Wednesday, November 27, 2013

What's new in EJBCA 6 part 4: Enterprise and Community

Welcome to the fourth part of the series about what is new in the upcoming EJBCA 6.

For the first part in the series, read Part 1: Crypto Tokens in GUI.
For the second part in the series, read Part 2: CMP aliases and GUI configuration.
For the third part in the series, read Part 3: Internal Key Bindings.

In part 4 we will dig into the concepts of EJBCA Enterprise and Community. The separation was started with the Common Criteria certification of EJBCA 5, and is now completely harmonized with EJBCA 6. EJBCA Enterprise brings additional value to organizations that subscribe to support services, this blog post will tell you what, and why.

The freshest, most up to date, description of EJBCA Enterprise will be available at PrimeKey.

Open Source Enterprise Editions

Enterprise editions is a common way for open source projects and companies to offer additional value to organizations that subscribe to support services, and hence indirectly pay the bills for the developers of the software.
Not a completely unproblematic issue since part of the soul of Open Source is that you can freely download and use the software. So why choose the Enterprise edition? Here is the reasoning:
  • The requirements on professional enterprise software are very high nowadays and the users demand high quality, lots of features, software certifications etc. There is simply need for a lot of full time staff to develop and support an enterprise scale software today. Income is needed to pay salaries.
  • The Community is one of the founding pillars of Open Source software, the community has made us what we are. The community needs a comfortable way to use, interact and to contribute to the future of the project.
To keep up that pace of development, and support, there is of course a need for constant business. What we need, as a company, is to provide added value so that you find that you get great benefit from the money. This is where the Enterprise edition comes in.

There are many very appreciated organizations in the world, that subscribes to support. 
Thank you, you know who you are!

There are many appreciated community members, thank you as well! 

EJBCA Enterprise

PrimeKey, with EJBCA, started out with an Enterprise edition as of EJBCA 5, where PrimeKey, together with partners, made a huge investment to make the software Common Criteria certified.

We have written a little bit about this before in two previous (older) blog posts:
With EJBCA 6 we want to finalize and harmonize the concept and versions.

The idea behind EJBCA Enterprise is simply:
  • Provide organizations with the best, most hassle free, sleep good at night, PKI experience money can buy - with EJBCA Enterprise
  • Allow do it yourselfers (DIY), who are confident they can roll their own, to use the best PKI product they can find - with EJBCA Community
  • All this with Open Source!
 A little more in detail, the strategy is:
  • To focus the enterprise additions on the main target markets where we compete with proprietary software and can provide support services to organization that are prepared to pay for these services. Providing the best PKI services from the most experienced staff, with add-ons that makes their PKI the most efficient and cost-effective PKI on the market.
  • Enabling the Open Source Community with the best PKI product on the market with full features, allowing everyone to contribute directly to the latest version of the project in a simple way, with full access to the source code.

PrimeKey EJBCA Enterprise features and services

The freshest, most up to date, description of EJBCA Enterprise will be available at PrimeKey.
This is a snapshot at the time this blog post was written.

These are the main value adding features and services that will be available only with EJBCA Enterprise:
  • Professional support with different SLAs and private support portal access.
  • Additional development services.
  • Training courses.
  • Bug, security and hot fixes.
  • Additional integration guides and supported integration with 3rd part products (for example token management).
  • Common Criteria certification with specific features:
    • Database integrity protection.
    • Secure audit logging (log signing).
  • High Availability setups with redundant clusters and disaster recovery.
  • EAC ePassport PKI, with BAC, EAC, SPOC, PKD etc.
  • GOST and DSTU algorithms.
  • 3GPP/LTE CMP support.
  • Add-on tools:
    • Database CLI for migration between databases, verification of integrity protection etc.
    • Tools for speeding up deployments across environments.
    • Validation tool for conformance checking of certificates and OCSP responders.
  • Upgrade assistance, also from very old versions of EJBCA Community to the latest EJBCA Enterprise.
  • Last but not least, soon to be available in a plug and play PKI Appliance.

Find out more

If you are using EJBCA Community, and are interested in EJBCA Enterprise, or if you just want to know more. Don't hesitate to contact me at tomas@primekey.se. Migrations from Community to Enterprise is of course trouble free and we can help you every step of the way.

If you are interested in getting to know the different subscription options, contact sales@primekey.se, we are flexible.

Check in with PrimeKey, or follow us on Twitter, for the latest news and events.

Another interesting blog post on Open Source and Enterprises is Feed the Fish, from the people behind TomEE.

The Team

The great team that, with pride, brings you EJBCA, Signserver, PKI Appliance, SPOC and everything around it is:

Joonas, Mike, Marcus, Markus, Johan, Aveen, Samuel, Lars, Konstantin, Admir, Anna, Björn, Anna, Tomas, Lars, Maikel, Marko, Raoul, Joakim, Branko, Dimitrios, Tham, Manuel, Roland, Martin.



Questions and answers

Here are some questions asked by people reading the above:

Q1. Do the improvements in EJBCA Enterprise ever find their way to Community.

Answer: As I tried to state above, EJBCA Enterprise does not contain improvements of Community features. It contains specific features used for specific Enterprise use cases. These features are planned to remain Enterprise features until the concept changes (if it changes).
Improvements to common functionality will be released in both Enterprise and Community. The times will only be constrained by release schedules. Enterprise is expected to have more releases than Community.

Q2. Is it possible to migrate from EJBCA Enterprise back to community? If so, what is the difficulty.

Answer: Yes that is possible. Naturally you will loose the Enterprise functionality such as audit log signing. The CA will continue to work, just without this feature.

Q3. When someone licenses EJBCA Enterprise, if they do not wish to maintain support contract do they have to downgrade when the support contract ends.

Answer: No. Naturally they will however no longer get upgrades from PrimeKey.

Q4. Do improvements in Community ever find their way back into Enterprise? If yes, how long does that take.

Answer: Yes, this will be included in following releases.

Q5. When will EJBCA Community version 6 be released?

Answer: We are currently working on the distinction between Enterprise and Community as described above. There is no fixed date, since this depends on developer resource availability. It will not be too long, don't despair.

1 comment:

tomas said...

Some questions asked, and answered:

Q1. Do the improvements in Enterprise EJBCA ever find their way to Community.

Answer: As I tried to state above, EJBCA Enterprise does not contain improvements of Community features. It contains specific features used for specific Enterprise use cases. These features are planned to remain Enterprise features until the concept changes (if it changes).

Improvements to common functionality will be released in both Enterprise and Community. The times will only be constrained by release schedules. Enterprise is expected to have more releases than Community.

Q2. Is it possible to migrate from Enterprise EJBCA back to community? If so, what is the difficulty.

Answer: Yes that is possible. Naturally you will loose the Enterprise functionality such as audit log signing. The CA will continue to work, just without this feature.

Q3. When someone licenses Enterprise EJBCA if they do not wish to maintain support contract do they have to downgrade when the support contract ends.

Answer: No. Naturally they will however no longer get upgrades from PrimeKey.

Q4. Do improvements in community ever find their way back into Enterprise? If yes, how long does that take.

Answer: Yes, this will be virtually instantaneously.