MCITP: Server Administrator Active
When choosing how to design your CA hierarchy, one of the first decisions to make?before you make any other crucial decision?is to pick the model that your entire PKI follows. What this means is that you need to answer the following question: Will the CA architecture follow the administrative structure, or will it follow its own independent structure? One of the most commonly practiced methods of working with a PKI is to model it to mirror ccna exam answers your organization. In Chapter 1, ?Designing a Complex Windows Server 2008 Infrastruc – ture,?I discussed various ways to model your organization based on resources, departments, locations, and various other quantities that make for an easily understandable architecture. Using these practices, you can model the CA structure the same way. If the organization has multiple branch offices, you can model them with certi?cate authorities that represent each branch office. If there are multiple departments, you can implement multiple servers that follow the model of each department. The advantage of this method is that it is simple and creates uniformity in your infra- structure. Both Active Directory and certi?cate services will follow the same architecture, making it easy for administrators at all levels to understand. A case can be made that it is best to have a CA follow a structure that is independent of the standardized methods established by your Active Directory structure. For one thing, there may be organizational or legal standards that require your CA to be placed in a manner set apart from the Active Directory structure. This plays an especially important role in com- pliance with government standards and industry regulations. Some organizations, such as the FBI or CIA, might require that sensitive security data be laid out in a fashion that may seem strange at first but is ultimately the most secure method. As I discussed earlier in this book, these are some of the major factors that play into your design decision: Organizational requirements Software requirements User requirements Business requirements Only you, the administrator, can make these decisions (or perhaps you and several ccnp exam other people tasked with the duty). But the point is that all of these factors have to go into mak- ing the decision, and it can?t be taken lightly. Usually, the decision of how to implement a CA structure is labored over for several weeks. Think about it. In the modern day, even jump drives can be issued certi?cates. Just think about how many keys there can be ?oating around if there are 10,000 of those devices in your enterprise!
Processing your request, Please wait....
