TechNet Home > Windows Server System Reference Architecture > Certificate Services

Introduction

Published: March 31, 2005

This blueprint focuses on certificate services, and provides detailed information on how certification mechanisms operate and how they can be deployed in an enterprise-class organization.

Windows Server System Reference Architecture (WSSRA) is an integrated set of service solutions based on architectural guidance for enterprise, corporate, and branch office level scenarios; these scenarios are outlined in the Introduction to Windows Server System Reference Architecture document of this documentation set. Other blueprints have already introduced the requirement for a secure infrastructure, and the Security Architecture Blueprint discussed the process for its design and implementation. Specific implementation details are provided in the Certificate Services Planning Guide.

On This Page
Who Should Read This BlueprintWho Should Read This Blueprint
Knowledge PrerequisitesKnowledge Prerequisites
Business NeedBusiness Need
ReferencesReferences

Who Should Read This Blueprint

This blueprint is written to meet the requirements of information technology (IT) professionals who are responsible for designing and deploying security and network infrastructure in enterprise environments.

Knowledge Prerequisites

The reader of this blueprint is expected to have some prior understanding of the technical details provided. However, service-level expertise is not required to understand the enterprise-level discussions and decisions that are made.

The reader should be familiar with the fundamentals of public key security systems, the benefits they offer, and the components required for implementing them. For further information on public key security systems, refer to the white papers at the following URLs:

“MS Windows 2000 Public Key Infrastructure Introduction” http://www.microsoft.com/technet/archive/windows2000serv/evaluate/featfunc/pkiintro.mspx 

“An Introduction to the Windows 2000 Public-Key Infrastructure”
http://www.microsoft.com/technet/archive/windows2000serv/evaluate/featfunc/pkiintro.mspx

Although the information presented in these papers is specific to Windows 2000 environments, it is also valid for Windows Server 2003 environments.

For more information on certificates, refer to the Microsoft Knowledge Base article “195724 Description of Digital Certificates” at the following URL:

www.support.microsoft.com/?id=195724

Before reading this blueprint, the reader should also be familiar with the basic concepts of the following technologies:

Domain Name System (DNS)

Lightweight Directory Access Protocol (LDAP)

Microsoft Active Directory directory service

For further reading on these technologies, refer to the “References” section in the Network Services Blueprint. More information about Active Directory can also be found at the following URL:

http://www.microsoft.com/windows2000/technologies/directory/ad/default.asp

Business Need

Computer networks are no longer closed systems where the mere presence of a user can serve as a sufficient proof of identity. In this age of information interconnection, an organization's network may consist of intranets, Internet sites, and extranets, all of which are susceptible to intrusion by individuals with malicious intent seeking a variety of data files, from e-mail messages to e-commerce transactions. To mitigate the risks incurred by this susceptibility, mechanisms for establishing and sustaining a user's identity are required. A centrally managed, electronic identity for users can provide the following:

Accessibility of information: Information assets need to be accessible to authorized users and protected from unauthorized access or modification. Passwords can help, but users who have several passwords for accessing different secure systems may choose passwords that are easy to remember and consequently easy to decipher.

Non-repudiation of identity: Information needs to be sent from one user to another with the confidence that the sender of the information is valid. It is also necessary to provide reasonable confidence that the information has not been changed en route.

Privacy of information: Users should be able to send information to other users or access a computer system with confidence that the information cannot be accessed or made available to others, however, it should be possible for the user or system to define who can access the information. Privacy is of particular importance when information is transmitted over the public Internet.

These requirements deal with electronic information assets, and have a direct impact on most organizations. Any mechanism that is implemented to deal with these requirements must be both manageable and secure.

References

The following links provide relevant information for the certificate services and documents related to PKI issues and technologies:

Defining the Security Landscape: http://www.microsoft.com/technet/security/prodtech/windows2000/secwin2k/default.mspx

Security Planning: http://www.microsoft.com/technet/security/bestprac/bpent/sec1/secplan.mspx

Security Strategies: http://www.microsoft.com/technet/security/bestprac/bpent/sec1/secstrat.mspx


**
Download
DownloadWindows Server System Reference Architecture (WSSRA)
40,677 KB
Compressed Word file
Get Office File Viewers

Solution Accelerator Notifications

Sign up to stay informed

Feedback

Send us your comments or suggestions
**

 The Reference Architecture Home Page

Overview Documents

Architecture Blueprints

IT Service Documents

Network Devices

Computing Devices

Storage devices

Deployment Services

Network Services

Firewall Services

Directory Services

File and Print Services

Data Services

Web Application Services

Infrastructure Management Services

Backup and Recovery Services

Certificate Services

Remote Access Services

Middleware Services

Messaging Services