Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Slides:



Advertisements
Similar presentations
Planning a Public Key Infrastructure
Advertisements

Deploying and Managing Active Directory Certificate Services
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Implementing and Administering AD FS
Chapter 9 Deploying IIS and Active Directory Certificate Services
Module 5: Creating and Configuring Group Policy
DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Understanding Active Directory
Chapter 11: Active Directory Certificate Services
Implementing Native Mode and Internet Based Client Management.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Module 6: Configuring AD RMS
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Senior Technical Writer
Maintaining Network Health Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Understanding the Components of NAP Configure Network.
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Configuring Active Directory Certificate Services Lesson 13.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Microsoft ® Official Course Module 8 Deploying and Managing Certificates.
1 Week 10 – Manage Multiple Domains and Forest Configure Domain and Forest Functional Levels Manage Multiple Domains and Trust Relationships Active Directory.
Overview of Access and Information Protection
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Active Directory ® Certificate Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.
Securing Microsoft® Exchange Server 2010
Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Module 11: Remote Access Fundamentals
Configuring Directory Certificate Services Lesson 13.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Module 6: Configuring User Environments Using Group Policy.
Module 9: Fundamentals of Securing Network Communication.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Windows 2000 Certificate Authority By Saunders Roesser.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Labs. Lab Session 1: Administering Windows Server 2008 Exercise 1: Install the DNS Server Role Exercise 2: Configuring Remote Desktop for Administration.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
Module 7 Planning and Deploying Messaging Compliance.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Module 1: Implementing Active Directory ® Domain Services.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
70-412: Configuring Advanced Windows Server 2012 services
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 7: Implementing Security Using Group Policy.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Creating and Managing Digital Certificates Chapter Eleven.
Module 10: Windows Firewall and Caching Fundamentals.
Module 3 Planning for Active Directory®
Labs. Session 1 Lab 1: Designing an Active Directory Forest Infrastructure in Windows Server 2008 Exercise 1: Designing an Active Directory Forest Exercise.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Building and extending the internal PKI
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Maintaining Network Health Lesson 10. Active Directory Certificates Services 2 A component of Microsoft Identity Lifecycle Management (ILM) ILM allow.
Module 8: Securing Network Traffic by Using IPSec and Certificates
Module 8: Securing Network Traffic by Using IPSec and Certificates
Presentation transcript:

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Module 2: Configuring AD CS Overview of PKI Deploying a CA Hierarchy Installing AD CS Managing CA

What Is PKI? Managing IDA and Enhancing Security by Using PKI Components of a PKI Solution Validating Certificates by Using PKI Solutions How AD CS Supports PKI Lesson 1: Overview of PKI

What Is PKI? A Public Key Infrastructure (PKI): Is the combination of software, encryption technologies, processes, and services that enable an organization to secure communication and business transactions Relies on the exchange of digital certificates between authenticated users and trusted resources Is the combination of software, encryption technologies, processes, and services that enable an organization to secure communication and business transactions Relies on the exchange of digital certificates between authenticated users and trusted resources PKI enhances infrastructure security by providing: Confidentiality Integrity Authenticity Nonrepudiation Confidentiality Integrity Authenticity Nonrepudiation

Discussion: Managing IDA and Enhancing Security by Using PKI What benefit would a PKI solution provide to your organization? Give a few examples of services that can use certificates to enhance security. How does PKI solution support IDA Management?

Components of a PKI Solution Certification Authority Digital Certificates Certificate Revocation Lists & Online Responders Certificate Templates Public-key Enabled Applications and Services Certificates and CA Management Tools AIA and CRL Distribution Points

Validating Certificates by Using PKI Solutions PKI-enabled applications use CryptoAPI to validate certificates. Certificate Discovery Path ValidationRevocation Checking

How AD CS Supports PKI CA AD CS CA Web Enrollment Online Responder Network Device Enrollment Service

Lesson 2: Deploying a CA Hierarchy Overview of CA Options for Implementing CA Types of CAs Stand-Alone vs Enterprise CAs Usage Scenarios in CA Hierarchy What Is a Cross-Certification Hierarchy?

Overview of CA Certification Authority Issues a Certificate for Itself Verifies the Identity of the Certificate Requestor Manages Certificate Revocation Issues Certificates to Users, Computers, and Services

Discussion: Options for Implementing CA What are the advantages and disadvantages of using an external public CA? What are the advantages and disadvantages of using an internal CA?

