Delivering military-grade security at scale with Axway
Headquartered in Fort Belvoir, Virginia, the Defense Logistics Agency (DLA) manages the end-to-end global defense supply chain for the Army, Navy, Air Force, Marine Corps, Coast Guard, 11 combatant commands, other federal agencies, and partner and allied nations.
As the largest combat support agency for the U.S. Department of Defense (DoD), DLA provides many military, intelligence, and civilian agencies with nearly every consumable item, from kitchen supplies to airplane components.
Rick Kegris, System Administrator and Information Security Manager at DLA, explains: "Because so many organizations rely on our digital platform to place orders, it's crucial that our services are always secure and available. From an information security perspective, we need a robust public key infrastructure [PKI] framework to ensure that only fully authenticated individuals can log into our platform 24/7."
Joe Sergewich, PKI Engineer at DLA, elaborates: "All government officials — from White House staff to Parks Services employees — are issued with smartcard credentials to access secure systems. To order from DLA, users must log in with their access card: a Personal ID Verification [PIV] card for civilian users or a Common Access Card [CAC] for DOD staff."
Public Key Infrastructure (PKI) security is a key capability for DLA, as it helps the organization to ensure that revoked credentials — for example, of former staffers or of compromised Certificate Authorities — cannot be used for unauthorized access that might compromise the organization's mission-critical operations.
With so much depending on the PKI architecture, it must be extremely reliable. Kegris confirms: "We support U.S. and UN forces deployed all over the world. Any delays to shipping equipment and goods could put lives on the line."
Trusted solution
For over two decades, DLA has trusted Axway Validation Authority to enable real-time validation of digital certificates for millions of users across DoD, Intelligence, and civilian agencies using the Online Certificate Status Protocol (OCSP). Deployed using an innovative, highly distributed and load-balanced Responder/Repeater architecture, Axway Validation Authority enables DLA to meet its stringent performance and availability requirements.
"DLA has used Axway Validation Authority ever since DoD introduced the mandate for the expanded use of CAC," comments Sergewich. "Because we support millions of stakeholders, we need a solution that can validate certificates reliably at speed and scale. That's exactly what Validation Authority allows us to do."
High availability, low latency
Over the years, DLA has scaled out its Validation Authority environment to ensure dependability and low latency. Today, the organization has deployed multiple Axway Repeaters with load balancing for high availability and low latency, providing quick responses to certificate status requests, in combination with multiple redundant production Axway Responders that keep certificate status information up to date.
Kegris elaborates: "Through a combination of effective load balancing and the outstanding robustness of the Axway solution, we are achieving our goal of five nines of uptime for Validation Authority. We update our servers every month, but our high-availability configuration means we never have to worry about our work impacting end users."
Strong partnership
After more than 20 years of continuous service, Axway Validation Authority continues to be the right PKI solution for DLA. Kegris confirms: "Over the years, we've not seen any other solution that combines all the functionality we need with the excellent level of technical support Axway provides."
Looking to the future, DLA plans to work with Axway to deploy enhanced API features to its Validation Authority architecture, potentially including enabling monitoring of the entire landscape from a single pane of glass.
"We have a strong partnership with Axway," concludes Kegris. "Axway continues to be DLA's trusted partner of choice for PKI, and we look forward to working together to continue to strengthen our cybersecurity and enhance our capabilities."