Presentation is loading. Please wait.

Presentation is loading. Please wait.

DEP351 Windows ® Rights Management (Part 2): Enterprise Readiness & Deployment Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure.

Published byGiles Davidson Modified over 9 years ago

Similar presentations

Presentation on theme: "DEP351 Windows ® Rights Management (Part 2): Enterprise Readiness & Deployment Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure."— Presentation transcript:

1 DEP351 Windows ® Rights Management (Part 2): Enterprise Readiness & Deployment Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure Microsoft Corporation

2 Agenda Enterprise Readiness Considerations Hardware and software pre-requisites Deployment topologies Small company Large enterprise Microsoft Beta 2 deployment Key takeaways

3 Deployment Considerations Process Follow a tested methodology for solution deployment E.g., Microsoft Solutions Framework http://www.microsoft.com/msf/ Identify: Teams, customers, goals, timelines, dependencies, exit criteria… Build planning and process improvement time into the process

4 Deployment Considerations Scalability Capacity plan for Rights Management Services (RMS) based on Licensing requests Model predicted RM license request load Determine optimal front end server sizing and number RMS is CPU bound Licensing performance grows linearly with CPU speed & # of front ends Multi-proc scalability: 2.8x going from 1 to 4 CPUs

5 Deployment Considerations Scalability – Example Fabrikam Corporation RM use: Peak # of messages / hour: 273,000 % of mail that is RM protected: 60% Peak # of RM document license requests/hour: 7500 Peak # of license requests per second: 47.6 Testing 2.4Ghz P4 dual proc front end: 82 licenses / second 1 front end satisfies performance requirements Peak predicted load is 58% of server’s capacity

6 Deployment Considerations Reliability Rule of thumb: Follow best practices for SQL based web service Network load balancing Increases front end fault tolerance Good backup / restore processes SQL Clustering is optional For license requests front end is not reliant on SQL server being up Certification requests require DB connectivity

7 Deployment Considerations Reliability – Example Fabrikam Corporation RM use: 1 front end meets scalability requirements 1 additional front end + NLB meets reliability requirements No SQL clustering Nightly SQL backup policy Microsoft Operations Manager for RMS monitoring

8 Deployment Considerations Desktop update End users require: RM client installation on the desktop Lockbox installed on desktop Requires machine Administrator privileges User’s account certified Client enrollment for offline publishing Medium & Large organizations should automate these steps Can be tied to logon or couple with deployment of RM enabled application

9 Deployment Considerations Security Follow lock down best practices for IIS6.0 web sites Deploy hardware security module (HSM) Don’t co-locate other applications on RMS hardware Don’t run any other applications under the RMS account If you expose licensing or certification over the Internet Use SSL to provide privacy of request data especially Require Windows Authentication on all RMS web services Manage delegation of RMS administration Turn on RMS request logging

10 Deployment Considerations Geo-location Plan to deploy in a single global data center Reduces operations, hardware, management cost Distribute deployment only if link quality demands RMS request characteristics are latency & error resilient Standard HTTP Standard latency resilient TCP timeout Single request, single response No client–server session state on front ends

11 Deployment Prerequisites Minimal Install X.509v3 VeriSign Certificate (40 or 128bit) P3 800 / 256MB / 20GB (Rec: P4 Dual / 512MB / 40GB) Windows Server 2003 Internet Information Services 6.0 ASP.NET MSMQ client for logging MSDE or SQL server 2000 Active Directory (AD): Windows 2000 or later Test users must have accounts with mail attribute in the AD RM client bits installed on client test machines RM-enabled application

12 Deployment Prerequisites Fabrikam’s Deployment Enterprise characteristics 8,500 users Single forest Multiple domains and locations Mix of Windows 2000 / NT4 domain controllers Deployment highlights 2 front end servers running Windows Server 2003 RMS installed on both Microsoft Network Load Balancing service 1 server running Windows 2000 and SQL 2000

13 Fabrikam Deployment Internet SQL Fabrikam Corp RMS Cluster NLB

14 Deployment Prerequisites Large enterprise Multiple forests Require a root cluster per forest For user certification and group expansion Necessary if forest contains: User accounts to be certified Windows DLs / Groups to be expanded Option to centralize licensing functions to single forest Reduces hardware / operations requirements Dedicate more hardware and higher availability on org wide licensing cluster

15 Supporting Roaming Users Allow SSL traffic through Firewall to internal RMS servers (like OWA) Require authentication on all RMS requests Can do inspection of requests at firewall Deploy a dedicated RMS server in DMZ Extra deployment cost but added security Use a Virtual Private Network (VPN) Strongest security but least flexibility

16 Business Communities Cross-certification 2 peer organizations need to exchange sensitive information with each other Fabrikam Corp Contoso Pharma SQL RMS Cluster NLB SQL NLB

17 MS Deployment Overview MSN Beta 2 servers live since 1/16/03 54,000 + unique machine activations Passport based RM account certification & licensing Exchange Dogfood Beta 2 servers since 1/24/03 for 3500 users 40,000 + licenses served. Content lives on. OTG Beta 2 servers live since 3/23/03 in 4 forests 20,000 + unique users of IRM in Office 11 in MS

18 Trust Policy Management demo demo

19 Key Takeways RMS is an enterprise class service – plan accordingly Think enterprise wide web application deployment model Secure accounts, ACLs, SSL, HSMs Think early about roaming use and collaboration needs

20 Learn More about RM Learn about RMS http://www.microsoft.com/rm Learn about the RM add-on http://www.microsoft.com/windows/ie/downloads/addon

21 Community Resources http://www.microsoft.com/communities/default.mspx Most Valuable Professional (MVP) http://www.mvp.support.microsoft.com/ Newsgroups Converse online with Microsoft Newsgroups, including Worldwide http://www.microsoft.com/communities/newsgroups/default.mspx User Groups Meet and learn with your peers http://www.microsoft.com/communities/usergroups/default.mspx

22 evaluations evaluations

23 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "DEP351 Windows ® Rights Management (Part 2): Enterprise Readiness & Deployment Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure."

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Microsoft® Windows® Rights Management Services (RMS) Deployment and Usage, Step-by-Step.

Microsoft® Windows® Rights Management Services (RMS) Deployment and Usage, Step-by-Step.
Rights Management Services (RMS) Paul Cullimore Graham Calladine Security Solutions Team, MCS, UK.

Rights Management Services (RMS) Paul Cullimore Graham Calladine Security Solutions Team, MCS, UK.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Managing a Windows Server 2003 Environment - SMS and MOM Michael Kleef IT Pro Evangelist Microsoft Pty Ltd

Managing a Windows Server 2003 Environment - SMS and MOM Michael Kleef IT Pro Evangelist Microsoft Pty Ltd
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.
Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.

Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.

Similar presentations

Ads by Google