logo-nt
02.02.2009 NT-LNet - Implementing Network Infrastructure Based on Linux systems
09.02.2009 1737 - Microsoft Operations Framework Essentials
15.01.2009 M8627 - Introduction in Microsoft Dynamics Axapta 4.0
Russian version

M2821

Designing and Managing a Windows Public Key Infrastructure

Course length: 4 days

Introduction

This four-day, instructor-led course provides students with the knowledge and skills to design, deploy, and manage a public key infrastructure (PKI) to support applications that require distributed security. Students get hands-on experience implementing solutions to secure PKI-enabled applications and services, such as Microsoft Internet Explorer, Microsoft Exchange Server, Microsoft Internet Information Server, Microsoft Outlook®, and remote access services.

Audience

This course is intended for IT systems engineers who are responsible for designing and implementing security solutions. Individuals should have knowledge and experience to install and configure the Active Directory® directory service and security mechanisms for computers running Microsoft Windows® 2000 Server or Windows Server™ 2003 family.

At Course Completion

After completing this course, students will be able to:

  • Describe PKI and the major components of a PKI.
  • Design a certification authority (CA) hierarchy to meet business requirements.
  • Install Certificate Services to create a CA hierarchy.
  • Perform certificate management tasks, CA management tasks, and plan for disaster recovery of Certificate Services.
  • Create and publish a certificate template, and replace an existing certificate template.
  • Enroll a certificate manually, autoenroll a certificate, and enroll a smart card certificate.
  • Implement manual and automatic key archival and recovery in a Windows Server 2003 PKI.
  • Configure trust between organizations by configuring and implementing qualified subordination.
  • Deploy smart cards in a Windows environment.
  • Secure a Web environment by implementing SSL security and certificate-based authentication for Web applications.
  • Implement secure e-mail messages by using Microsoft Exchange Server in a Windows 2000 or Windows 2003 environment.

Prerequisites

Before attending this course, students must have:

  • Familiarity with Windows 2000 or Windows Server 2003 core technologies, such as those described in the following Microsoft Official Curriculum (MOC) courses:
    - M2274: Managing a Microsoft Windows Server 2003 Environment
    - M2275: Maintaining a Microsoft Windows Server 2003 Environment
    - M2152: Implementing Microsoft Windows 2000 Professional and Server
  • Familiarity with Windows 2000 or Windows 2003 networking technologies, such as those described in the following MOC courses:
    - M2277: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services
    - M2153: Implementing a Microsoft Windows 2000 Network Infrastructure
  • Familiarity with Windows 2000 or Windows 2003 directory services technologies, such as those described in the following MOC courses:
    - M2279: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
    - M2154: Implementing and Administering Microsoft Windows 2000 Directory Services

Course Outline

  • Overview of Public Key Infrastructure
    - Introduction to PKI
    - Introduction to Cryptography
    - Certificates and Certification Authorities
  • Designing a Certification Authority Hierarchy
    - Identifying CA Hierarchy Design Requirements
    - Common CA Hierarchy Designs
    - Documenting Legal Requirements
    - Analyzing Design Requirements
    - Designing a CA Hierarchy Structure
  • Creating a Certification Authority Hierarchy
    - Creating an Offline CA
    - Validating Certificates
    - Planning CRL Publication
    - Installing a Subordinate CA
  • Managing a Public Key Infrastructure
    - Introduction to PKI Management
    - Managing Certificates
    - Managing Certification Authorities
    - Planning for Disaster Recovery
  • Configuring Certificate Templates
    - Introduction to Certificate Templates
    - Designing and Creating a Certificate Template
    - Publishing a Certificate Template
    - Managing Changes in a Certificate Template
  • Configuring Certificate Enrollment
    - Introduction to Certificate Enrollment
    - Enrolling Certificates Manually
    - Autoenrolling Certificates
  • Configuring Key Archival and Recovery
    - Introduction to Key Archival and Recovery
    - Implementing Manual Key Archival and Recovery
    - Implementing Automatic Key Archival and Recovery
  • Configuring Trust Between Organizations
    - Introduction to Advanced PKI Hierarchies
    - Qualified Subordination Concepts
    - Configuring Constraints in a Policy.inf File
    - Implementing Qualified Subordination
  • Deploying Smart Cards
    - Introduction to Smart Cards
    - Enrolling Smart Card Certificates
    - Deploying Smart Cards
  • Securing Web Traffic by Using SSL
    - Introduction to SSL Security
    - Enabling SSL on a Web Server
    - Implementing Certificate-based Authentication
  • Configuring E-mail Security
    - Introduction to E-mail Security
    - Configuring Secure E-mail Messages
    - Recovering E-mail Private Keys
    - Migrating a KMS Database to a CA Running Windows Server 2003

Microsoft Certified Professional Exams

  • Exam 70-214: Implementing and Managing Security in a Windows 2000 Network Infrastructure
  • Exam 70-220: Designing Security for a Microsoft Windows 2000 Network
  • Exam 70-298: Designing Security for a Microsoft Windows Server 2003 Network
  • Exam 70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Course Materials

The student kit includes a comprehensive workbook and other necessary materials for this class.

Related courses:

Return to the list of Microsoft courses
Training Conditions
Schedule
Microsoft Certification
Directions
Home Page
About Education Center

More training:

0x01 graphic

Microsoft Software Assurance

What is Software Assurance?

Software Assurance (SA) provides an easy way for Microsoft's Volume Licensing customers to stay current with the latest and most innovative Microsoft products. Under the SA program, customers acquire the right to install any new release of products covered in the agreement during the term of their coverage. Companies can acquire tomorrow's technology at today's prices and have the ability to spread payments annually instead of paying up front. Visit www.microsoft.com/licensing to learn more about Microsoft's licensing programs.

What is the SA Enhancement Offering?

The SA Enhancement Offering is designed to increase customer satisfaction by giving customers more value from Software Assurance and a better Microsoft product experience. The Enhancement Offering contains tools, training, and support as well as additional licensing benefits which meet different customer needs across product segments and across customer segments. The many benefits include:

  • Training vouchers redeemable
  • Employee Purchase Program
  • Home Use Program
  • Problem Resolution Support
  • TechNet Subscription
  • Technology & Tools

What is the Software Assurance (SA) Training Voucher Program?

Qualifying organizations that purchase Software Assurance receive training credits from Microsoft. Each training credit is worth the equivalent of one day of training at Networking Technologies™. Customers can redeem these credits for SA Training Vouchers for select Microsoft courses from «Networking Technologies»™.

How to Get Started?

Contact the individual in your organization responsible for software purchases to verify that you purchased volume licensing with Software Assurance. We can help you activate your benefits and administer the training vouchers. To register for a training contact Education Center «Networking Technologies»™ directly via e-mail edu@tex.kiev.ua

Home
About | Certification | Schedule
Top