[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

PKI consulting and times questions

Posted on 2014-12-17
3
Medium Priority
?
213 Views
Last Modified: 2014-12-18
Hello Experts

Can someone please provide some estimate on deploying a PKI[Windows 2012 R2] infrastructure from scratch for a customer?

I need to get average times to deploy and setup a 2 or 3 tier PKI infrastructure from scratch

I have a client that will go with single tier initially – are there any gotchas that need to addressed to go 2 tier down the road (or do you simply go 2 tier from the start)?
 
Here’s a step by step link for what’s needed for W2K8 R2.  Are there any major differences with W12R2?
http://social.technet.microsoft.com/wiki/contents/articles/11750.step-by-step-guide-single-tier-pki-hierarchy-deployment.aspx

Please respond all questions

Thanks in advance
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Author Comment

by:Jerry Seinfield
ID: 40505473
Can I get an update please?
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 1000 total points
ID: 40506454
It depends on how big the customer setup is

U can go with standalone root CA + subordinate enterprise root CA, however for most of the small organizations this is more than required.
Probably you would be better off with enterprise  root CA only

There are some new additions with 2012 CA as compared to 2008 R2, however for day to day working no problems, you can deploy 2012 R2 CA server

You can daily take CA server backup which can be restored in case if required
U can deploy CA role in failover cluster, however its not required because there are no major dependencies on CA unless you have applications looking for CA urls \ availability
0
 
LVL 83

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 1000 total points
ID: 40506464
Deploying an offline root ca and a suboridinate CA  takes about 1 hour. This is for internal use only. If you need to trust other companies and they need to trust you then it takes exponentially longer. i.e. setting up your policy server. getting oid's, having your policies validated by the other companies. Setting up a HSM (hardware security module) and defining how many key cards are required to create a certificate (each certificate type can have different key card and identification requirements.  All of this is in your policy.inf

Always use a VM for the root CA and it can be turned off once the first subordinate CA is deployed. The Root CA holds the keys to the kingdom and is only used for creating subordinate CA's
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question