DigitalPersona Pro Enterprise v5.2
Strengths: Integration with AD for management and deployment, biometric, email and document encryption support.
Weaknesses: The AD integration made it easy to use, but there are limited reporting and alerting capabilities. Documentation was a bit lacking.
Verdict: Delivers a lot of functionality for the price, easily integrates with exiting environment, not a lot of training required.
SummaryDigitalPersona Pro Enterprise v5.2 is a centrally managed suite of solutions - access management, data protection and secure communications - that protect data and control access to PCs and applications. It provides a suite of security applications integrated into a multicredential authentication infrastructure that can be managed from the cloud or Active Directory (AD). It allows companies to control and enforce multiple security applications through a single control point, and provides strong authentication, single sign-on, secure virtual private network (VPN) access, full-disk encryption, access recovery and secure email and documents. For our review, we focused on the multifactor authentication components.
The solution was delivered to us as a software offering. We loaded it on our Windows test server. The process required us to load several applications before installing the server component. Once we ran the server app, it extended the AD schema and created a "Defender" container and tab in our "Users and Computers Manager." This approach was interesting as there was no special web-based GUI needed to manage the offering, it was all done through standard AD tools with the extensions. We licensed the product, imported a token and created policies. Because it was similar to working with standard AD menus, we got through all the implementation and setup, though the documentation was a bit lacking. The client side does have an attractive administrative console that can be used for local configuration and administration. If one wishes, that feature can be removed via a group policy object (GPO). There are additional password manager and privacy applications that can be loaded on the client as well. All the server side management and configuration was done through the Group Policy Management Editor.
There is support for a full suite of token types, including OATH-compliant soft and hard tokens, one-time passwords, PINs, or smart or proximity cards. This offering also delivered a wide range of support for biometric devices, such as the company's own branded Fingerprint Reader, as well as third-party devices and face recognition support for cameras built into HP notebooks. We were really pleased with the quality, ruggedness and size of the U.are.U 4500 Fingerprint Reader that we tested.
A knowledge base and eight-hours-a-day/five-days-a-week support is included with the subscription service. Additional options are available for fees of 15 and 20 percent of list price.
This product takes a unique approach. It wasn't unwieldy to load and configure, even though the documentation was not as detailed as it could have been. Once it was loaded, however, the ability to have server admins manage and maintain a full-featured enterprise solution like this, without requiring any new training, is a great idea. We have to admit, we are so used to purpose-built user interfaces for everything we do that it did take us a few minutes to get used to the idea of managing an application that delivers as much capability as this product does through the same interface we already employ for managing users.