Cryptocard Blackshield Server v3.1
Strengths: Set up and deployed easily. Alerting was well done. Full device support.
Weaknesses: Nothing worth noting.
Verdict: Good price point, nice standalone or multitenant platform, support for network-, application- and cloud-based authentication.
SummaryThe Cryptocard Blackshield Server v3.1 is designed as an authentication service delivery platform, automating all tasks around user and token management, provisioning, reporting and billing. The model we evaluated was the Service Provider Addition, a version that allows for provisioning and/or on-boarding virtual servers to deliver a multitenant model, which means that a single instance can support multiple organizations or directories, each appearing to have their own enterprise server.
We kicked off the software load on our Windows server, and the process was fairly simple. The installer loads the software and a default PostgreSQL database. We then browsed to the localhost, a web-based interface, and used our Active Directory (AD) administrator credentials to login to the site. Through the web interface, we could import the license, configuring the connection to the database, and set up account information, self-enrollment policies and portal details. The documentation walked us through the process without issue. Once we completed the server setup, we installed the Blackshield Windows Logon client on one of our Windows test systems. (The client does require one to provide the path to the enterprise server, so that must be completed first.)
Users were added automatically through the lightweight directory access protocol (LDAP)/AD integration. Policy engines are easily configured to perform routine tasks, such as the automatic issuing of tokens, provisioning of users, revocations, and access control based on changes to a user's security group memberships made in LDAP/AD. Tokens can be manually assigned and PINs issued, or there is the ability to bulk assign through LDAP/AD.
There is support for all cloud applications and services that support SAML 1.1 or 2.0. Additionally, there is support for virtual private network (VPN) and firewall devices supporting RADIUS, as well as vendor-specific applications, such as Outlook Web Access, Citrix, SharePoint, Salesforce.com, Google Apps and Microsoft Remote Web Workplace. New features in this version include support for SAML, support for MP-1 tokens on Android OS, SMS/one-time passwords via email, and additional token management reports.
There was standard/canned and customized reporting available. Alerting was also offered on both the dashboard and through email and text
messaging. The management interface on the device is clean and is a good tool for viewing the enterprise at a glance and drilling down to user-level detail and management.
The documentation was helpful. We were even provided with welcome guides for various token types that might prove helpful in rolling out the various authentication components to a user base.
Both eight-hours-a-day/five-days-a-week and 24/7 support options are available. Typical costs are 15 and 20 percent of server pricing for customers purchasing a license. Support is rolled into the monthly usage fee for clients adopting subscription licensing.