Hi all
We currently have a W2K8 R2 CA front ended by an NDES server providing certificates for mobile devices that access email via EAS.
When we built out the certificate server we did not take in to account and Disaster recovery for this server so now we have an active CA thats issues many CA's.
I have been tasked to bolster this side of our infrastructure so that we can still have access to our CA infrastructure in the event of a loss of the server of site.
I've seen the articles on the internet suggesting we create a new CA with 2 x subordinates. The CA is powered down for safe keeping and the subordinates perform all of the certificate signing. I do have concerns about moving to this and would really like any pointers on how I should proceed.
Thanks