While organizations can manage PKI deployments manually, doing so is time-consuming and laborious — particularly for large size deployments like Siemens’. Automating these processes saved Buschart’s team time and allowed them to focus on other priorities. He noted that they were able to reduce time spent on the setup and deployment of a system from more than a week to just one day.
The setup process was automated using the Red Hat Ansible Automation Platform, which enabled Buschart’s team to develop playbooks for the installation, configuration, hardening, and deployment of PKI operations at scale. Buschart explained that relying on the playbooks resulted in significant time savings for his team. He shared the example of setting up a database machine: when completed manually, the workflow required nine detailed steps that the team must execute very carefully. Now, all they must do is run the playbook.
To streamline PKI installations across most parts of the business, Siemens deployed EJBCA Enterprise — an end-to-end certificate management solution that also enables simplified and automated PKI operations at scale. In this use case, the playbooks do not just deploy EJBCA on a machine or in a lab. The entire process is automated, including the installation and hardening of Jboss according to the Siemens guidelines, and the configuration of the Hardware Security Module (HSM).
Automating PKI system deployment enables organizations like Siemens to be more agile when experimenting with new use cases. Compared to manual processes, less time is lost in an automated deployment if something does not work as planned. Thanks to the ease and speed of automated deployment, PKI teams like Buschart’s can fail fast and readjust without wasting time and resources.
Organizations with similar infrastructure to Siemens can leverage these PKI deployment playbooks on Keyfactor’s GitHub. Keyfactor released them as open source in production quality, so anyone with an understanding of EJBCA, Ansible, and their organization’s PKI requirements can benefit from them.