA™ Certificate Engine core server and divided into multiple encrypted parts stored securely on smart cards. Also the Intermediate CA certificate will be generated and stored on
  • Security Officers: CA Root Key Holders



0.5 Digi-CA™ Administration Training

  • Digi-CA™Administrators will be trained how to perform administration actions, such as regular maintenance and backup, etc.



0.5 RA Training

  • RA Administrators will be trained how to perform RA actions, such as: issuing certificates and managing certificates, etc.



3 Total Project Installation Time

Note: This installation can be conducted by two personnel, a qualified IT person and a Network Engineer. Alternatively, Digi-CAST2™ can conduct the installation and in some cases this can occur from outside the environment using virtual access (this means there is no on site visit required).

Single Server Digi-CA™ Sever Xs & HSM Installation Diagram

PDF [1] The following is the time required to install a single server Digi-CA™ Server Xs system with a HSM. Backup server is optional.

Days Project Part Persons Description


0.5 Server Configurations

  • Digi-CAST2™ Team Member The operating system with necessary software modules will be installed on each server machine and configured for Digi-CA™ network environment.
  • Qualified IT Technical
  • Network Engineer



0.5 Digi-CA™ Core configurations

  • Digi-CAST2™ Team Member The Digi-CA™ core software will be installed and configured for Digi-CA™ network environment.



0.5 Digi-CA™ RA and Public services configuration

  • Digi-CAST2™ Team Member The Public services such as RA Administration Access, CRL Distribution Point(s), TimeStamping Services, LDAP Directory will be installed and configured for CA network environment.



1 HSM configuration

  • Digi-CAST2™ Team Member The HSM will be installed and configured for Digi-CA™ network environment.



0.5 Network connectivity and service accessibility tests

  • Digi-CAST2™ Team Member The entire Digi-CA™ infrastructure will be tested from the network connectivity and software functionality perspective. Digi-CA™ module activity tests will be completed in order to ensure proper communication between each hardware and software based Digi-CA™ service/module
  • Qualified IT Technical
  • Network Engineer



0.5 Root and Intermediate CA Key Ceremony

  • Digi-CAST2™ Team Member During the Key Ceremony, the Root CA certificate will be generated using the Digi-CA™ Certificate Engine core server and HSM device and divided into multiple encrypted parts stored securely on smart cards. Also the Intermediate CA certificate will be generated and stored on
  • Qualified IT Technical
  • Security Officers: CA Root Key Holders



0.5 Digi-CA™ Administration Training

  • Digi-CAST2™ Team Member Digi-CA™ Administrators will be trained how to perform administration actions, such as regular maintenance and backup, etc.
  • Digi-CA™ Admininstrators



0.5 RA Training

  • Digi-CAST2™ Team Member RA Administrators will be trained how to perform RA actions, such as: issuing certificates and managing certificates, etc.


  • RA Admininstrators



4.5 Total Project Installation Time


Single Server Digi-CA™ Server Xs & HSM Technical Diagram

PDF [1] The following technical installation diagram outlines the typical network requirement to run and operate a single server Digi-CA™ Server Xs system with a HSM. Backup server is optional.

Dual Server Digi-CA™ Server Xp Installation Diagram

PDF [1] The following diagram explains the ideal environment for running the dual server Digi-CA™ Server Xp system. The Strong Room/locked server cabinet should be a secured with biometric access, ideally with two power supplies and two separate internet connections from two different providers. Access to this area should be restricted to Administrators only. Two trusted and approved Administrators should be present at all times when the area is being accessed.

Dual Server Digi-CA™ Server Xp Technical Diagram

PDF [1] The following technical installation diagram outlines a typical network requirement to run and operate a dual server Digi-CA™ Server Xp system without a HSM. Backup server is optional.

Dual Server Digi-CA™ Server Xp Installation Schedule

PDF [1] The following is the time required to install a dual server Digi-CA™ Xp system without a HSM. Backup server is optional.

