none
NDES and domain membership

    Pregunta

  • Hi

    Is domain membership required for the server hosting the NDES role i.e when placing the server is a DMZ? I am using Windows Server 2008 R2 SP1 Enterprise.

    Kind regards

    Flagzz

    miércoles, 21 de marzo de 2012 17:52

Respuestas

  • Hi,

    This depends on the NDES deployment scenarios: enterprise and standalone.

    For Enterprise NDES deployments, NDES needs to be installed on a domain member web server and configured to use an enterprise CA for certificate enrollment and certificate query operations.

    For Standalone NDES deployments, NDES is installed on the same computer as a standalone root CA.

    For more information, please refer to:

    AD CS: Deploying Network Device Enrollment Service
    http://technet.microsoft.com/en-us/library/ff955646(v=ws.10).aspx

    Hope this helps.

    Regards,

    Bruce
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    viernes, 23 de marzo de 2012 10:04

Todas las respuestas

  • Hi,

    This depends on the NDES deployment scenarios: enterprise and standalone.

    For Enterprise NDES deployments, NDES needs to be installed on a domain member web server and configured to use an enterprise CA for certificate enrollment and certificate query operations.

    For Standalone NDES deployments, NDES is installed on the same computer as a standalone root CA.

    For more information, please refer to:

    AD CS: Deploying Network Device Enrollment Service
    http://technet.microsoft.com/en-us/library/ff955646(v=ws.10).aspx

    Hope this helps.

    Regards,

    Bruce
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    viernes, 23 de marzo de 2012 10:04
  • Hi;

    So according to Bruce-Liu's reply, in a DMZ environment, its better to use Stand-alone scenario, because of its reduced attach surface and then harden the server with security features like Security Configuration Wizard and also enable SSL on the /mscep_admin.

    For more information go to the following link:

    http://www.microsoft.com/download/en/details.aspx?id=1607

    Thanks



    • Editado R.Alikhani viernes, 23 de marzo de 2012 11:37
    viernes, 23 de marzo de 2012 11:34
  • Hi Bruce and R. Alikhani

    Thanks for the answer :)

    Kind regards

    Flagzz

    sábado, 24 de marzo de 2012 16:06