1
00:00:07,410 --> 00:00:10,510
ADC yes is an identity technology.

2
00:00:10,560 --> 00:00:19,860
In Windows server that allows you to implement PGI so that you can easily issue and manage certificates

3
00:00:20,250 --> 00:00:29,690
to meet your organization's requirements because it is a combination of software encryption technologies

4
00:00:30,050 --> 00:00:40,340
processes and services that enables an an an organization to secure its communications and business

5
00:00:40,340 --> 00:00:41,450
transactions.

6
00:00:42,260 --> 00:00:52,810
PGI relies on the exchange of digital certificates between authenticated users and trusted resources.

7
00:00:52,810 --> 00:01:05,210
You use certificates to secure data and to manage ID credentials from Users and Computers both within

8
00:01:05,870 --> 00:01:10,800
and outside of your organization.

9
00:01:10,830 --> 00:01:20,160
You can design big guy solution by using ADC s to made the following security and technical requirements

10
00:01:20,160 --> 00:01:21,600
of your organization.

11
00:01:24,940 --> 00:01:33,310
Confidentiality picky gives you the ability to encrypt stored and transmitted data.

12
00:01:33,310 --> 00:01:43,700
For example you can use it big guy enabled encryption file system or a farce to encrypt and secure data.

13
00:01:43,720 --> 00:01:53,440
You also can maintain the confidentiality of transmitted data on public networks by using big guy enabled

14
00:01:53,740 --> 00:01:57,560
Internet Protocol security or IP.

15
00:01:58,720 --> 00:02:10,030
Integrity you can use certificates to sign data digitally a digital signature will identify whether

16
00:02:10,120 --> 00:02:15,920
any data was modified while communicating information.

17
00:02:16,100 --> 00:02:25,710
For example a digitally signed email message will ensure that the messages contained was not modified

18
00:02:25,780 --> 00:02:27,100
while in transit.

19
00:02:27,640 --> 00:02:37,060
Additionally in epic UI the issue in CIA digitally science certificates that are issued to users and

20
00:02:37,060 --> 00:02:42,730
computers which proves the integrity of the issued certificates

21
00:02:45,400 --> 00:02:55,270
authenticity Epicure provides several authenticity mechanisms authentication data passes through hash

22
00:02:55,630 --> 00:03:07,720
algorithms such as Secure Hash Algorithm 2 or else age a 2 to produce a message digest the message digest

23
00:03:07,780 --> 00:03:17,110
then is digitally signed by using the senders private key from the certificate to prove that sender

24
00:03:17,110 --> 00:03:27,550
produced the message digest loan repudiation when data is digitally signed with an author a certificate

25
00:03:27,850 --> 00:03:36,040
the digital signature provides both proof of the integrity of the signed data and proof of the data's

26
00:03:36,220 --> 00:03:41,700
origin and last but not least availability.

27
00:03:41,830 --> 00:03:51,980
You can install multiple seeds in your seed hierarchy to issue certificates if one CAA is not available

28
00:03:51,980 --> 00:03:58,250
in a CIA hierarchy other cities can continue to issue certificates.

29
00:03:58,280 --> 00:04:07,250
Now some votes about a DC s in Windows Server Windows Server deploys all pick UI related components

30
00:04:07,880 --> 00:04:18,470
as the roll services of the ADC s server role each roll service is responsible for a specific portion

31
00:04:18,470 --> 00:04:26,720
of a certificate infrastructure while working together to form a complete solution.

32
00:04:26,720 --> 00:04:33,370
The all services of the ADC s role in Windows Server are as follows

33
00:04:36,500 --> 00:04:39,230
certification authority.

34
00:04:39,230 --> 00:04:48,620
The main purposes of CEOs are to issue certificates to revoke certificates and to publish authority

35
00:04:48,620 --> 00:04:56,000
information access or a high a and revocation information.

36
00:04:56,000 --> 00:05:02,390
When you install the first CAA it establishes the picky eye in your organization.

37
00:05:02,480 --> 00:05:05,970
You can have one or more procedures in one network.

38
00:05:07,120 --> 00:05:13,570
But only once a year can be at the highest point in the C hierarchy.

39
00:05:13,630 --> 00:05:19,570
The route C is the seat at the highest point in the hierarchy.

