DEP351 Windows ® Rights Management (Part 2): Enterprise Readiness & Deployment Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure.

Slides:



Advertisements
Similar presentations
Ljubomir Ivaniš CPU d.o.o.
Advertisements

Microsoft® Windows® Rights Management Services (RMS) Deployment and Usage, Step-by-Step.
Rights Management Services (RMS) Paul Cullimore Graham Calladine Security Solutions Team, MCS, UK.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
WSUS Presented by: Nada Abdullah Ahmed.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Introduction To Windows NT ® Server And Internet Information Server.
Managing a Windows Server 2003 Environment - SMS and MOM Michael Kleef IT Pro Evangelist Microsoft Pty Ltd
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
VMware vCenter Server Module 4.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.
Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.
Virtual techdays INDIA │ august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Windows ® Powered NAS. Agenda Windows Powered NAS Windows Powered NAS Key Technologies in Windows Powered NAS Key Technologies in Windows Powered NAS.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Deploying and Managing Windows Server 2012
Barracuda Load Balancer Server Availability and Scalability.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Installing the Microsoft Office Project Server from Scratch Adrian Jenkins Supportability Program Manager Microsoft Corporation.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Securing Microsoft® Exchange Server 2010
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
EBZ318 Deploying A Content Management Server 2002 Solution Case Study Daniel Kogan Program Manager Microsoft CMS / E-Biz server Group.
OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.
A detailed look at the Microsoft Windows Infrastructure at UWE including Active Directory (AD), MIIS, Exchange, SMS, IIS, SQL Server, Terminal Services.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.
Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Community Tour 2011 Infrastrutture in evoluzione.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.
DEP350 Windows ® Rights Management (Part 1): Introduction, Concepts, And Technology Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure.
Project Server 2003: DC340: Security (Part 1 of 2): How to securely deploy Project Server in an enterprise environment Pradeep GanapathyRaj (PM), Karthik.
Designing and Deploying a Scalable EPM Solution Ken Toole Platform Test Manager MS Project Microsoft.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
1 Windows 2008 Configuring Server Roles and Services.
Designing a Scalable Enterprise Project Management Architecture Ken Toole Platform Test Manager MS Project Microsoft Corporation.
Hosting an Enterprise Financial Forecasting Application with Terminal Server Published: June 2003.
EBZ319 Building Enterprise Web Sites Using MCMS 2002 Daniel Kogan Program Manager CMS Group Microsoft Corporation Pat Miller Developer CMS Group Microsoft.
MBL206 A First Look at the Microsoft Location Server (MLS) Steve Lombardi Technical Product Manager MapPoint Business Unit Microsoft Corporation.
Hosted SharePoint. Part 3/3: Office Live as a WSS solution Speaker Name Microsoft Corporation Hosted.
System Center Lesson 4: Overview of System Center 2012 Components System Center 2012 Private Cloud Components VMM Overview App Controller Overview.
Install, configure and test ICT Networks
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Windows Small Business Server 2003 R2 Powering Small Businesses.
BÄTTRE UTBILDNINGSRESULTAT. NÅ HÖGRE MED KUNSKAP.
Microsoft ® Lync™ Server 2010 Setup and Deployment Module 04 Microsoft Corporation.
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
Securing the Network Perimeter with ISA 2004
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Forefront Security ISA
Developing for Windows Azure
5/12/2019 2:57 PM © Microsoft Corporation. All rights reserved.
Designing IIS Security (IIS – Internet Information Service)
Microsoft Virtual Academy
IT Management, Simplified
Presentation transcript:

DEP351 Windows ® Rights Management (Part 2): Enterprise Readiness & Deployment Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure Microsoft Corporation

Agenda Enterprise Readiness Considerations Hardware and software pre-requisites Deployment topologies Small company Large enterprise Microsoft Beta 2 deployment Key takeaways

Deployment Considerations Process Follow a tested methodology for solution deployment E.g., Microsoft Solutions Framework Identify: Teams, customers, goals, timelines, dependencies, exit criteria… Build planning and process improvement time into the process

Deployment Considerations Scalability Capacity plan for Rights Management Services (RMS) based on Licensing requests Model predicted RM license request load Determine optimal front end server sizing and number RMS is CPU bound Licensing performance grows linearly with CPU speed & # of front ends Multi-proc scalability: 2.8x going from 1 to 4 CPUs

