Smart Card Authentication

Case Study

Date: 9/12/2021
Category: Enterprise Security
Project: Cloud security utilizing PKI Smart card network access
Role: Solutions Architect, Systems, Engineer, Security Engineer, Certificate Administation

Project Problem, a cloud service provider like most business in the internet, needed to manage its business platforms in the cloud. The general requirements were to:

  • Find the lowest annual costs
  • Find the lowest procurement costs
  • Provide Military grade security
  • Support research & development processes
  • Support Scalability for growth
  • Host multiple virtual servers
  • Host multiple web site applications and API services
  • Owned the equipment outright
  • Support a large user base
  • Support large data throughput
  • Support large data volumes
secure private cloud

Project Solution

Since there is no real reason to use big tech, a secure private cloud was the simple answer, which is for most companies. As a cloud services company, a secure private cloud was essential for the security and integrity of services and data security requirements.

Smart cards or USB tokens were chosen to provide the required Mil spec network authentication with a PKI consisting of an offline Certification Authority and Microsoft Active Directory domain services for strong authentication.

A few Cisco Firewall platforms were chosen keep costs down and to provide the necessary scalability, network access security, redundancies and throughput to handle the required volume of traffic and users.

Dell servers were chosen for their low cost, manageability, reliability and large hard drive data storage arrays.

Microsoft Server 2022 was selected to provide AD services for reliability and security.

Dell XR2 Mil-spec  Server

Project Deliverables

For this project a secure private cloud using Microsoft Hypervisor, AD, group policies, an offline and subordinate certificate authority with smart cards and hardware tokens was built.

smart card

The Cisco 5585 SSP60 Firewall interconnect over 10g fiber network to the Dell R630 1U - 10 bay Servers running Microsoft Hyper-V with a Windows Server 2022 Domain Controller, a Windows Server 2019 Root Certificate Authority, a Windows Server 2019 Subordinate Certificate Authority.

For domain and network access management a Windows 11 Certificate Enrollment Workstation and a Windows 11 Administrative Workstation.

YubiKey Login Change Pin 2fa logon Screen
Skill Tags: Windows Server 2019, Windows Server 2022, Microsoft Certificate Authority, SSL, 2FA, Microsoft Windows, SSL, Root CA,


Contact Us