Phidiax Tech Blog

Adventures in custom software and technology implementation.

SCVMM 2012 R2 Archiving Root CA server to VMM Library

2. April 2015 JoshKealiher@phidiax.com Microsoft System Center, Phidiax Technology (0)

Background

When building a multi-tier Windows 2012 R2 Enterprise Certificate Authority with an off-line Root CA there is the decision of what to do with the offline Root CA server until it is needed again.

Proposed Solution

In many cases that server VM would be archived off to a drive and perhaps sent to an archive service site for long term storage. That still might be necessary as a failsafe, but for quick offline access that can be restored any time, it might be best served to archive that VM off to a VMM library server share.

Solution Benefits:

  • Saving the offline Root Certificate Authority is critical to your infrastructure when you need to resign the issuing certificate authority's root cert
  • Certificate Authorities commonly are forgotten due to the number of years that they are often in place before they need to be resigned, when certs unexpectedly begin to expire there is generally a scramble to get new certificates in place.
  • SCVMM is a single pane of glass to all things related to managing your VM infrastructure

Solution

In my case, I have 2 Hyper-V hosts managed within my System Center Virtual Machine Manager 2012 R2 lab environment. One of the Hosts has a large amount of available storage that I have joined to the SCVMM Library as a library share. I mainly use this secondary library to hold all of the ISO files and present those within SCVMM for building new VMs.

scvmmlib1

The offline Root CA VM gets stored in the library.

scvmmlib2

The Hyper-V library server is chosen.

scvmmlib3

The Archive folder on the Hyper-V library share is chosen as the place to store the archived VM.

scvmmlib4


Deploy VM job runs to move the VM data files and settings to the library share.

scvmmlib5


Verify that the data has been moved to that share location.

scvmmlib7

The Root-CA01 server is now in a stored state in the library server and is not impacting any production storage resources.

scvmmlib6

Conclusion

In conclusion, the aim here is to provide a quick solution to a misplace-able piece of technology, the Private Key Infrastructure. It is rather easy to forget the original design of the Certificate Authority, especially when only every 5 to 10 years anything needs to be done about it. When that time does come, it is generally a priority to get things restored quickly.

In this case, there is a quick and easy solution... Above, all that is necessary at this point is to right-click the stored VM, click Deploy, and you can point that resource to any Hyper-V host and network that are presented to it.

Add comment

Loading
News & Events View More...

Technologies We Use

Follow Us



Meet Our Team

Privacy Policy  |  Contact  |  Careers

2009-2017 Phidiax, LLC - All Rights Reserved