Do I need a CA\PKI

TheMSsForum.com: The Microsoft Software Forum

I will be setting up an Active Directory network in the near future. I was
wondering if I need a CA\PKI for my environment. Here is what I am looking
at setting up.

Two domain controllers, that will also serve as file servers. One of the
domain controllers will have a tape backup unit connected to it running
Backup Exec. IIS will not be installed anywhere in the domain. Users will
have a home directory, and may have access to other shared directories as
needed. The majority of users will be connecting to the domain in the LAN,
and will not have access to the domain remotely. All the servers in the
domain will be in the same location.

Given this environment, do I need to set up a CA/PKI? If so what are the
reasons and advantages of doing so? Thanks for any input.
Top

RE: Do I need a CA\PKI by BenMiller

BenMiller
Thu Nov 16 21:37:01 CST 2006

From what you are describing, it does not sound like a CA will be required
assuming you don't deploy smart cards or some other form of authentication
that requires certificates. If you intend to deploy a secure wireless
network, then a CA will be needed.

A CA/PKI is not terribly resource intensive if you are not serving a bunch
of clients, so i wouldn't be concerned if you find that one is required at
some point.

Hope this helps!

-Ben


"zeb2100" wrote:

> I will be setting up an Active Directory network in the near future. I was
> wondering if I need a CA\PKI for my environment. Here is what I am looking
> at setting up.
>
> Two domain controllers, that will also serve as file servers. One of the
> domain controllers will have a tape backup unit connected to it running
> Backup Exec. IIS will not be installed anywhere in the domain. Users will
> have a home directory, and may have access to other shared directories as
> needed. The majority of users will be connecting to the domain in the LAN,
> and will not have access to the domain remotely. All the servers in the
> domain will be in the same location.
>
> Given this environment, do I need to set up a CA/PKI? If so what are the
> reasons and advantages of doing so? Thanks for any input.
Top

RE: Do I need a CA\PKI by zeb2100

zeb2100
Fri Nov 17 10:13:03 CST 2006


Thanks for the reply. I am new to Active Directory, and want to keep it as
simple as possible until I gain a little more experience.

"Ben Miller" wrote:

> From what you are describing, it does not sound like a CA will be required
> assuming you don't deploy smart cards or some other form of authentication
> that requires certificates. If you intend to deploy a secure wireless
> network, then a CA will be needed.
>
> A CA/PKI is not terribly resource intensive if you are not serving a bunch
> of clients, so i wouldn't be concerned if you find that one is required at
> some point.
>
> Hope this helps!
>
> -Ben
>
>
> "zeb2100" wrote:
>
> > I will be setting up an Active Directory network in the near future. I was
> > wondering if I need a CA\PKI for my environment. Here is what I am looking
> > at setting up.
> >
> > Two domain controllers, that will also serve as file servers. One of the
> > domain controllers will have a tape backup unit connected to it running
> > Backup Exec. IIS will not be installed anywhere in the domain. Users will
> > have a home directory, and may have access to other shared directories as
> > needed. The majority of users will be connecting to the domain in the LAN,
> > and will not have access to the domain remotely. All the servers in the
> > domain will be in the same location.
> >
> > Given this environment, do I need to set up a CA/PKI? If so what are the
> > reasons and advantages of doing so? Thanks for any input.
Top

Re: Do I need a CA\PKI by Brian

Brian
Fri Nov 17 13:48:57 CST 2006

In article <D7F69C06-4347-4BBA-AEFA-6AEA2E6CCFA8@microsoft.com>, zeb2100
@discussions.microsoft.com says...
> I will be setting up an Active Directory network in the near future. I was
> wondering if I need a CA\PKI for my environment. Here is what I am looking
> at setting up.
>
> Two domain controllers, that will also serve as file servers. One of the
> domain controllers will have a tape backup unit connected to it running
> Backup Exec. IIS will not be installed anywhere in the domain. Users will
> have a home directory, and may have access to other shared directories as
> needed. The majority of users will be connecting to the domain in the LAN,
> and will not have access to the domain remotely. All the servers in the
> domain will be in the same location.
>
> Given this environment, do I need to set up a CA/PKI? If so what are the
> reasons and advantages of doing so? Thanks for any input.
>
Nothing you have defined here requires a PKI. Your trigger will be the
deployment of an application that requires certificates for signing,
authentication (same thing really), or encryption.

Brian
Top