Microsoft Secure Wireless

I am building a test domain around the published Microsoft Step-by-step
guide for setting up a secure Wireless Access in a Test Lab. I am building
a DC, IAS, IIS etc..from scratch and what ever happens to those test
machines, who cares. My concern is that we currently do not use CA in our
production environment and am not sure how to take this "test" into a live
production without affecting the environment if something goes bad. Has
anyone implemented this guide into a production environment? Any words of
wisdom?

Thanks - Sean

HelpPls

Yes, we have done that. Most concerns are around the enterprise CA and
correct procedures for key management and enterprise trust. On a positive
side, you get a lot more than just secure wireless - the PKI infrastructure
is highly reusable for Intranet security, strong authentication, secure
mail, you name it:

www.microsoft.com/pki

Other thatn that, the guidelines are directly applicable to production. Any
particular questions?

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

"HelpPls" <> wrote in message
news:...
> I am building a test domain around the published Microsoft Step-by-step
> guide for setting up a secure Wireless Access in a Test Lab. I am
building
> a DC, IAS, IIS etc..from scratch and what ever happens to those test
> machines, who cares. My concern is that we currently do not use CA in our
> production environment and am not sure how to take this "test" into a live
> production without affecting the environment if something goes bad. Has
> anyone implemented this guide into a production environment? Any words of
> wisdom?
>
> Thanks - Sean
>
>

Thank you for the link, I will read that this weekend but in the mean time,
I do have a few additional questions.

What Access Point did you guys choose to go with?
Does the CA have to be installed on a DC?
Can the CA/IAS/IIS all be installed on 1 machine?
Can I use the above in conjunction with OWA or to secure my ISA 2000 VPN
(PPTP) etc...

Most importantly, can a CA/IAS be removed from safely from domain? And how
are clients affected if the CA goes down?

Thanks -

Sean



"S. Pidgorny <MVP>" <> wrote in message
news:...
> Yes, we have done that. Most concerns are around the enterprise CA and
> correct procedures for key management and enterprise trust. On a positive
> side, you get a lot more than just secure wireless - the PKI
infrastructure
> is highly reusable for Intranet security, strong authentication, secure
> mail, you name it:
>
> www.microsoft.com/pki
>
> Other thatn that, the guidelines are directly applicable to production.
Any
> particular questions?
>
> --
> Svyatoslav Pidgorny, MVP, MCSE
> -= F1 is the key =-
>
> "HelpPls" <> wrote in message
> news:...
> > I am building a test domain around the published Microsoft Step-by-step
> > guide for setting up a secure Wireless Access in a Test Lab. I am
> building
> > a DC, IAS, IIS etc..from scratch and what ever happens to those test
> > machines, who cares. My concern is that we currently do not use CA in
our
> > production environment and am not sure how to take this "test" into a
live
> > production without affecting the environment if something goes bad. Has
> > anyone implemented this guide into a production environment? Any words
of
> > wisdom?
> >
> > Thanks - Sean
> >
> >
>
>

Inline:

"HelpPls" <> wrote in message
news:OMG#...
> Thank you for the link, I will read that this weekend but in the mean
time,
> I do have a few additional questions.
>
> What Access Point did you guys choose to go with?

Cisco 1100/1200 with the latest IOS updates.

> Does the CA have to be installed on a DC?

Nope.

> Can the CA/IAS/IIS all be installed on 1 machine?

Could be.

> Can I use the above in conjunction with OWA or to secure my ISA 2000 VPN
> (PPTP) etc...

I would suspect so. It's perfectly valid SBS scenario.

>
> Most importantly, can a CA/IAS be removed from safely from domain? And
how
> are clients affected if the CA goes down?

The CA going down doesn't affect the clients at all. They don't even check
the IAS certificate expiration (because they don't have connection at the
time of the cert verification)


--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-