The CA boundary
Before starting a deployment, it is important to decide on the operation boundaries that the PKI design will reflect. We need to decide under which domain, forest, or network segment the deployment will operate. Once the boundaries are defined, it can be hard to extend it later without any physical or logical network layer changes. As an example, if you have a CA in the perimeter network and you need to extend the boundary to the corporate network, that will require some network boundary changes. In another example, if a partner company or third party wants to use the corporate CA, that will require AD CS role changes, firewall changes, network routing changes, DNS changes, and more. Therefore, it's important to evaluate these ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access