A SingleTier CA Hierarchy
Some organizations require only basic public key infrastructure (PKI) services. Typically, these are organizations with fewer than 300 user accounts in the directory service. Rather than deploying multiple CAs, a single CA is installed as an enterprise root CA.
The enterprise root CA is not removed from the network. Instead, the computer is a member of the domain and is always available to issue certificates to requesting computers, users, services, or networking devices.
A single-tier CA hierarchy is easy to manage because it involves administration of only a single CA. A problem with this design is the lack of redundancy. If the CA
fails, Certificate Services will not be available to process incoming certificate requests, certificate renewals, or certificate revocation list (CRL) publishing until the CA is restored to service.
Single-tier CA hierarchies are generally used only when simple administration is required, costs must be minimized, and the organization's security policy does not prevent a PKI deployment with a single point of failure.
Average user rating: 5 stars out of 1 votes
Post a comment