Dimension Data was approached by one of the country’s largest telecom providers, wanting to implement a PKI solution. Knowing that Service Providers often benefit from Open Source solutions, Dimension Data turned to PrimeKey. Here they found a PKI solution that not only was Open Source but that also complied with the 3GPP and IETF standards that the customer was striving to comply with.
Dimension Data is a subsidiary of NTT group, with offices in 49 countries and more than 27 000 employees globally. The company operates in three areas; consulting services, technical- and support services and
managed services. Dimension Data has an impressive list of customers and have collaborated with PrimeKey for PKI solutions in many projects.
When the Dimension Data team specialized in service providers was approached by one of the largest telecom and mobile service providers in Germany, this was another good opportunity to work with PrimeKey. The
large telecom provider was looking to move to LTE (4G) technology and was therefore required to comply to IETF and very specific PKI requirements, regulated in 3GPP (3rd Generation Partnership Project). As a service provider, they were also looking for an Open Source Solution providing flexibility and freedom. All of the requirements were met by PrimeKey and the PKI solution EJBCA.
The project at hand involved thousands of LTE Radio Base Stations (eNodeB), LTE Security Gateway and the eNodeB vendor’s management system (OSS). For this major implementation, concerning the mobile network for a significant part of the German population, PrimeKey PKI and EJBCA manufactured certificates providing authentication for IPsec between eNodeBs and Security Gateways, as well as for SSL between
eNodeBs and their OSS.
The collaboration between Dimension Data, as a consultant to the telecom provider, and PrimeKey, as a supplier to Dimension Data, was very successful. The quality of the collaboration was proven when the telecom provider, during the project discovered the need for new functionality to support vendor certificates from different vendors. PrimeKey then implemented the missing feature and delivered CMPv2 using embedded vendor certificates, within two months. This timeframe that was very much appreciated by both Dimension Data and the end customer.
PrimeKey and Dimension Data together delivered a high-quality solution that is continued to be supported and maintained 24/7. Today, the telecom provider is fully compliant with required standards and is
planning to further extend the solution, adding tens of thousands eNodeBs in the near future.
General deployment architecture for certificate enrollment of a base station at an operator PKI: