Meeting the InCommon Assurance profile criteria using Active Directory

[Eric Goodman <>]

Agreed.

 

Thanks for fixing!

 

--- Eric

 

From: [mailto:] On Behalf Of Rank, Mark
Sent: Monday, July 01, 2013 10:05 AM
To:
Subject: [AD-Assurance] RE: NR,*J*IT edits to cookbook

 

Brian:

 

Works for me.

Mark

 

 

--------------------------------------------------

Mark Rank
Project Manager - Identity & Access Mgt

UCSF Information Technology Services (ITS)
email:

phn:414-331-1476

--------------------------------------------------

---

From: [] on behalf of Brian Arkills []
Sent: Friday, June 28, 2013 11:16 AM
To:
Subject: [AD-Assurance] RE: NR,*J*IT edits to cookbook

·         Noting that the use of full disk encryption on DCs running on VMs is not supported by Microsoft

[BA] I've made an edit to appendix C to address the concern I voiced on the call today. It now says:

 

A potential issue with the use of BitLocker on Domain Controllers arises if you deploy DCs via virtual machines (VMs), as Microsoft does not support BitLocker directly within VMs. However, Microsoft notes that if you BitLocker a HyperV host (i.e. the volumes the guest disks are on), the BitLocker protections are enjoyed by all guest VMs. Microsoft may or may not support other full disk encryption solutions when virtualizing a Domain Controller, so check on support from Microsoft if you run in an alternate configuration.