TrustedObjects Manager

Central management with TrustedObjects Manager

The TrustedObjects Manager (TOM) central management station comes in two versions – as a ready-to-run hardened appliance and as a redundant system for high-availability requirements. TOM is controlled via an internal web interface so that authorized administrators can use a browser to remotely access the management functions. User authentication is done via username/password or smart card.

TrustedObjects Manager is the central management component for many Rohde & Schwarz Cybersecurity products. It can be integrated into a company's LDAP (ActiveDirectory/eDirectory/Notes) and provides a complete PKI. An administrator can centrally and conveniently configure companywide security policies and product configurations. Additionally, all products and appliances will be fully provisioned. Currently, the following products are managed using TrustedObjects Manager:

  • Browser in the Box
  • BizzTrust
  • TrustedDesktop
  • TrustedIdentity Manager 
  • TrustedVPN 
  • VPN Client

Security anchored in hardware

TOM, TrustedDesktop and VPN appliances are all equipped with the Trusted Platform Module (TPM) hardware chip that acts as a security anchor and is fully integrated in the overall system architecture up to and including the application level. The TrustedObjects Manager can optionally be equipped with a specially sealed and FIPS 140-2 level 3/4 certified hardware security module (HSM) for use as a certification authority (CA). Specifically, the TOM's security module securely stores and uses the private keys of the root CAs.

The keys never leave the security chip, allowing reliable, tamper-free identification of the TOM. Like many other products, TrustedObjects Manager is based on the TURAYA.SecurityKernel, which uses hardware- based verification (Trusted Boot) to ensure the integrity of all relevant components and protect the firmware and configuration data through TPM-based (sealing) full-disk-encryption. The result is an integrated total system that reliably prevents manipulation – both locally and remotely.