Topology DecisionsChapter 4 Planning Your Deployment 165In many organizations, it may be desirable to deploy multiple RegistrationManagers that all communicate with a single Certificate Manager. Each separateRegistration Manager, for example, might handle all end-entity interactions in aparticular geographic area or within an organizational group.Decisions about the number of, locations of, and relationships among CertificateManagers and Registration Managers depend on many factors. These includefirewall considerations, the physical security required for each subsystem, thephysical location of the end entities that the Registration Manager is intended toserve, and the physical location of the Certificate Manager agent, RegistrationManager agent, and other persons responsible for administering the CertificateManager and Registration Manager.Certificate Manager and Data RecoveryManagerIf an organization requires key archival and recovery capabilities—for example, ifencrypted mail is widely used and the organization risks data loss if it is unable torecover encryption keys—it can install a Data Recovery Manager. This can be donewithout regard for the presence or absence of a separate Registration Manager.For example, to add key storage and recovery to the scenario sketched in Figure4-2, a Data Recovery Manager can be installed in a different CMS instance; thisinstance can be located in the same server group on the same machine, in adifferent server group on the same machine, or on a different machine. Figure 4-3illustrates a Data Recovery Manager in a separate CMS instance. Allcommunication between the Certificate Manager and the Data Recovery Managertakes place over HTTPS.