locked
New RMS Environment RRS feed

  • Question

  • Just a couple of general questions I could not find the answer to in the knowledge base.

    I plan on setting up a new 2012 ADRMS virtual server.  I have 2008 SQL Ent R2 SP1, Exch 2010 and my AD is 08 R2.

    1.  Will Exch 2010 work with 2012 ADRMS?  If so, can someone provide a link to what I need to enable on my exchange server?

    2.  I will be using an SSL Public cert.  The RMS server should be public facing, yes?

    3.  Anything else you think would assist me to setup the environment correctly.

    Thanks in advance...

    Friday, May 10, 2013 3:56 PM

Answers

  • Hello ktskate2!

    For question #1 - the answer is yes.  Once AD RMS is deployed, you will have the ability to create transport rules based on AD RMS.  You should have a look at http://technet.microsoft.com/en-us/library/ff470284(v=ws.10).aspx which outlines the few steps needed to ensure functionality (all pretty straight forward).  You should also check out the video which will give you additional information. The video is available at http://technet.microsoft.com/en-us/video/automatic-ad-rms-protection-with-transport-rules.aspx.

    For question #2 - the answer depends.  Many organizations use AD RMS internally only (which means that they can't send out protected content/emails to people outside of their organization).  If you plan to use it internally only, then you don't need the AD RMS server(s) to be public facing.  If you plan on federating with other organizations (which will allow you to send out protected content/emails outside of your internal organizations), then you will want to configure your environment for it.  In such a case, a good practice is to keep the AD RMS server(s) on the internal LAN and use a reverse proxy to make them available to the internet.  Have a look at http://technet.microsoft.com/en-us/library/dd996632(v=ws.10).aspx which has a great overview of internal/external AD RMS.

    As for anything else that might help... I would use a public-facing SSL certificate now even if you only intend to use AD RMS internally.  If you ever decide to open up to external use, the SSL certificate will already be there and ready to go.  On the licensing front, I recommend that you look at your Exchange CALs as you'll need the Standard Exchange CAL and the Enterprise Exchange CAL to take full advantage of AD RMS integration with Exchange.  Many organizations don't have both and you'll want to stay in licensing compliance.  See http://office.microsoft.com/en-us/exchange/microsoft-exchange-server-licensing-licensing-overview-FX103746915.aspx for details on what the Exchange Enterprise CAL gets you compared to the Standard CAL.  Lastly, look at your Outlook client versions - the newer versions get you the best integration with AD RMS with Outlook 2013 being best.

    Brian

    • Marked as answer by ktskate2 Thursday, May 23, 2013 2:58 PM
    Wednesday, May 15, 2013 4:48 PM

All replies

  • Hello ktskate2!

    For question #1 - the answer is yes.  Once AD RMS is deployed, you will have the ability to create transport rules based on AD RMS.  You should have a look at http://technet.microsoft.com/en-us/library/ff470284(v=ws.10).aspx which outlines the few steps needed to ensure functionality (all pretty straight forward).  You should also check out the video which will give you additional information. The video is available at http://technet.microsoft.com/en-us/video/automatic-ad-rms-protection-with-transport-rules.aspx.

    For question #2 - the answer depends.  Many organizations use AD RMS internally only (which means that they can't send out protected content/emails to people outside of their organization).  If you plan to use it internally only, then you don't need the AD RMS server(s) to be public facing.  If you plan on federating with other organizations (which will allow you to send out protected content/emails outside of your internal organizations), then you will want to configure your environment for it.  In such a case, a good practice is to keep the AD RMS server(s) on the internal LAN and use a reverse proxy to make them available to the internet.  Have a look at http://technet.microsoft.com/en-us/library/dd996632(v=ws.10).aspx which has a great overview of internal/external AD RMS.

    As for anything else that might help... I would use a public-facing SSL certificate now even if you only intend to use AD RMS internally.  If you ever decide to open up to external use, the SSL certificate will already be there and ready to go.  On the licensing front, I recommend that you look at your Exchange CALs as you'll need the Standard Exchange CAL and the Enterprise Exchange CAL to take full advantage of AD RMS integration with Exchange.  Many organizations don't have both and you'll want to stay in licensing compliance.  See http://office.microsoft.com/en-us/exchange/microsoft-exchange-server-licensing-licensing-overview-FX103746915.aspx for details on what the Exchange Enterprise CAL gets you compared to the Standard CAL.  Lastly, look at your Outlook client versions - the newer versions get you the best integration with AD RMS with Outlook 2013 being best.

    Brian

    • Marked as answer by ktskate2 Thursday, May 23, 2013 2:58 PM
    Wednesday, May 15, 2013 4:48 PM
  • Thanks Brian,

    This is all very useful to me.

    Thursday, May 23, 2013 2:59 PM