Bryan,

Thanks for the info.

Configuring a PKI solution is a huge undertaking.  It does solve the encryption issue within your Forest but it is highly recommended that offload NICs be used wherever appropriate to handle the added traffic.  

 

Firm.

 

From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Bryan Murphy
Sent: Monday, January 29, 2007 11:44 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] End-to-End Encryption

 

Using MS Certificate Server you can set up a full blown PKI,  complete with client auto-enrollment for user certificates, EFS (encrypted file system), and PGP-like security for exchange users.

 

Having MS's Public Key Infrastructure actually makes EFS useful as the key isn't stored on the machine that you are encrypting.

 

It all seems like a nice solution.  Although, I have only read about it and dreamt of having the time to set it up.  It certainly doesn't look like a small undertaking. :)

 

 

If you decide to go for this or some other solution please share experience.  

 

Bryan Murphy | CISSP, MCP |

IT Coordinator | MSU Plant Research Lab & Plant Biology

 

 

On Jan 28, 2007, at 1:31 PM, Charlot, Firmin wrote:



Deploying and maintaining an enterprise solution to encrypt targeted data (databases, files, and emails) can be cumbersome and expensive.  The ideal solution is one that does not change the user’s behavior.  On the support site it would provide an easy way for an administrator to restore and decrypt data in case of emergency.  It would be nice if such a solution does not make a noticeable dent in one’s budget.

 

Back to reality!

 

Is there anyone out there using an enterprise encryption solution and if so would you mind sharing about your setup?

 

Thanks.

 

 

Firmin Charlot, MCSE, A+

Information Systems Manager

Educational and Support Services

162 Student Services Building

East Lansing, MI 48824

[log in to unmask]

(517) 432-7541

 



 

Bryan Murphy | CISSP, MCP |

IT Coordinator | MSU Plant Research Lab & Plant Biology