Here it's some new Whitepapers from Microsoft regarding to Windows 2008 R2 Certificate Services.
SCEP - Simple Certificate Enrollment Protocol
Microsoft® Active Directory® Certificate Services in Microsoft Windows Server® 2008 R2 includes the Network Device Enrollment Service role service. This role service implements the Simple Certificate Enrollment Protocol. This white paper provides an overview of this role service in the Windows Server 2008 R2.
Microsoft SCEP implementation
Computer and User Certificates
The Windows Server® 2008 R2 Core Network Guide provides instructions on how to plan and deploy the components required for a fully functioning network and a new Active Directory® domain in a new forest. This companion guide to the Core Network Guide provides instructions on how to deploy client computer and user certificates with Active Directory Certificate Services (AD CS) and Group Policy. You can use client computer and user certificates to allow Network Policy Server (NPS) and Routing and Remote Access Service (RRAS) to authenticate users and computers when you deploy the following authentication methods for network access authentication: • Extensible Authentication Protocol with Transport Layer Security (EAP-TLS) • Protected EAP with TLS (PEAP-TLS).
Deploying Computer and User Certificates
Additional information from Active Directory Services Team:
Designing and Implementing a PKI