DigiCert® Enterprise PKI Manager
A solution for identifying, validating and securing users, systems and devices.
“We needed software that works on prem or in the cloud. With Lohika we were able to use the best of breed technology and have a team of engineers that understand that.”
-Dan TimpsonFormer Chief Technology Officer, DigiСert

Watch Video
DigiCert is the world’s leading provider of scalable TLS/SSL, IoT and PK solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the top 100 global banks choose DigiCert for its expertise in identity and encryption for web servers and IoT devices.

The Big Announcement

DigiCert CEO John Merrill had something big to announce. A capacity crowd gathered in the keynote auditorium of the DigiCert Security Summit 2020 in San Diego, California. Merrill took the stage to announce an exciting new platform that his team had worked on for over a year.

With the audience in eager anticipation, Merrill unveiled details of DigiCert ONE, a modern, holistic Enterprise PKI manager. Built on a completely new container-based backend infrastructure, DigiCert ONE allows rapid deployment in any environment – customers can roll out new services quickly, with end-to-end user and device management at any scale. Built in just over a year in a collaboration between DigiCert and Lohika, it was an achievement that both companies are very proud of.

Now that you know the ending of this story, this case study will show you how we got there.

Challenges

The road to a cloud-agnostic solution

DigiCert ONE is a cloud-agnostic solution: it can run on any cloud that supports Kubernetes as well as on-prem. The prior Enterprise PKI, Magnum, was built using legacy components, resulting in a set-up that demanded significant migration time and efforts. Running on an outdated technology stack and pieced together with technologies gained from several acquisitions, the system was difficult to maintain and upgrade.

Deploying the software to customers was a complex process and there was no easy way to provide software updates. While DigiCert customers were managing an increasing number of IoT devices, the prior software did not support IoT.


“IoT device management was a new space for us, so we had to work at it in an iterative way. The Lohika team did a good job of filling in the gaps and was able to demo and check that we were going in the right direction for each sprint.”
– Wade Choules VP of Engineering for Emerging Markets, DigiCert

Meanwhile, engineering was distributed across five locations, cobbled together between the legacy DigiCert team and talent acquired in the Symantec acquisition. In addition, attrition challenges in the Bangalore office made it extremely difficult to maintain velocity, let alone bootstrap a completely new team with the necessary skillset.

Further complicating the situation, the assumption was that no generalist external engineering partner could possibly have the domain expertise required to build such a complex, enterprise security product from the ground up.

Solution

To address the challenges with the prior platform, DigiCert envisioned a new and modern platform that would be 100% cloud-ready as well as on-prem: the DigiCert ONE platform. Together, DigiCert and Lohika architected a next-generation PKI solution that could be easily configured via a web-based user interface. The platform would have new accessibility layers for server and IoT infrastructure.

Working as an extension of the DigiCert engineering team, Lohika engineers designed, architected and deployed a secure and easy-to-manage solution using Kubernetes. In addition, Lohika engineers implemented the new REST API backend as a modern reactive Java application. The new application provided support for pluggable software and hardware security modules.

A modern infrastructure based on Kubernetes

The Lohika engagement started in Dec 2018 with a mission to design and implement a solution for the emerging IoT market. In general, IoT scenarios are very different from the regular certificate-issuing workflow due to device manufacturing scale and process specifics. The idea behind the solution was to extend the existing application with new microservices to cover new workflows and build the foundation for a modern infrastructure based on Kubernetes.

The DigiCert and Lohika teams designed and implemented a modern solution with a newly designed web UI using the latest reactive Java/Spring and TypeScript/React stacks with containerized deployment. Initially, the solution was delivered as a new microservice. However, with time, the architecture naturally evolved to multiple microservices that cover specific domains and different workflows.

The development of an all-in-one solution

From the beginning Lohika engineers were responsible for development, establishing CI/CD processes and testing the solution, which simplified a certificate issuance by providing predefined templates. The initial MVP was created as an all-in-one solution.

The initial MVP project was split into two specific products: the Enterprise Manager and the Identity Manager. The Lohika team continued to own Enterprise Manager and an internal DigiCert team became responsible for Identity Manager, the authentication/authorization product. The Lohika team proceeded with Enterprise Manager development, including the managing of certificates, profiles, seats, enrollments and business units.

“We knew they were going to be excellent software engineers, but to share their knowledge and best practices and make the DigiCert engineering team better?

That was surprising”

– Wade Choules VP of Engineering for Emerging Markets, DigiCert
Two full-stack teams

Currently, two Lohika full-stack teams holistically own the delivery of enterprise-specific and IoT-specific microservices, and cover back-end, web UI, test automation of back-end API and front-end, and CI/CD.

The CI/CD pipeline was built from scratch by Lohika engineers using Jenkins, Helm, Kubernetes, Ansible, Terraform:

  • Artifact management
  • Provisioning and configuration management
  • Orchestration
  • Deployment

Lohika is responsible for coverage with tests on all levels starting with Unit tests in Junit and continuing with API and UI parts, both manual and automated, using Python and Cypress.

In parallel, Lohika DevOps experts are heavily involved in the design and development of a new container-based infrastructure – a secure, scalable and manageable solution based on IaC, Docker and Kubernetes.

“Lohika’s expertise in software development has been a two-way street. We shared information about PKI development and Lohika shared their knowledge about the latest software engineering practices.“

– Wade Choules VP of Engineering for Emerging Markets, DigiCert

Technologies

  • Back-end: Java 11, Spring Boot + Reactor, MariaDB, Kubernetes
  • Front-end: React + Redux, SCSS, Webpack, Ant Design
  • QA: REST Assured, Cypress
  • Infrastructure: Jenkins, Ansible, Terraform, Docker, Kubernetes, Helm

Results

  • Flexible deployment
  • Lower Total Cost of Ownership (easy to manage and scale)
  • Easier to stay compliant & secure
  • Standards-based
  • Dedicated Workflows
  • Automatically up to date
  • Private certificate issuance
  • Powerful HSM management
  • Granular permissions & audit trails

Enjoy a complimentary consultation

For over 20 years, Lohika has successfully transformed companies with remote engineering teams.
Tom Scopazzi
Strategic Client Partner
Our consulting team can show you how to improve efficiencies and grow engineering software teams in the new age of remote working.