Sign in

Microsoft.com

Microsoft

Remove From My Forums

Certs and Central Forest model

Question
0

Sign in to vote

Does anyone have any thoughts / comments on deploying OCS in Central Forest model, when the central forest only exists to contain the OCS servers. IIFP will be used to import user details as contacts from a multi domain tree in the user forest.

My main queries are around the PKI and certifcates involved in this solution. As far as I can tell from the documentation no federated trusts need to be configured as all identity / access is handled by the IIFP/MIIS imports. However in a standard deployment there is a requirement for an existing PKI structure to certify the various components.

Would we just need to requests certs for the central forest OCS servers from our existing CA's in the user forest.

Hope that makes sense.

Regards

Antony

Tuesday, January 13, 2009 4:43 PM

All replies

0

Sign in to vote

It belong to your configuration of the user forest. Is there a separate PKI, or do you use the PKI from the central forest?

Tuesday, January 13, 2009 9:05 PM
0

Sign in to vote

The model has been propsed by a service organisation who will be supporting and supplyinig OCS. The central forest will only exist to hold OCS servers and supporting infrastructure. This is (according to them) to provide clear demarkation between our infrastructure and theirs for support deliniation.

There will only be a PKI in the User forest and there will be no trusts set up etc.

Wednesday, January 14, 2009 8:45 AM
1

Sign in to vote

You should have root CA cert on the OCS servers and the user's machine.
There is no special certificate consideration in case of central forest topology..

Regards,
R. Kinker
MCSE 2003 (Messaging), MCTS - LCS 2005, MCTS - OCS 2007
http://www.ocspedia.com

Ram Ojha

Saturday, January 17, 2009 6:45 PM