Hardware considerations for PKI

In your experience, any practical hardware capacity planning I should be
aware when selecting hardware for a PKI infrastructure ?

I am planning to use total of two physical servers for redundancy. I would
put the Off-line root CA in a Virtual machine and keep it shut down.

I am plannig to use a 3.0GB Pentium, 4GB RAM server. From what I have been
reading there is no major prcessing power to worry about. I have total of 4
DC's, total of 15,000 user accounts, but only 6,000 clients.

Steve
Tue Nov 07 19:19:40 CST 2006

This is a multi-part message in MIME format.

------=_NextPart_000_0015_01C70290.E8F7D250
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

If you can, build your offline root on some old laptop instead. Then =
when you aren't using it, keep it in a safe.

--=20
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com

"Marlon Brown" <MarlonBrown@discussions.microsoft.com> wrote in =
message news:OTXxQqpAHHA.4496@TK2MSFTNGP02.phx.gbl...
In your experience, any practical hardware capacity planning I should =
be=20
aware when selecting hardware for a PKI infrastructure ?

I am planning to use total of two physical servers for redundancy. I =
would=20
put the Off-line root CA in a Virtual machine and keep it shut down.

I am plannig to use a 3.0GB Pentium, 4GB RAM server. From what I have =
been=20
reading there is no major prcessing power to worry about. I have total =
of 4=20
DC's, total of 15,000 user accounts, but only 6,000 clients.

------=_NextPart_000_0015_01C70290.E8F7D250
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-1252">
<STYLE></STYLE>

<META content=3D"MSHTML 6.00.6000.16386" name=3DGENERATOR></HEAD>
<BODY id=3DMailContainerBody=20
style=3D"PADDING-RIGHT: 10px; PADDING-LEFT: 10px; FONT-SIZE: 10pt; =
COLOR: #000000; PADDING-TOP: 15px; FONT-FAMILY: Cambria"=20
bgColor=3D#ffffff leftMargin=3D0 topMargin=3D0 CanvasTabStop=3D"true" =
acc_role=3D"text"=20
name=3D"Compose message area">
<DIV>If you can, build your offline root on some old laptop instead. =
Then when=20
you aren't using it, keep it in a safe.</DIV>
<DIV><BR>-- <BR>Steve Riley<BR><A =
title=3Dmailto:steve.riley@microsoft.com=20
href=3D"mailto:steve.riley@microsoft.com">steve.riley@microsoft.com</A><B=
R><A=20
title=3Dhttp://blogs.technet.com/steriley=20
href=3D"http://blogs.technet.com/steriley">http://blogs.technet.com/steri=
ley</A><BR><A=20
title=3Dhttp://www.protectyourwindowsnetwork.com/=20
href=3D"http://www.protectyourwindowsnetwork.com">http://www.protectyourw=
indowsnetwork.com</A></DIV>
<DIV> </DIV>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Marlon Brown" <<A =
title=3Dmailto:MarlonBrown@discussions.microsoft.com=20
=
href=3D"mailto:MarlonBrown@discussions.microsoft.com">MarlonBrown@discuss=
ions.microsoft.com</A>>=20
wrote in message <A title=3Dnews:OTXxQqpAHHA.4496@TK2MSFTNGP02.phx.gbl =

=
href=3D"news:OTXxQqpAHHA.4496@TK2MSFTNGP02.phx.gbl">news:OTXxQqpAHHA.4496=
@TK2MSFTNGP02.phx.gbl</A>...</DIV>In=20
your experience, any practical hardware capacity planning I should be=20
<BR>aware when selecting hardware for a PKI infrastructure ?<BR><BR>I =
am=20
planning to use total of two physical servers for redundancy. I would =
<BR>put=20
the Off-line root CA in a Virtual machine and keep it shut =
down.<BR><BR>I am=20
plannig to use a 3.0GB Pentium, 4GB RAM server. From what I have been=20
<BR>reading there is no major prcessing power to worry about. I have =
total of=20
4 <BR>DC's, total of 15,000 user accounts, but only 6,000=20
clients.<BR><BR><BR></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0015_01C70290.E8F7D250--

Marlon
Tue Jan 23 11:48:19 CST 2007

This is a multi-part message in MIME format.

