Deployment Security Designs for Forefront IAG/UAG Virtual Appliances

One of the most compelling capabilities being added in IAG SP2 (which will also be available in UAG) is the ‘virtual appliance’ installation option. A virtual appliance is a preconfigured, ready to use Virtual Machine that already has Windows Server and IAG / UAG installed. Microsoft will build the VHD and make it available for…

1

To Cluster or Not to Cluster CAs

One of the many enhancements in Active Directory Certificate Services in Windows Server 2008 is support for 2 node active / passive clustering. We have a great whitepaper, Configuring and Troubleshooting Certification Authority Clustering in Windows Server 2008, which walks you through the setup process. Because we just leverage the Failover Clustering already in Windows,…

1

the Microsoft HSPD-12 / FIPS 201 / PIV solution

My TechNet article on the HSPD-12 project I’ve been leading just got published, http://www.microsoft.com/technet/technetmag/issues/2005/11/PostMortem/default.aspx.  It’s the first time I’ve ever written an article for publication and, overall, it was a great experience, thanks to the guys at TechNet Magazine taking care of all the logistics.  I hope its useful to all my Federal clients and…

1

Its been awhile…

A lot has happened since my last post, particularly in my home state of Louisiana.  Katrina and Rita were devastating events but Louisiana will be back.  As bad as the storms were, they weren’t the first that LA has experienced and won’t be the last.  My grandmother, who survived the great flood of 1927, Betsy…

0

Windows Server 2003 R2 DFS Replication rocks

I recently did some work with one of the best features of the upcoming R2 release of Windows Server 2003, DFS Replication.  DFS Replication is the successor to FRS and it has a lot of goodness about it it, primarily the fact that it does delta replication.  In other words, if you have a 1GB…

0

idNexus 3.0 released

Alacris, one of our key PKI partners, just released version 3 of their excellent idNexus product.  idNexus is a registration authority front end that provides smart card provisioning and lifecycle management capabilites.  It’s built on .NET and heavily leverages / integrates with Active Directory to provide great customization and workflow capabilities.  If you’ve ever done…

0

"Who am I? Why am I here?"

No, this is not the second coming of much (and unduly) ridiculed Ross Perot running mate James Stockdale.  But the often misunderstood quote seemed like a good title for the first post.  So, to introduce myself, I’m John Morello and I’m a Senior Consultant with Microsoft.  My specialties are public key crypto and general network…

0