Intel Packet Protect supports two ways you can verify the identity of a system that is attempting to communicate:
Use this table to help compare the advantages of certificates with those of pre-shared keys.
|
Item |
Certificates |
Pre-Shared Keys |
|---|---|---|
|
General Use |
Each system attempting to communicate must present a certificate from a trusted certificate authority. |
Each system attempting to communicate must present the same pre-shared key. |
|
Deployment |
Best for a large number of systems. |
Best for a small number of systems. |
|
Maintenance |
Entrust/PKI* attempts to renew certificates automatically, so there is no general maintenance required using Intel Packet Protect. However, if a certificate becomes compromised, you must recover the Entrust profile. Refer to your Entrust documentation for information about this task. |
If you use the same pre-shared key for all systems, the maintenance is minimal, but protection and trust can be weak. If you use various pre-shared keys depending on the communication, protection is stronger, but maintenance is cumbersome. |
|
Effects of Multiple Adapters |
You can only use one certificate on a system, either on a single adapter or on an adapter team. |
No effect. The same pre-shared key is used by all adapters for a system. |
|
Initial Cost and Maintenance |
Requires purchase of Entrust/ Entelligence*. May have additional service or hardware requirements for onsite deployment, as well as need for an Entrust administrator. |
Everything you need to use pre-shared keys is included with Intel Packet Protect. |
Copyright © 2000, Intel Corporation. All rights reserved.
Intel Corporation assumes no responsibility for errors or omissions in this document. Nor does Intel make any commitment to update the information contained herein.
* Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe.