The Cloakware Server Password Manager (CSPM) platform is billed as facilitating the removal of hard coded password credentials from applications that need to access key server resources such as DBs. CSPM provides a centralized, secure repository for the storage of such credentials; and instead of relying on hard coded parameters the applications can query the storage platform for the needed credentials before accessing the desired resource. Communications and stored data are protected via AES-256 encryption. To authenticate a server requesting a password, the CSPM checks for metrics suchs as a known physical file path, a known execution path, a known executing user, SSL key, message decryption key, hardware fingerprint and application integrity checks.

The vendor notes that the platform's client component--which operates on the servers hosting the applications that are requesting credentials--can run on selected versions (see the Fact Sheet) of Solaris, AIX, Linux and Windows platforms, with two client models supported: a persistant Java-based daemon/service, or a callable C language executable and a shared library. The actual target systems that the applications are requesting access to are unrestricted in terms of platform requirements.

In addition to its ability to store passwords centrally, the central platform can also communicate with the clients to both update and synchronize the password for selected resources, as well. Because such credentials no longer need to be stored directly within the applications, the vendor notes that the platform can therefore change and automatically update the credentials for the selected resources on a regular basis without requiring recoding of the applications or configuration files. Password push technology managed by the central platform prevents race conditions wherein an application retrieves a password for a resource that has since been changed.

For administrator authentication to the administrator console (i.e., for management of the stored passwords), an extensible Java Authentication and Authorization Services interface is provided, supporting authorization methods including ID and password, LDAP and RSA SecurID. Other management features include GUI and Java interfaces supporting ad-hoc and batch mode loading of managed entities; support for delegated administrator roles; a clustered and load balanced redundant architecture for HA deployments (stand alone deployments are also supported); and standard reports that detail such metrics as admin activities, credential requests and mappings, and unmanaged and orphaned accounts.

New or enhanced features in the latest CSPM release include:

- Support for RSA SecurID authentication

- "Server Node-Locking," which enables the establishment and validation of a server's physical characteristics

- UNIX root Password Manager feature

- Support for LDAP repository password management

CSPM is available now in both the standard version described above, which is a software platform targeted to organizations with more than 200 servers; and an "Express" version, which is appliance based and targeted to organizations with 200 servers or less.

Contact Cloakware for further information.