802.1X and Microsoft

I was kind of surprised today to find that someone had responded to a twitter comment I posted on how easy to manage Microsoft’s PKI integration is. To me its definitely a case of if your business a Microsoft shop with all computers member’s of the domain then you can use the fact that Microsoft leverages AD to push out certificates to both users and clients and all this integrates nicely with IAS. Of course there are definite limitations, especially if you want to use IAS for more than just authenticating to AD but for a lot of customers it just makes sense to deploy this way as their network is uniformly MS PC’s. It is a pita to setup your certificate infrastructure and to know enough about what you are doing to implement a best practices configuration. To Microsoft’s credit this process is well documented on their websites, but it still is confusing the first time you try it (and perhaps a few times afterwards) until you gain some understanding of what you are trying to accomplish.

I have worked quite a lot now with both IAS and Certificate Services in setting up 802.1X for client’s WLANs and have gained some good knowledge of the process (I was terrible at first at it, basically following the MS documents). I still find, however, that I can learn things and the above person’s post to twitter pointed me to some of the shortcoming’s of the MS solution. Thanks for that! Now time to get back to designing and implementing wireless networks.