1

Company A has no security critical applications on the web, but system administrators use several passwords, and need to generate certificates for some internal webservers.

ManageSecure Management Client can be used to manage passwords, encrypt files and to generate certificates, or to generate certificate requests to be sent to a third-party CA.

2

Company B needs to enable SSL on its web-servers, but does not need URL level access control.

ManageSecure Admin Client can be used to process certificate requests for its web-servers, and installs the certificates to make its web-servers SSL enabled.

3

Company C has several servers that need to be monitored on a 24/7 basis. Administrators who are on call should receive email on their handheld devices.

Company C uses ManageSecure to monitor its servers for error conditions, certificate expiration etc, and send email alerts to administrators when there is a problem.

4

Company D has a small number of users and small number of security critical applications. It requires strong authentication, but since the number of users is small they can be mapped to local users on the web-server.

Company D uses ManageSecure Admin Client to manage a full PKI, including client certificates, CRLs etc. It uses its web-server native authentication in conjunction with the PKI (i.e., it does not use Access Control Filter).

5

Company E has several web applications and access to these must be tightly controlled. However, communication confidentiality (i.e., SSL based encryption) is not a high priority for this company, as the applications are accessed only within an Intranet, and most users are trusted.

Company E uses ManageSecure Access Control Filter to manage access to its web resources. It does not use ManageSecure PKI features for access control (i.e., it uses login/password authentication only).

6

Company F has some sensitive applications being accessed via their web portal on the Internet. Hence, communication confidentiality (i.e., SSL) is very important. However, Company F is satisfied with login/password based authentication.

Company F uses ManageSecure Access Control Filter to manage access to its web resources. It uses ManageSecure to SSL enable its web-servers, but does not use a full PKI (i.e., it does not use client certificates. It uses login/password authentication only).

7

Company G has strong authentication and confidentiality requirements for its web applications. However, it already has a third party that acts as its Certificate Authority for issuing certificates, and wishes to continue using that CA.

Company G uses ManageSecure Access Control Filter along with the third-party PKI to implement strong access control based on client certificates.

8

Company H has strong confidentiality, authentication and authorization requirements. It has no third party arrangements with any CA, and wishes to act as its own CA (this way it will have better control over the certificate management process).

Company H uses ManageSecure Access Control Filter along with ManageSecure PKI to implement strong access control based on client certificates.

9

Company I has strong confidentiality, authentication and authorization requirements. It has limited network administration staff and hence wants the certificate authority functions to be out-sourced.

Company I uses ManageSecure Access Control Filter, but uses a third party firm that has a ManageSecure CA to generate and manage client certificates.