|
Posted by =?Utf-8?B?U2Ft?= on May 21, 2008, 11:16 am
If you were Registered and logged in, you could reply and use other advanced thread options
Sorry for the confusion. My plan is/was to have one enterprise CA
(intermediate) and 3 subordinate issuing servers. My original question asked
if anyone has virtualized (using VMWARE specifically) for their CA
environment.
I would like to have just one Enterprise CA if possible as the less servers
I have to manage the better. For now we will only be using the certificates
internally for email and EFS.
Externally, we have about 10 SSL Certificates all through Verisign and
please note I still have lots to learn about all of this and if issuing our
own SSL certs will cause problems with our Customers, I will keep the Versign
version. The external Certs are used by non-employees and employees.
> Your original post is kind of confusing. You state that you plan to have 1
> physical Enterprise and 3 subordinates, what exactly do you mean by that?
> Also what do you mean by "all 4 intermediate and subordinates"?
>
> As far as the above, are you planning on only doing email
> signing/encryption internally or will you users be exchanging
> signed/encrypted email with others outside of your company? Similar
> question for the external SSL certs. Who will be using the external web
> sites, employees, external users, or both. If you plan on having
> non-employees consume your email or SSL certs then you're going to have
> problems as they won't trust your root and therefore won't accept your
> certificates issued in that chain.
> How many email/external SSL certs are you looking at issuing?
>
> >
> >
> > "S. Pidgorny <MVP>" wrote:
> >
> >> Yes some have virtualised the CAs. Problem being - you have difficulty
using
> >> HSMs for key storage. If HSM isn't a requirement, you're good to go.
> >>
> >> At the first glimpse your plan is inconsistent (why use physical Enterprise
> >> CA?) and overly complicated (why do you need the three subordinates?).
> >>
> >> I'm cross-posting this to security groups where PKI matters are discussed a
> >> lot.
> >>
> >> --
> >> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> >> -= F1 is the key =-
> >>
> >> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
> >>
> >>
> >>>I am in the process of defining the CA architecture needs for my company.
> >>>We
> >>> are a single forest/domain so pretty simple and basic. Always looking to
> >>> reduce capital costs, I was wondering if anyone has virtualized their
> >>> entire
> >>> CA infrastructure?
> >>> My plan was to have a Virtual root, and filing the vmdk files in a safe
> >>> location and then having 1 physical Enterprise, and 3 subordinates. I'd
> >>> like
> >>> to do all 4 intermediate and subordinates as Virtual servers rather than
> >>> physical.
> >>>
> >>> Anyone experience any issues or even tried this?
> >>>
> >>>
> >>
> >>
> >>
>
>
> --
> Paul Adare
> http://www.identit.ca
> Variables won't; constants aren't. -- Osborn
>
| 
XML site map