Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Certificate Authority role on a Virtual Machine

Status
Not open for further replies.
TekkieDave

TekkieDave

Technical User
May 22, 2002
98
US
Any know of any potential issues with installing the CA role on a hyper-v VM?

I've been reading that installing the CA role on a domain controller isn't a good idea, so I decided to put it on another machine, but I don't want to dedicate hardware to this task.

Is anything going to come back and bite me?

 
Sort by date Sort by votes
My CAs are all VMs (under ESX not Hyper-V) and they work fine.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)

My Blog
 
Upvote 0 Downvote
There's no issue with CAs on VMs. In fact, if you want to deploy a standalone root CA that is offlined for security, then doing it with a VM is a good way to avoid wasting resources on it.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
Do you guys typically place the CA roles on a server that is doing only CA? As opposed to adding it to a server that already has other roles assigned?

 
Upvote 0 Downvote
I would. MS best practice is one role per server, but most people ignore that. One place that I wouldn't ignore that is with anything security related, like certificates. The fewer services it is running the fewer opportunities there are to exploit it.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
As everything in my environment is a VM (with like 5 exceptions out of 200) yes everything gets its own VM including the CA.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)

My Blog
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
222
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
475
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
854
gbaughma
gbaughma
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
164
mikehook
mikehook
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
383
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top