Mua phần cứng mới là luôn luôn một cách dễ dàng để đạt được sự tuân thủ, nhưng cũng là đắt nghiên cứu NAP Microsoft đã cung cấp một blog cụ thể liệt kê các thiết bị chuyển mạch thử nghiệm cho | 392 Chapter 9 Planning and Designing a Public Key Infrastructure Real World JC Mackin Windows Server 2008 introduces a number of enhancements to Active Directory Certificate Services AD CS the inclusion of an Online Certificate Status Protocol OCSP responder support for network device enrollment support for Cryptography Next Generation CNG algorithms and several other improvements. However these new features are not available by default if your Active Directory forest predates Windows Server 2008 which is very likely unless your network is brand new. Before you can take advantage of the new features offered by Windows Server 2008 enterprise CAs you need to upgrade your pre-existing Active Directory schema. Note however that you don t need to upgrade any domain controllers or adjust any forest or domain functional levels. Upgrading the Active Directory schema is a straightforward process. To perform this procedure first locate the schema master in your Active Directory forest. Most sources will give you a complicated way to find this information but you just need to type the command netdom query fsmo on a domain member server at a command prompt. You then perform the following steps on the schema master. First insert the Windows Server 2008 product DVD into the DVD drive. Then log on to the domain as a member of the Schema Administrators and Enterprise Administrators groups. Next open a command prompt and navigate to the X sources adprep directory where X is the drive assigned to the DVD drive . Finally type the command adprep forestprep. After the procedure is complete wait for the changes to replicate to all domain controllers in the forest before you install a Windows Server 2008 enterprise CA. Lesson 1 Identifying PKI Requirements 393 Lesson 1 Identifying PKI Requirements In Windows Server 2008 networks a PKI relies on one or more CAs deployed through AD CS. However deploying a PKI is not as simple as adding the AD CS role in Server Manager. For most .