40
00:05:20,260 --> 00:05:28,780
However you can have more than one C hierarchy which allows you to have more than one a route a

41
00:05:31,400 --> 00:05:39,770
after a route C eight issues a certificate for itself subordinate seats that are lower in the hierarchy

42
00:05:40,180 --> 00:05:50,040
received certificates from the route C the next services certification authority web enrollment.

43
00:05:50,160 --> 00:05:59,610
This component provides a method to issue and renew certificates from users computers and devices that

44
00:05:59,610 --> 00:06:08,520
are not joined to the domain are not connected directly to the network or are for users of operating

45
00:06:08,520 --> 00:06:16,190
systems other than Windows and other role is online responder.

46
00:06:16,190 --> 00:06:24,890
You can use this component to configure and manage on line certificate status protocol or always see

47
00:06:24,980 --> 00:06:36,080
as speed validation and revocation check in an online responder decodes revocation status requests for

48
00:06:36,290 --> 00:06:45,650
specific certificates evaluates the status of those certificates and returns a silent response that

49
00:06:45,650 --> 00:06:55,010
contains the requested certificate status information the certificate revocation data can come from

50
00:06:55,010 --> 00:07:05,560
a CIA on a computer that was running Windows Server 2003 or later the next role is network device enrolment

51
00:07:05,590 --> 00:07:16,920
service or an d e s with this component routers switches and other network devices can obtain certificates

52
00:07:17,050 --> 00:07:25,730
from ADC as the next one is certificate enrollment Web service or c s.

53
00:07:26,140 --> 00:07:34,990
This component works as a proxy client between a computer that is run and Windows 7 or later and the

54
00:07:35,080 --> 00:07:46,150
S.A. Windows Server 2008 are to introduce this component and it requires that the Active Directory forest

55
00:07:46,780 --> 00:07:48,960
is at least at the window thorough.

56
00:07:48,970 --> 00:07:53,580
Two thousand eight are two functional level.

57
00:07:53,590 --> 00:08:02,140
It enables users computer or sound applications to connect to C by using Web services.

58
00:08:03,740 --> 00:08:12,940
To do the following request renew and install issued certificates retrieved certificate revocation list.

59
00:08:13,070 --> 00:08:27,620
Or C R ls download a root certificate and enroll over the Internet or across forests and renew certificates

60
00:08:27,740 --> 00:08:38,770
automatically for computers that are part of untrusted d d domains or are not joint domain.

61
00:08:40,380 --> 00:08:49,040
Another rule of a d CSA is certificate enrollment policy web servers.

62
00:08:49,210 --> 00:09:00,250
This component enables users to obtain certificate enrollment policy information combined with C S it

63
00:09:00,250 --> 00:09:07,210
enables poll is the best certificate enrollment when the client computer is not a member of a domain

64
00:09:07,210 --> 00:09:10,670
or when a domain member is not connected to the domain.

65
00:09:11,780 --> 00:09:20,900
No the ADC is serve a role in addition to all the related role services can run on Windows Server 2016

66
00:09:21,170 --> 00:09:26,610
with a full desktop experience or as Server Core installation.

67
00:09:27,170 --> 00:09:32,540
However ADC s roles cannot run on nano server.

68
00:09:32,540 --> 00:09:42,680
You can deploy the ADC s role services in Windows Server 2016 by using server manager or Windows power

69
00:09:42,680 --> 00:09:50,310
shall command line interface command lapse Additionally you can deploy the roll services while working

70
00:09:50,310 --> 00:10:00,160
locally at the computer or remotely over the network ADC s in Windows Server 2016.

71
00:10:00,420 --> 00:10:09,650
Now has increased support for trusted platform module or TPM key at the station.

72
00:10:09,900 --> 00:10:20,880
Although clan support has existed for TPM protected private keys since Windows 8 ADC is in Windows Server

73
00:10:20,880 --> 00:10:32,520
2012 R2 could only perform TPM key at the station by using the Microsoft platform group to provider

74
00:10:33,550 --> 00:10:45,710
ADC s now allows you to use the Microsoft smart key smartcard key storage provider for TPM key at the

75
00:10:45,710 --> 00:10:57,720
station so that devices that are not domain members can enroll for certificates attesting to a TPM protected

76
00:10:57,750 --> 00:11:03,030
private key by using and d e as enrollment.