ARX CoSign (Digital Signatures Appliance), Review

Review of ARX CoSign Appliance Version 4.1

Pluses

• Self contained appliance that includes a CA (I saw other competitors that have self contained systems also, so this isn't unique). The appliance stores all the user's configuration including signature graphic files.
• Integrates into AD by creating a Service Connection Point in the Configuration naming context. Here is an example SCP:

CN=CoSign Service Connection Point For CSN12345,CN=NetServices,CN=Services,CN=Configuration,DC=my-root-domain,DC=dom

This allows the clients to automatically find the appliance, eliminating the need to configure that on the clients.
• AD groups are used to designate users as signers. The appliance can be configured to delete the AD user’s CoSign account when the user is removed from the AD group.
• The appliance actually uses a hardened version of Windows 2000 Server, SP4 and therefore becomes a member of the AD domain.
• Appliance Management is done via an MMC snap-in.
• The client piece integrates well with MS Office.
• A PDF printer called OmniSign Printer is included. This allows you to basically “print” anything to a digitally signed PDF. This is good for non-MS Office applications.

Minuses

• The company is based out of Israel and it looks like most of their tech support is based out of there. The accents on some of the support reps makes it difficult to understand them.
• Many of the instructions and steps provided in the manual and through tech support (via e-mail) are not well thought out and I have to go back and forth with support to clarify things.
• The knowledge base at http://cosignkb.arx.com/ is a joke. There is no search feature as of 12-19-2008 and everything is jumbled together on one page. This is very unprofessional.
• Since this is a hardened server, I have to download the Windows event log via the admin MMC and then view it locally on my computer. This is very inconvenient when troubleshooting.
• There’s no clean and secure way to automate backups. They have a command line tool called GetBackUp.exe that you can put into a batch file and use in a Windows Scheduled Task. The problem with this method is that the batch file requires the password of the CoSign administrator user in clear text. This is a big security issue considering that this is a security system that we’re trying to back up!
• My biggest gripe is automated installation of the client. This is a big headache and I’ve learned that when evaluating any new system, the ease of automated deployment should be a key feature to look for. I could have asked if they used MSI files and they would have been truthful in replying yes. But considering that they use MSI files along with a VBS, it doesn’t make for a clean install.

Leave a Reply

*