7. vCloud Security Examples : 7.3 Implementing Signed Certificates from a Certificate Authority : 7.3.1 Background
7.3.1 Background
Network security leverages numerous techniques to help to protect transmitted information. Traditionally, it relies on the principles of cryptology for the security foundation. This involves converting information into a form that is usable only to selected recipients capable of transforming the information back into a usable form. Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) are cryptographic protocols commonly used today in network security. Complex infrastructures such as vCloud computing involve multiple connections between various hosts and external communication channels. The use of SSL certificates is an important tool to encrypt connections to provide data privacy.
SSL certificates also provide for two-way authentication. This enables a host to validate that it is connected to the intended recipient. This decreases the ability of an imposter to intercept the information transmitted.
Moreover, “higher value” SSL certificates, such as organization validation (OV) SSL and extended validation (EV) SSL, which name the actual certificate owner, are beneficial for connections with actual end users. The end user can view the certificate details to verify that the legitimate and intended Web site or device is being used, and not an imposter. With EV SSL, the name of the SSL owner is displayed next to the favicon (favorites icon) in most desktop browsers, making it easy for the user to verify this.
In the past, different certificate authorities (CAs) followed different validation procedures when issuing SSL. This caused issues with interoperability and ease of use. The CA and Browser Forum, of which QuoVadis is an active member, created common standards for OV and EV SSL to create consistency across providers and regions and eliminate problems previously experienced. Browsers for all CAs in their root distribution programs have adopted these standards.
The white paper, VMware vCloud Director and Certificate Authority Issuance: Leveraging QuoVadis Certificate Authority with VMware vCloud Director (http://www.vmware.com/resources/techresources/10332) provides insight into the requirements for using signed certificates, and provides implementation guidance on how to achieve this.