Announcing support for on-premises Windows workloads with Certificate Authority Service

The use of digital certificates to establish trust across our digital infrastructure continues to grow at a rapid pace, driven by development and deployment of cloud-based, containerized, microservice-based applications and the proliferation of connected Internet of Things and smart devices. 

Google Cloud Certificate Authority Service (CAS) provides a highly scalable and available private CA to help organizations address the growing need for certificates. With CAS, you can offload time-consuming tasks associated with operating a private CA, like hardware provisioning, infrastructure security, software deployment, high-availability configuration, disaster recovery, backups, and more to the cloud.

While a cloud-based CA is uniquely suited to the scalability and availability requirements of cloud-native environments, organizations who have adopted cloud-based CAs increasingly want to extend the capabilities and value of their CA to their on-premises environments as well, where certificates continue to be the primary mechanism for identifying and securing enterprise endpoints and existing on-prem CA options continue to be complex and costly to operate and manage.

Getting started on converged PKI and supporting Windows workloads

To get started on this converged public key infrastructure (PKI), enterprises can now deploy a private CA through Google Cloud CAS along with a partner solution that simplifies, manages, and automates the digital certificate operations in on-prem use cases such as issuing certificates to routers, printers, or users. ISV partners with Google Cloud CAS integration include AppviewX, Venafi (which includes JetStack), KeyFactor, and SmallStep. 

One of the most commonly-requested features for on-prem certificate enrollment is Windows auto-enrollment: Today, organizations with on-prem deployments of private CA can auto-enroll client certificates using Windows Active Directory Certificate Services (ADCS). Windows auto-enrollment helps to automate registration and renewal of endpoint/client certificates. Google Cloud now is able to offer an alternative to MS CA Service that integrates into Windows environments with the integration of partner solutions from AppviewX such as PKIaaS, CLMaaS, and KeyFactor. 

The benefits of converged PKI in the cloud

In addition to addressing the scalability and management issues of digital certificates, the converged PKI deployment in the public cloud offers these benefits:

• Simplified and automated certificate management compliance

• Centralized policy definition and decentralized certificate enrollment

• Improved visibility through partner solutions for Certificate Lifecycle Management (CLM)

• Service level agreements for large scale deployments

• Reduction in CapEx

We discuss these in greater detail in our papers on deploying a secure and reliable PKI with Google Cloud CAS, and scaling certificate management with Google Cloud CAS. 

Moving your on-prem CA to Google Cloud

Google Cloud CAS with an integrated partner solution can help simplify enterprise PKI deployments and provide a highly available, comprehensive, and converged private CA. And now, on-prem private CA deployments with Windows CA and auto-enrollment are supported through partner solutions. To get started, visit the CAS product page or one of the partner links above. If you have additional questions, you can also contact cas-support@google.com.