When installing the Certificate Authority role, another choice you have to make is whether to install it as a root CA or subordinate CA. Earlier we discussed how sometimes organizations use intermediate CA to help keep things tidy and organized, and a subordinate CA is exactly that. For most organizations, the scale is not sufficient to require anything more than a single CA, so you would simply install a root CA. If your organization spans multiple sites or geographic locations, you might need to design an infrastructure of servers, with a subordinate CA at each location (however, let's face it...if your organization is that large, you probably know a lot about certificate infrastructure design already and don't need this chapter).
Another consideration that might drive you to deploy subordinate CAs is availability. If your CA is a single server, then it introduces a single point of failure. In most deployments, this...