U.S. +1 (312) 214 3570  |  E.U +34 (91) 320-5524
Contact Us

PGP Universal Server (PGP-U) Solutions

Download PDF

Challenge
PGP Universal ServerPGP Universal Server (PGP-U) is a key management system that handles general encryption and email encryption requirements for the enterprise. Although PGP Universal Server functions as a powerful identity infrastructure tool, providing a single point of contact to handle the encryption requirements of all applications within the enterprise, it suffers from a number of common limitations.

As with many identity applications, PGP-U suffers from integration problems in environments where multiple LDAP repositories are used to store use information in a distributed manner. This often causes problems for enrollment.

When a user enrolls with PGP-U, particular attributes (such as the email address of the user) are required for signature processing. Often these attributes may not be stored in the backend LDAP directory in the format required. For instance, it is fairly common to store internal email addresses within the repository, however PGP Universal Server will be expecting this address to be the external address for the user.

PGP-U can apply different policies to different users based on the group membership that users have. Group membership is a very flexible mechanism to provide policies to users, and is frequently a sought after feature where PGP Universal Server is deployed. Unfortunately, it is also often the case that the backend LDAP server is not set up to take full advantage of this functionality.

For enterprises that deploy multiple PGP-U instances across the organization, it soon becomes apparent that external clients will not be able to determine which PGP-U instance should be used to obtain a key for a particular user. As a result, a solution may need to be developed that will handle the appropriate routing of requests to the correct PGP-U instance.

Finally, in high-traffic deployments, it is likely to be the case that some key requests are commonly submitted, generating unnecessary load on backend servers. In these scenarios, an enterprise may find it useful to be able to cache requests that would usually be submitted to the PGP Universal Server .

Solution

PGP-U SolutionSymlabs LDAP Proxy can be used in conjunction with PGP-U to solve many of these problems.

Symlabs LDAP Proxy can act as a single point of access, for environments where multiple LDAP repositories are used. PGP-U Servers will be able to query a Symlabs LDAP Proxy instance for a single consolidated view of the data distributed across a multitude of LDAP repositories. This helps to ensure a highly scalable architecture, unhindered by configuration limitations.

In situations where the data held for particular attributes may not conform to requirements, Symlabs LDAP Proxy can be used to perform on-the-fly processing on the data moving between PGP-U and the LDAP backend. As a result, attribute values can be calculated or manipulated automatically, even if these attributes are actually empty in the backend repository or need to be derived from other attributes.

Symlabs LDAP Proxy can also be used to dynamically control group membership for users, so that policies can be applied within PGP-U. Group membership can be automatically determined based on combinations of attribute values or on LDAP Tree information (such as domain or organizational unit membership).

Where multiple PGP-U instances have been used, an LDAP Proxy deployment can easily manage the routing of key-lookup requests to PGP-U instances to ensure that the appropriate response is returned.

Finally, LDAP Proxy can be deployed to perform load-balancing or failover for backend connections, to enhance performance and availability in high-load environments. Furthermore, the bundled caching plugins can be used to cache frequent search requests to further improve performance.

Benefits

  • Easy integration with multiple LDAP repositories and across domains
  • Simple to add new sources of users for increased scalability
  • Manipulate data on-the-fly to sidestep conformity issues
  • Dynamic attribute mapping and content filtering to fully integrate with PGP-U
  • Quickly set up dynamic groups for users to fully leverage PGP-U's policy controls
  • Handle complex data routing with ease
  • Take advantage of built-in performance enhancing functionality

About PGP Universal Server
PGP Universal Server manages a security policy across multiple applications to defend sensitive data and avoid the financial loss, legal ramifications, and brand damage resulting from a data breach. As the foundation of the PGP Encryption Platform architecture, PGP Universal Server manages PGP Encryption Platform enabled applications that provide email, disk, and network file encryption.


About Symlabs
 
Symlabs is the performance leader for virtual directory and identity management solutions.   Benchmarks show Symlabs Virtual Directory Server, LDAP Proxy and Federated Identity Suite are the fastest and most powerful products in the industry for managing and unifying identity data.   Global giants like Sony, IBM, Vodafone, Nokia and United Nations already depend on Symlabs to add flexibility, security, and reliability to their infrastructure.  Symlabs also offers annual support, training and professional services to our clients to help them develop, integrate, and maintain solutions.