Deployment Considerations Scalability – Example Fabrikam Corporation RM use: Peak # of messages / hour: 273,000 % of mail that is RM protected: 60% Peak # of RM document license requests/hour: 7500 Peak # of license requests per second: 47.6 Testing 2.4Ghz P4 dual proc front end: 82 licenses / second 1 front end satisfies performance requirements Peak predicted load is 58% of server’s capacity

Deployment Considerations Reliability Rule of thumb: Follow best practices for SQL based web service Network load balancing Increases front end fault tolerance Good backup / restore processes SQL Clustering is optional For license requests front end is not reliant on SQL server being up Certification requests require DB connectivity

Deployment Considerations Reliability – Example Fabrikam Corporation RM use: 1 front end meets scalability requirements 1 additional front end + NLB meets reliability requirements No SQL clustering Nightly SQL backup policy Microsoft Operations Manager for RMS monitoring

Deployment Considerations Desktop update End users require: RM client installation on the desktop Lockbox installed on desktop Requires machine Administrator privileges User’s account certified Client enrollment for offline publishing Medium & Large organizations should automate these steps Can be tied to logon or couple with deployment of RM enabled application

Deployment Considerations Security Follow lock down best practices for IIS6.0 web sites Deploy hardware security module (HSM) Don’t co-locate other applications on RMS hardware Don’t run any other applications under the RMS account If you expose licensing or certification over the Internet Use SSL to provide privacy of request data especially Require Windows Authentication on all RMS web services Manage delegation of RMS administration Turn on RMS request logging

Deployment Considerations Geo-location Plan to deploy in a single global data center Reduces operations, hardware, management cost Distribute deployment only if link quality demands RMS request characteristics are latency & error resilient Standard HTTP Standard latency resilient TCP timeout Single request, single response No client–server session state on front ends

Deployment Prerequisites Minimal Install X.509v3 VeriSign Certificate (40 or 128bit) P3 800 / 256MB / 20GB (Rec: P4 Dual / 512MB / 40GB) Windows Server 2003 Internet Information Services 6.0 ASP.NET MSMQ client for logging MSDE or SQL server 2000 Active Directory (AD): Windows 2000 or later Test users must have accounts with mail attribute in the AD RM client bits installed on client test machines RM-enabled application

Deployment Prerequisites Fabrikam’s Deployment Enterprise characteristics 8,500 users Single forest Multiple domains and locations Mix of Windows 2000 / NT4 domain controllers Deployment highlights 2 front end servers running Windows Server 2003 RMS installed on both Microsoft Network Load Balancing service 1 server running Windows 2000 and SQL 2000

Fabrikam Deployment Internet SQL Fabrikam Corp RMS Cluster NLB

Deployment Prerequisites Large enterprise Multiple forests Require a root cluster per forest For user certification and group expansion Necessary if forest contains: User accounts to be certified Windows DLs / Groups to be expanded Option to centralize licensing functions to single forest Reduces hardware / operations requirements Dedicate more hardware and higher availability on org wide licensing cluster

Supporting Roaming Users Allow SSL traffic through Firewall to internal RMS servers (like OWA) Require authentication on all RMS requests Can do inspection of requests at firewall Deploy a dedicated RMS server in DMZ Extra deployment cost but added security Use a Virtual Private Network (VPN) Strongest security but least flexibility

Business Communities Cross-certification 2 peer organizations need to exchange sensitive information with each other Fabrikam Corp Contoso Pharma SQL RMS Cluster NLB SQL NLB

MS Deployment Overview MSN Beta 2 servers live since 1/16/03 54,000 + unique machine activations Passport based RM account certification & licensing Exchange Dogfood Beta 2 servers since 1/24/03 for 3500 users 40,000 + licenses served. Content lives on. OTG Beta 2 servers live since 3/23/03 in 4 forests 20,000 + unique users of IRM in Office 11 in MS

Trust Policy Management demo demo

Key Takeways RMS is an enterprise class service – plan accordingly Think enterprise wide web application deployment model Secure accounts, ACLs, SSL, HSMs Think early about roaming use and collaboration needs

Learn More about RM Learn about RMS Learn about the RM add-on

Community Resources Most Valuable Professional (MVP) Newsgroups Converse online with Microsoft Newsgroups, including Worldwide User Groups Meet and learn with your peers

evaluations evaluations

© 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.