Days Project Part Persons Description

1 Server Configuration

  • Digi-CAST2™ Team Member The operating system with necessary software modules will be installed on each server machine and configured for Digi-CA™ network environment.
  • Qualified IT Technical
  • Network Engineer



1 RA Core configuration

  • Digi-CAST2™ Team Member
    The Digi-CA™ core software will be installed and configured for Digi-CA™ network environment.



1 Digi-CA™ Server Failover and Database Replication configuration

  • Digi-CAST2™ Team Member
    The Digi-CA™ core servers will be configured for database replication and hardware/software fail over.



1 Digi-CA™ RA and Public services configuration

  • Digi-CAST2™ Team Member The Public services such as RA Administration Access, CRL Distribution Point(s), Time Stamping Services, LDAP Directory will be installed and configured for Digi-CA™ network environment.



0.5 Digi-CA™ RA and Public services redundancy configuration

  • Digi-CAST2™ Team Member
    The Public services will be configured for hardware/software redundancy. Network engineer will configure relevant routing and load balancing network devices.
  • Network Engineer



1 Network connectivity and service accessibility tests

  • Digi-CAST2™ Team Member
    The entire Digi-CA™ infrastructure will be tested from the network connectivity and software functionality perspective. Digi-CA™ module activity tests will be completed in order to ensure proper communication between each hardware and software based Digi-CA™ service/module
  • Qualified IT Technical
  • Network Engineer



0.5 Root and Intermediate CA Key Ceremony

  • Digi-CAST2™ Team Member
    During the Key Ceremony, the Root Certificate will be generated using the Digi-CA™ core server and divided into multiple encrypted parts stored securely on smart cards. Also the Intermediate CA certificate will be generated and stored on
  • Qualified IT Technical
  • Security Officers: CA Root Key Holders



0.5 Digi-CA™ Administration Training

  • Digi-CAST2™ Team Member
    Digi-CA™ Administrators will be trained how to perform administration actions, such as regular maintenance and backup, etc.
  • Digi-CA™ Admininstrators



0.5 RA Training

  • Digi-CAST2™ Team Member RA Administrators will be trained how to perform RA actions, such as: issuing certificates and managing certificates, etc.


  • RA Admininstrators



7 Total Project Installation Time



Dual Server Digi-CA™ Server Xp & HSM Technical Diagram

PDF [1] The following technical installation diagram outlines a typical network requirement to run and operate a dual server Digi-CA™ Server Xp system with a HSM. Backup server is optional.

Dual Server Digi-CA™ Server Xp HSM Installation Schedule

PDF [1] The following is the time required to install a dual server Digi-CA™ Server Xp system with a HSM. Backup server is optional.

Days Project Part Persons Description

1 Server Configuration

  • Digi-CAST2™ Team Member The operating system with necessary software modules will be installed on each server machine and configured for Digi-CA™ network environment.
  • Qualified IT Technical


  • Network Engineer



1 Digi-CA™ Core configuration

  • Digi-CAST2™ Team Member The Digi-CA™ core software will be installed and configured for Digi-CA™ network environment.



1 Digi-CA™ Server Failover and Database Replication

  • Digi-CAST2™ Team Member
    The Digi-CA™ core servers will be configured for database replication and hardware/software failover.



1 Digi-CA™ RA and Public services configuration

  • Digi-CAST2™ Team Member
    The Public services such as RA Administration Access, CRL Distribution Point(s), TimeStamping Services, LDAP Directory will be installed and configured for Digi-CA™ network environment.



0.5 Digi-CA™ RA and Public services redundancy configuration

  • Digi-CAST2™ Team Member
    The Public services will be configured for hardware/software redundancy. Network engineer will configure relevant routing and load balancing network devices.
  • Network Engineer



1 HSM configuration

  • Digi-CAST2™ Team Member
    The HSM will be installed and configured for Digi-CA™ network environment.