------=_NextPart_000_0202_01C73ED3.9DE3EBD0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Steve, I am taking your suggestion :-)
"Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in message =
news:76111334-B590-4E75-BC1D-F7E0A07B58C7@microsoft.com...
If you can, build your offline root on some old laptop instead. Then =
when you aren't using it, keep it in a safe.

--=20
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com

"Marlon Brown" <MarlonBrown@discussions.microsoft.com> wrote in =
message news:OTXxQqpAHHA.4496@TK2MSFTNGP02.phx.gbl...
In your experience, any practical hardware capacity planning I =
should be=20
aware when selecting hardware for a PKI infrastructure ?

I am planning to use total of two physical servers for redundancy. I =
would=20
put the Off-line root CA in a Virtual machine and keep it shut down.

I am plannig to use a 3.0GB Pentium, 4GB RAM server. From what I =
have been=20
reading there is no major prcessing power to worry about. I have =
total of 4=20
DC's, total of 15,000 user accounts, but only 6,000 clients.

------=_NextPart_000_0202_01C73ED3.9DE3EBD0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<STYLE></STYLE>

<META content=3D"MSHTML 6.00.5346.5" name=3DGENERATOR></HEAD>
<BODY id=3DMailContainerBody=20
style=3D"PADDING-RIGHT: 10px; PADDING-LEFT: 10px; FONT-SIZE: 10pt; =
COLOR: #000000; PADDING-TOP: 15px; FONT-FAMILY: Cambria"=20
bgColor=3D#ffffff leftMargin=3D0 topMargin=3D0 name=3D"Compose message =
area"=20
acc_role=3D"text" CanvasTabStop=3D"true">
<DIV><FONT face=3DArial>Steve, I am taking your suggestion =
:-)</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Steve Riley [MSFT]" <<A=20
=
href=3D"mailto:steve.riley@microsoft.com">steve.riley@microsoft.com</A>&g=
t;=20
wrote in message <A=20
=
href=3D"news:76111334-B590-4E75-BC1D-F7E0A07B58C7@microsoft.com">news:761=
11334-B590-4E75-BC1D-F7E0A07B58C7@microsoft.com</A>...</DIV>
<DIV>If you can, build your offline root on some old laptop instead. =
Then when=20
you aren't using it, keep it in a safe.</DIV>
<DIV><BR>-- <BR>Steve Riley<BR><A =
title=3Dmailto:steve.riley@microsoft.com=20
=
href=3D"mailto:steve.riley@microsoft.com">steve.riley@microsoft.com</A><B=
R><A=20
title=3Dhttp://blogs.technet.com/steriley=20
=
href=3D"http://blogs.technet.com/steriley">http://blogs.technet.com/steri=
ley</A><BR><A=20
title=3Dhttp://www.protectyourwindowsnetwork.com/=20
=
href=3D"http://www.protectyourwindowsnetwork.com">http://www.protectyourw=
indowsnetwork.com</A></DIV>
<DIV> </DIV>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Marlon Brown" <<A=20
title=3Dmailto:MarlonBrown@discussions.microsoft.com=20
=
href=3D"mailto:MarlonBrown@discussions.microsoft.com">MarlonBrown@discuss=
ions.microsoft.com</A>>=20
wrote in message <A =
title=3Dnews:OTXxQqpAHHA.4496@TK2MSFTNGP02.phx.gbl=20
=
href=3D"news:OTXxQqpAHHA.4496@TK2MSFTNGP02.phx.gbl">news:OTXxQqpAHHA.4496=
@TK2MSFTNGP02.phx.gbl</A>...</DIV>In=20
your experience, any practical hardware capacity planning I should =
be=20
<BR>aware when selecting hardware for a PKI infrastructure =
?<BR><BR>I am=20
planning to use total of two physical servers for redundancy. I =
would=20
<BR>put the Off-line root CA in a Virtual machine and keep it shut=20
down.<BR><BR>I am plannig to use a 3.0GB Pentium, 4GB RAM server. =
From what=20
I have been <BR>reading there is no major prcessing power to worry =
about. I=20
have total of 4 <BR>DC's, total of 15,000 user accounts, but only =
6,000=20
clients.<BR><BR><BR></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0202_01C73ED3.9DE3EBD0--

Hardware considerations for PKI

Re: Hardware considerations for PKI by Steve

Re: Hardware considerations for PKI by Marlon