Today I will start a series of articles on Windows Server?? 2008 RMS. In this first one I will explain what is RMS and why use it in your environment.
RMS (Right Management Services) is a role that can be installed on Windows Server 2008, and represents yet another way how system administrator can increase security within company with very little effort. It is not meant to be singe way of protecting sensitive data, rather it should be used with other protection methods such as NTFS permissions, EFS and IPSec.
RMS was available as add on for Windows Server 2003, now it has been integrated directly within operating system itself. RMS client is available as part of MS Windows Vista or as separate download for MS Windows XP. Some of the most popular MS applications are enabled to create and access RMS protected documents.
Here is the list:
- Microsoft Office System 2003 – Word, Excel, PowerPoint, Outlook
- Microsoft Office 2007 – Word, Excel, PowerPoint, Outlook, InfoPath
- Microsoft Office SharePoint Server 2007
- Exchange Server 2007
- XPS (XML Paper Specification) v1.0
- Internet Explorer (through use of the RM Add-on for IE)
Deploying and configuring RMS in your environment will bring you these benefits:
- Protect sensitive information: Users can create protected document from a variety of applications, they can define who can open, modify, print or forward these documents. They can also create custom actions and apply them to protected data.
- Persistent protection: NTFS can protect documents while they are within your company on your file servers, but when document leaves your environment little you can do to ensure its secrecy if you haven’t used RMS. RMS protection is embedded within the documents so even if the document leaves your server it is still protected.
- Flexible and customizable technology: Microsoft also created RMS SDK so other vendors can create RMS enabled applications.
Windows Server 2008 RMS? features:
- Active Directory Rights Management Services: This service must be installed so AD RMS components can create and consume protected content.
- Identity Federation Support: This is optional component that enables federated identities to create and consume protected content by using Active Directory Federation Services
In the next article I will cover hardware and software requirements.