Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

Slides:

Advertisements

Similar presentations

Harnessing the power of SWIFT for enterprise financial messaging Published: April 2007 Microsoft BizTalk Accelerator for SWIFT.

Advertisements

The following 10 questions test your knowledge of client site assignment in Configuration Manager Configuration Manager 2007 Client Site Assignment.

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.

4/6/ :35 AM © 2004 Microsoft Corporation. All rights reserved.

1. 2 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Server System TM Overview IT Expectations: Do More with Less.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Understanding Active Directory

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Chapter 11: Active Directory Certificate Services

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Managing Employee Earnings Statements: PAYSTUB 3.0 A centralized, intranet-based application used to view employee earnings statements online Published:

ESupport Shifting Customers to the Internet for Support Published: January 2002.

Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.

Managing LOB Applications by Using System Center Operations Manager Published: March 2007.

Deploying Visual Studio Team System 2008 Team Foundation Server at Microsoft Published: June 2008 Using Visual Studio 2008 to Improve Software Development.

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Deploying & Supporting Windows Server 2003 Experiences of Early Adoption at Microsoft Published: June 2003.

Windows Optimized Desktop: Enhance Security & Control.

Guidance 15-Day (Proof-of-Concept) 10-Day (Proof-of-Concept) 5-Day (Deployment Documents) 3-Day (Architectural Design Session) 1-Day (Strategic.

[Insert Name Here]

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication.

Microsoft Security Certifications Bob McCoy Technical Account Manager Premier Support Microsoft Corporation.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Microsoft ® Official Course Module 8 Deploying and Managing Certificates.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Office SharePoint Server 2007 Mark Dunkel US Education TSP - SharePoint Microsoft Corporation.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

Deploying SharePoint Products and Technologies for Enterprise Collaboration Microsoft IT group’s Centrally Hosted Collaboration Solution.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

HRWeb Maximizing Employee Productivity and the Effectiveness of the HR Organization Published: June 2002.

Configuring Directory Certificate Services Lesson 13.

OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

Hosting an Enterprise Financial Forecasting Application with Terminal Server Published: June 2003.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Microsoft’s Worldwide Marketing Database with Windows 2000 Datacenter Server Scaling Up to the Needs of the Worldwide Marketing Database with Windows.

Wellington SharePoint Users Group 2007 Microsoft Office System Overview Ryan Duguid.

Application Center 2000 at Microsoft A solution for managing high availability Web applications built on Windows 2000 Published April 2002.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Secure Windows App Development. Authentication.

Connect with life Vedant Kulshreshtha Technology Solutions Professional – SharePoint | Microsoft India

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Creating and Managing Digital Certificates Chapter Eleven.

Module 3 Planning for Active Directory®

Module 1: Overview of Microsoft Office SharePoint Server 2007.

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

Secure Connected Infrastructure

6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.

Microsoft Ignite /31/ :08 AM

TechEd /2/2018 5:42 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Enabling the hybrid cloud with remote access appliances

Microsoft Virtual Academy

Microsoft Virtual Academy

Microsoft Virtual Academy

10/13/2019 4:41 AM DNN Cloud Services Under the Hood David Rodriguez Cloud Team Lead Engineer – DNN Corp. Windows Azure Insider © 2010 Microsoft.

What’s New in Visual Studio 2012 for Web Developers

Presentation transcript:

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003

Solution Overview Situation ● Microsoft needed a platform for securing internal and external network communications Solution ● Microsoft IT installed Certificate Services to implement a secure communications and remote authentication infrastructure Benefits ● Enabled the use of S/MIME signatures and encryption ● Secured Web connections ● Ensured the confidentiality of stored and transmitted data ● Ensured the confidentiality and integrity of transmitted data by using IPSec ● Enabled strong network user authentication

Products and Technologies ● Windows 2000 Server ● Windows Server 2003 ● Windows-based PKI and CA ● Certificate Services ● Active Directory ● Windows XP Professional ● Microsoft Office Outlook 2003 ● Smart Cards ● EFS, IPSec, S/MIME, SSL

Deployment Windows 2000 Server PKI ● CA hierarchy ● Integration of PKI into Active Directory

Deployment Windows 2000 Server PKI ● Network and server performance ● Security requirements ● Windows 2000 Server Certificate Services ● CRL lifetime

Architecture Windows 2000 Server PKI Microsoft Corporate Root Authority – Offline Root Microsoft Intranet CA – Offline Intermediate 1 Microsoft Extranet CA –Offline Intermediate 2 Microsoft IT vault Intranet Machine CA 1 Intranet Machine CA 2 FTE User CA 1 FTE User CA 2 Non-FTE User CA 1 Intranet Level 2 User CA 1 Intranet Level 2 User CA 2 Personnel CA 1 Extranet Machine CA 1 Intranet Network CA 1

Benefits of Upgrading the PKI to Windows Server 2003 ● Extended certificate templates ● Key archival and recovery ● Extended autoenrollment

Deployment Windows Server 2003 PKI ● Server consolidation ● Sanitization of certificates ● Inclusion of public root hierarchy

Deployment Windows Server 2003 PKI ● CA server management and support ● Smart Card deployment

Architecture Windows Server 2003 PKI Microsoft Corporate Root Authority – Offline Root Microsoft Intranet CA – Offline Intermediate Offline Intermediate Third-Party External Public Root Authority – Offline Root Microsoft CA – Offline Intermediate Microsoft IT vault Personnel CA 1 Public-Facing SSL CA 1 Intranet Level 2 User CA 1 Intranet Level 2 User CA 2 Corporate Enterprise CA 2 Corporate Enterprise CA 1

Lessons Learned and Best Practices ● Plan for the upgrade to Windows Server 2003 PKI ● Carefully consider the number of CA servers needed ● Implement a multiple-tier hierarchy ● Consider integration with a public root

Lessons Learned and Best Practices ● Automate CRL Publication ● Customize the CRL Publication Overlap Interval ● Use New Keys for CA Renewal

Lessons Learned and Best Practices ● Plan for certificate issuance policies ● Sanitize elements of the PKI ● Do not use DSA keys with Windows CE– based devices

Future Directions ● Export of KMS database to Windows Server 2003 Certificate Services database ● Extension of PKI and Smart Card infrastructure

Summary ● Increased security ● Application and service compatibility ● Reduced certificate costs ● Ease of manageability ● Conformance to industry standards ● Scalability

For More Information ● White papers ● Websites

For More Information ● Additional content on Microsoft IT deployments and best practices can be found on ● Microsoft TechNet ● Microsoft Case Study Resources ● IT Showcase

This document is provided for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Microsoft Press, Visual Studio, Visual SourceSafe, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.