Tara facilitates the automated provisioning of servers (and the applications they host) with PKI credentials and trust chains. Leveraging existing ISC web services (Bagala and CCMS), Tara administrators can centrally manage and deploy server and application credentials as well as common trust anchors throughout an enterprise. Once installed on a host, Tara periodically downloads and installs updated trust stores from a central server. Tara also manages the host’s PKI credentials, automatically handling scheduled key rollover events and reconfiguring relying server processes to use updated keying material.
Tara is particularly useful in the automated provisioning of virtual servers as they come online in the cloud. When a new VM host instance is launched, Tara automatically interfaces with Bagala and CCMS to obtain that VM’s credentials and trust chains. When the VM is terminated, Tara informs CCMS that the host’s credentials are no longer in use.
Tara’s flexible plug-in architecture allows admins to deploy management scripts specifically targeted to their particular network and PKI ecosystem. Template scripts for the most popular web service platforms are provided. Tara supports pooled certificates, short-term certificates, and normal certificates with revocation.