1 Network connectivity and service accessibility tests

  • Digi-CAST2™ Team Member
    The entire Digi-CA™ infrastructure will be tested from the network connectivity and software functionality perspective. Digi-CA™ module activity tests will be completed in order to ensure proper communication between each hardware and software based Digi-CA™ service/module
  • Qualified IT Technical
  • Network Engineer




0.5 Root and Intermediate CA Key Ceremony

  • Digi-CAST2™ Team Member
    During the Key Ceremony, the Root CA certificate will be generated using the Digi-CA™ core server and HSM device and divided into multiple encrypted parts stored securely on smart cards. Also the Intermediate CA certificate will be generated and stored on the HSM device.
  • Qualified IT Technical
  • Security Officers: CA Root Key Holders



0.5 Digi-CA™ Administration Training

  • Digi-CAST2™ Team Member
    Digi-CA™ Administrators will be trained how to perform administration actions, such as regular maintenance and backup, etc.
  • Digi-CA™ Admininstrators



0.5 RA Training

  • Digi-CAST2™ Team Member
    RA Administrators will be trained how to perform RA actions, such as: issuing certificates and managing certificates, etc.
  • RA Admininstrators



8 Total Project Installation Time


Multi-Server Digi-CA™ Server Xg Full Redundancy Technical Diagram

PDF [1] The following technical installation diagram outlines a typical network requirement to run and operate a multi-server Digi-CA™ Server Xg, full redundancy system with a HSM and optional HSM Fail Over (not shown).`

Multi-Server Digi-CA™ Server Xg Full Redundancy Installation Schedule

PDF [1] The following is the time required to install a multi-server Digi-CA™ Server Xg full redundancy system with an HSM.

Days Project Part Persons Description


2 Server Configuration

  • Digi-CAST2™ Team Member
    The operating system with necessary software modules will be installed on each server machine and configured for Digi-CA™ network environment.
  • Qualified IT Technical
  • Network Engineer



1 Digi-CA™ Core configuration

  • Digi-CAST2™ Team Member
    The Digi-CA™ core software will be installed and configured for Digi-CA™ network environment.



1 Digi-CA™ Server Failover and Replication

  • Digi-CAST2™ Team Member
    The Digi-CA™ core servers will be configured for database replication and hardware/software failover.



1 Digi-CA™ RA and Public services configuration

  • Digi-CAST2™ Team Member
    The Public services such as RA Administration Access, CRL Distribution Point(s), TimeStamping Services, LDAP Directory will be installed and configured for Digi-CA™ network environment.



0.5 Digi-CA™ RA and Public services redundancy configuration

  • Digi-CAST2™ Team Member
    The Public services will be configured for hardware/software redundancy. Network engineer will configure relevant routing and load balancing network devices.
  • Network Engineer



1 HSM configuration

  • Digi-CAST2™ Team Member
    The HSM will be installed and configured for Digi-CA™ network environment.



1 Network connectivity and service accessibility tests

  • Digi-CAST2™ Team Member
    The entire Digi-CA™ infrastructure will be tested from the network connectivity and software functionality perspective. Digi-CA™ module activity tests will be completed in order to ensure proper communication between each hardware and software based Digi-CA™ service/module.
  • Qualified IT Technical
  • Network Engineer



0.5 Root and Intermediate CA Key Ceremony

  • Digi-CAST2™ Team Member
    During the Key Ceremony, the Root CA certificate will be generated using the Digi-CA™ core server and HSM device and divided into multiple encrypted parts stored securely on smart cards. Also the Intermediate CA certificate will be generated and stored on the HSM device.
  • Qualified IT Technical
  • Security Officers: CA Root Key Holders



0.5 Digi-CA™ Administration Training

  • Digi-CAST2™ Team Member
    Digi-CA™ Administrators will be trained how to perform administration actions, such as regular maintenance and backup, etc.
  • Digi-CA™ Admininstrators



0.5 RA Training

  • Digi-CAST2™ Team Member
    RA Administrators will be trained how to perform RA actions, such as: issuing certificates and managing certificates, etc.
  • RA Admininstrators



9 Total Project Installation Time


Source URL: http://www2.digi-sign.com/digi-ca/installation

Links:
[1] https://www.digi-sign.com/downloads/download.php?id=digi-ca-pdf