Survivable Branch Appliance Security

 

Topic Last Modified: 2011-04-12

If you deploy a Survivable Branch Appliance for branch-site resiliency, you should take steps to reduce the threat of theft or other malicious access. If a Survivable Branch Appliance is compromised, you should have a plan to reduce the threat to your deployment, including taking the following steps:

• Revoke the branch Registrar and Mediation Server certificate from the issuing certificate authority.

• Remove the Survivable Branch Appliance account from Active Directory Domain Services.

• Remove the Survivable Branch Appliance from the trusted server list by running Topology Builder and remove the Survivable Branch Appliance from the topology, and then publishing the revised topology.

• Block the FQDN of the Survivable Branch Appliance so it cannot connect through your Edge Servers.