Public Key Infrastructure

Exoprise uses Public Key Infrastructure (PKI) to enhance security, authentication, and authorization when communicating with its servers, as well as to encrypt sensor credentials. This is layered on top of its SSL-based communications.

Public key encryption

Exoprise uses public key encryption to securely store sensor credentials while allowing customers to easily deploy, control, and configure a large number of distributed sensors from a single secure location in the cloud.

Installation and key pairs

Installing Private Sites requires a public-private key pair. Exoprise makes initializing the PKI keys and certificates easy through the use of the Management Client and custom installers, which securely join the Secure Service to the Exoprise servers.

The private key is stored on the machine where the sensors and Secure Service run. The private key is registered and configured during the installation of the Secure Service. Exoprise records the public key part of the key pair in its database for encrypting credentials and sensor configuration. You can manage these keys on the Public Keys page.

Secure credentials

During sensor creation, configuration, and assignment to a Private Site, the credentials are encrypted using the public key part of the key pair. When a sensor is deployed to a location, only the Private Site with the matching private key part of the key pair can decrypt the credentials specific to that sensor. This ensures that sensor credentials are securely encrypted, end-to-end,  and that there is no way of retrieving the credentials without having the private key file that is registered and secured by the machine where the site is running.

Multiple locations

Deploying a large number of sensors and sites requires deployment planning. Currently, to enable deploying the same sensor configurations to multiple locations, you must install the same private key file at each secure service location. This securely enables sensor configuration sharing across different Private Site locations. If the deployed sensor locations have different public-private key pairs, then administrators will need to supply sensor credentials for each assignment of a sensor at each location.

Bulk deployment

Administrators who would like to use various Electronic Software Deployment (ESD) tools such as SCCM to deploy the Private Site can use the bulk deployment page to retrieve a set of join keys and download the Exoprise Secure Service installer.

The Secure Service installer is a standard .exe installer that can be packaged, supports silent installs, and takes a number of command line arguments.

Join keys enable a secure initial registration during the installation of a Secure Service location. During the installation of the service, it passes the join key to the Exoprise servers and validates that the location is accurate for your account.

Refer to Bulk site installation.