Integration Into Existing Environments (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure)

  • Article

Applies To: Windows Server 2003 with SP1

When you combine client computers running Microsoft Windows 2000 Professional or Windows XP Professional and computers running a member of the Windows Server 2003 family, you have a range of PKI enhancements that let you securely extend your network to employees, partners, customers, and services. It enhances the management and performance features of the Windows 2000 security infrastructure. Windows XP Professional and the Windows Server 2003 family offer many PKI-specific business benefits to organizations that require secure business processes and IT infrastructures.

The base set of features is provided in the Windows Server 2003 family, and enhanced certification authority functionality is provided in Windows Server 2003 Server, Enterprise Edition, and Windows Server 2003 Server, Datacenter Edition. The PKI that is part of the Windows Server 2003 release is an improved version of the Windows 2000 PKI functionality. Nevertheless, you can combine a Windows Server 2003-driven PKI with an existing Windows 2000 Active Directory environment and certification authority (CA) infrastructure.

Client computers running either the Windows 2000 or Windows XP operating systems will benefit the most from a Windows Server 2003 PKI deployment, along with hardware devices that support the Windows environment. For more information about the capabilities of each client, see the Windows Server 2003 Help.

Determining Secure Application Requirements

The Windows Server 2003 Standard and Enterprise Editions include a full-featured PKI that delivers the business benefits of current public key cryptography. Users, computers, and services benefit from encryption and signing capabilities.

The Windows Server 2003 PKI supports a broad range of applications, including:

  • Secure logon with smart cards

  • Confidential and secure e-mail

  • Secure code

  • Trusted, on-demand access to network resources for remote users and trusted, permanent network connectivity for remote offices with network security, including remote access, virtual private networks (VPN) and wireless authentication

  • File protection in the event of stolen or lost portable computers and other storage devices

  • Access control and single-identity authorization across a range of Web and application servers

  • Digital signatures that enable tamper-proof, legally-binding transactions

  • Scalable technology to support millions of users and high-volume digital signature transactions

For more information about how the Windows PKI supports these applications, see the following articles on the Microsoft Web site:

The Windows Server 2003 PKI solution has several advantages over commercial third-party PKIs that are not part of the operating system and must be purchased separately. Users and access control are managed centrally through Active Directory, which simplifies the overall PKI management burden. Further, a Windows Server 2003 PKI does not require either per-certificate or per-user license fees that would raise the total cost of ownership (TCO) of the system. The PKI functionality in the Windows Server 2003 family integrates very well with many other features of the operating system.