Topic Last Modified: 2011-04-12
If you deploy a Survivable Branch Appliance for branch-site resiliency, you should take steps to reduce the threat of theft or other malicious access. If a Survivable Branch Appliance is compromised, you should have a plan to reduce the threat to your deployment, including taking the following steps:
- Revoke the branch Registrar and Mediation Server certificate
from the issuing certificate authority.
- Remove the Survivable Branch Appliance account from Active
Directory Domain Services.
- Remove the Survivable Branch Appliance from the trusted server
list by running Topology Builder and remove the Survivable Branch
Appliance from the topology, and then publishing the revised
topology.
- Block the FQDN of the Survivable Branch Appliance so it cannot
connect through your Edge Servers.