MCITP Server Administrator Zone Types and Zone Transfers of this level
For our purposes, the discussion of this level of structure is relatively moot. This is because a single-tiered CA hierarchy is usually used only in small organizations, typically with fewer than 300 user accounts. The focus of the enterprise-level exam is organizations that have more than 5,000 employees. Regardless, in a single-tier CA infrastructure, the CA is a member server of the mcitp server administrator domain that exists as the only enterprise root-level certi?cate authority. Obviously, the advantages of this design are that it is both easy to design and easy to implement. However, it is lim- ited. For example, there is absolutely no available backup. If the main root authority fails, then the entire structure fails. Furthermore, without additional tiers to rely upon, a single member server issuing certi?cates can (and most likely will) become overburdened in a large organization. In a two-tiered CA structure, multiple levels of certi?cate servers perform different roles. Best practices dictate that at the top of the tree the root-level enterprise authority is stand- alone. That is, it exists apart from the network for the sake of security. Then, below that root-level authority, other member servers exist to issue certi?cates, as shown in Figure 7.1. In this ?gure, the root certi?cate authority exists independently from the rest of the net-work, and the extending second-tier computers can either issue certi?cates or exist as policy issuance certi?cate authorities. Policy issuance CAs are similar to certi?cate authorities, except they de?ne the way certi?cates can be issued but often do not issue certi?cates themselves. The advantage of this design is that it allocates a single level of infrastructure mcsa certification for each of the roles being played in the process of dispersing certi?cates. Furthermore, it adds more physical security because it creates barriers of separation between the root CA, the policy CA(s), and the issuing CAs. A four-tiered CA structure is often used in organizations that have to issue many certi?- cates and require an infrastructure that can support that need. Using a fourth tier, the issuing CAs that existed in the previous three-tier structure expand into a new layer of cer- ti?cate authorities that build on the previous third tier and create a new tree structure that sort of resembles a ?multitiered?third tier. This is pictured in Figure 7.3.
Processing your request, Please wait....
