1
00:00:06,850 --> 00:00:15,220
When you decide to implement ADC s in your organization one of the first decisions you must take is

2
00:00:15,220 --> 00:00:25,540
how to design your SCA hierarchy see a hierarchy determines the core design of your internal PGI and

3
00:00:25,620 --> 00:00:30,400
determines the purpose of which CAA in the hierarchy.

4
00:00:31,600 --> 00:00:43,610
Each C hierarchy usually includes two or more C is usually the second C and all others after that deploy

5
00:00:43,630 --> 00:00:49,060
with a specific purpose only the route C is mandatory.

6
00:00:49,830 --> 00:00:58,890
Having a Multi Level C a hierarchy that is deployed to use PGI and certificates is not mandatory for

7
00:00:58,890 --> 00:01:01,380
a smaller round simpler environments.

8
00:01:01,380 --> 00:01:10,380
You can have a c a hierarchy with just one deployed C this usually deploys as an enterprise rootsy.

9
00:01:10,920 --> 00:01:20,940
Additionally you may choose to not deploy an internal CIA at all and to use externally provided certificates

10
00:01:21,960 --> 00:01:31,200
if you decide to implement SCA hierarchy and have deployed a root CEO already you must decide which

11
00:01:31,200 --> 00:01:37,610
roles to assign Cs on the second and third tires.

12
00:01:37,650 --> 00:01:48,870
In general it is not recommended build an SCA hierarchy deeper than three levels unless it is in a complex

13
00:01:48,870 --> 00:01:59,080
and distributed environment most commonly C hierarchies have two levels with their roots S.A. at the

14
00:01:59,080 --> 00:02:09,150
top level and the subordinate issue and C on the second level usually the route C is taken off line

15
00:02:09,420 --> 00:02:16,230
while the subordinate C issues and manages certificates for all clients.

16
00:02:17,090 --> 00:02:26,300
However in some more complex scenarios you can also deploy other types of C hierarchies in general C

17
00:02:26,330 --> 00:02:35,500
hierarchies fall into one of following categories see hierarchies with policies here.

18
00:02:35,530 --> 00:02:45,270
This category is for policies which are types of subordinate seats that are directly below the rules

19
00:02:45,270 --> 00:02:49,990
C in it's a hierarchy you use policies.

20
00:02:49,990 --> 00:03:01,240
These two issues see certificates to subordinate seats that are directly below the policy in the hierarchy

21
00:03:02,390 --> 00:03:12,050
the role of a policy C is to describe the policies and procedures that an organization implements to

22
00:03:12,050 --> 00:03:14,220
secure its PGI.

23
00:03:14,560 --> 00:03:24,170
Are processes that will entail the identity of certificate holders and the processes that enforce the

24
00:03:24,170 --> 00:03:33,880
procedures that manage certificates at policies C issues certificates only to others.

25
00:03:33,900 --> 00:03:45,180
Is this is that receive this certificate must uphold and enforce the policies that the policy is a defined

26
00:03:46,210 --> 00:03:57,300
use policy sees and is not mandatory unless different divisions sectors or locations of your organization

27
00:03:57,660 --> 00:04:09,490
require different issuance policies and procedures however if your organization requires different issuance

28
00:04:10,090 --> 00:04:20,740
policies and procedures you must add policies to the hierarchy to define each unique policy.

29
00:04:20,740 --> 00:04:31,660
For example an organization can implement one policy for all certificates that issues internally to

30
00:04:31,900 --> 00:04:41,920
employees and another policy for all certificates that it issues to users who are not employees.

31
00:04:43,560 --> 00:04:54,480
Another category is C hierarchies with cross certification trust and this scenario two independent C

32
00:04:54,500 --> 00:04:57,610
hierarchies interoperate.

33
00:04:57,720 --> 00:05:08,640
When SCA in one hierarchy issues a cross certified C certificate to SCA in another hierarchy.

34
00:05:08,640 --> 00:05:21,890
When you do this you establish mutual trust between different C hierarchies and other category is CS

35
00:05:22,190 --> 00:05:28,340
with a two tyre hierarchy in a two tier hierarchy.

36
00:05:28,340 --> 00:05:37,970
There is a route C and at least one subordinate C and this Siniora the subordinate say is responsible

37
00:05:37,970 --> 00:05:43,310
for policies and for issuance certificates to requesters.