Types of CAs Is the most trusted type of CA in a PKI infrastructure Is a self-signed certificate Issues certificates to other subordinate CAs Possesses physical security and the certificate issuance policy that are typically more rigorous than subordinate CAs Root CA Is issued by another CA Addresses specific usage policies, organizational or geographical boundaries, load balancing, and fault tolerance Issues certificates to other CAs to form a hierarchical PKI infrastructure Subordinate CA

Stand-Alone vs. Enterprise CAs Stand-Alone CAsEnterprise CAs A stand-alone CA must be used if any CA (root or intermediate/ policy) is offline. This is because a stand-alone CA is not joined to an AD DS domain. Requires the use of Active Directory® Requires AD DS Can use Group Policy to propagate certificate to Trusted Root CA certificate store Users provide identifying information and specify type of certificate Publishes user certificates and CRLs to AD DS Does not require Certificate templates Issues certificates based upon a certificate template All certificate requests kept pending till administrator approval Supports autoenrollment for issuing certificates

Usage Scenarios in CA Hierarchy Root Subordinate RASEFSS/MIME IndiaCanadaUSA Root Subordinate Root Subordinate Root Subordinate ManufacturingEngineering Accounting Employee Contractor Partner Certificate Use Location Departments Organizational Unit

What Is a Cross-Certification Hierarchy? Root CA Organization 1 Organization 2 Subordinate CA Root CA Organization 1 Organization 2 Subordinate CA Cross-certification at the root CA level Cross-certification subordinate CA to root CA

Lesson 3: Installing AD CS Considerations for Installing Root CA How To Install AD CS as Root CA Installing Subordinate CA How CAPolicy.inf File Is Used for Installation Overview of CA Administration Console

Considerations for Installing Root CA Computer Name and Domain Membership Name and Configuration Private Key Configuration Validity Period Certificate Database and Log Location CSP Default: 2048 Key Character Length Hash Algorithm Certificate # Planning a Root CA

Demonstration: How To Install AD CS as a Root CA To install the AD CS server role as an Enterprise Root CA

Considerations for Installing a Subordinate CA Computer Name and Domain Membership Name and Configuration Private Key Configuration Validity Period Certificate Database and Log Location Request Certificate for Subordinate CA CSP Default: 2048 Key Character Length Hash Algorithm Certificate # Planning a Root CA

How CAPolicy.inf File Is Used for Installation The CAPolicy.inf file is stored in the %Windir% folder of the root or subordinate CA. This file defines: Certification Practice Statement (CPS) Object Identifier (OID) CRL Publication Intervals CA Renewal Settings Key Size Certificate Validity Period CDP and AIA Paths

Demonstration: Overview of the CA Administration Console To open the CA administrative console and review the available options

Lesson 4: Managing a CA What Are CRLs? How CRLs Are Published Where to Publish AIAs and CDPs? Configuring AIA and CRL Availability

What Are CRLs? Delta CRLs Client computer using Windows XP® or Windows Server® 2003 Base CRLs All revoked certificates Greater publication interval Last base CRL certificate Lesser publication interval + - Large size Small size Client computer using any version of Windows®

How CRLs Are Published Cert3 Base CRL# 1 Revoke Cert5 Delta CRL# 2 Cert5 Revoke Cert7 Cert5 Cert7 Delta CRL# 3 Cert3 Cert5 Cert7 Time Base CRL# 2

Where to Publish AIAs and CDPs Offline Root CA Publish the root certificate CA and URL to: Active Directory® Web servers FTP servers File servers Internet Firewall External Web Server Active Directory® FTP Server Internal Web Server File Server

Demonstration: How To Configure AIA and CRL Availability To configure AIA and CDP settings To publish the latest version of the CRL To publish the CRL and CA certificate for the offline root CA to an HTTP location To view the CRL To publish the CRL and CA certificate to Active Directory®

Lab 2: Configuring AD CS Exercise 1: Installing the AD CS Server Role Exercise 2: Issuing and Installing a Subordinate Certificate Exercise 3: Publishing the CRL Logon information Virtual machine 6426A-NYC-DC1 6426A-NYC-SVR1 User nameAdministrator Password Pa$$w0rd Estimated time: 40 minutes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.