// Add steps as necessary for accessing the software, post-configuration, and testing. Don’t include full usage instructions for your software, but add links to your product documentation for that information. //Should any sections not be applicable, remove them == Post-deployment steps === Run Windows Updates In order to ensure the deployed servers' operating systems and installed applications have the latest Microsoft updates, run Windows Update on each server. 1. Create an RDP session from the Remote Desktop Gateway server to each deployed server. 2. Open the *Settings* application. 3. Open *Update & Security*. 4. Click *Check for updates*. 5. Install any updates and reboot if necessary. === Test the deployment . Connect to the RD Gateway via RDP, then connect to the subordinate CA via RDP. . Navigate to http:///certsrv . Issue a test certificate == Best practices for using {partner-product-short-name} on AWS This Quick Start migrates pertinent folders and files—those related to the certificate services—to an Amazon Elastic Block Store (Amazon EBS) volume [D:\]. Back up the {partner-product-short-name} deployment, including the private key and the current certificate database. == Security After this Quick Start deploys the root CA and generates the root certificate, the root CA is powered off. The root CA is intended to remain offline until the domain root certificate needs to be renewed. Domain-administrator credentials are stored in AWS Secrets Manager and consumed by the subordinate CA. The subordinate CA uses these credentials to join domains, install certificate services, and add the required DNS records. == Other useful information * https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-the-server-certificate-template[Configure the Server Certificate Template^] * https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-server-certificate-autoenrollment[Configure certificate auto-enrollment^]