locked
Some questions about RMS? RRS feed

  • Question

  • Hi,

    Hi, I plan to use RMS with exchange server (OWA, Outlook clients). and I have some questions about RMS:

    Is it necessary to use certifcates in RMS(without SSL)? If not can I just use self signed certificates?

    Will Outlook clients contact directly the RMS server  or throw the exchange server?

    Thank you

    Wednesday, April 10, 2013 8:54 AM

Answers

  • Hi Optistic,


    Q: I plan to use AD RMS with Exchange Server (OWA, Outlook clients) and I have some questions about how to use AD RMS in that scenario. Where should I go for more guidance and information on that?

    A: To get started, try these articles and then dig into the documents that are linked to off of them for the details that you want or that are appropriate for you here.

    Q: Is it necessary to use certifcates in AD RMS (without SSL)? If not can I just use self-signed certificates?
     
    A: Yes, certificates are required to support AD RMS. To get an overview of the various certificates that are used and how they get used, this topic should help:

    As to using self-signed certificates, according to the AD RMS Best Practices Guide (http://technet.microsoft.com/en-us/library/jj735304.aspx) as a deplooyment best practice you should only used self-signed certificates in test environment, not in live deployment.

    Q: Will Outlook clients contact directly the AD RMS server or do they go through the Exchange Server?

    A: For traditional Outlook desktop clients, they simply call and launch the AD RMS client which is part of recent versions of Windows operating systems, which contacts the AD RMS server directly.

    To understand better just how AD RMS works, this overview should be helpful to you:

    For OWA, its a little more complicated to answer your question (it depends on the version of Exchange you are running for how IRM can be supported in OWA and the other depdendencies) but this topic in Exchange Server 2013 content has a good coverage of what browser add-ons or other software is required to support IRM as an add-on feature in OWA.

    HTH,


    Brad Mahugh
    Microsoft Corporation
    ------------------------
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

    Friday, April 12, 2013 7:02 PM
  • Q: Is it necessary to use certifcates in AD RMS (without SSL)? If not can I just use self-signed certificates?
     
    A: Yes, certificates are required to support AD RMS. To get an overview of the various certificates that are used and how they get used, this topic should help:

    As to using self-signed certificates, according to the AD RMS Best Practices Guide (http://technet.microsoft.com/en-us/library/jj735304.aspx) as a deplooyment best practice you should only used self-signed certificates in test environment, not in live deployment.

    Hi,

    just to supplement the answer. The link Brad provided is related to XrML RMS certificates. These certificates are completely different from traditional X.509 (SSL) web server certificate.

    You can set up RMS infrastructure without SSL support thought this is not recommended (SSL is required if you use ADFS federation) and could be pretty painful to migrate/integrate once you decide (in future) that you would like SSL support (see for example http://social.technet.microsoft.com/Forums/en-US/rms/thread/41622658-fdc0-4601-9f9f-bb0bc49de60d/).

    Martin

    Monday, April 15, 2013 12:28 PM

All replies

  • Hi Optistic,


    Q: I plan to use AD RMS with Exchange Server (OWA, Outlook clients) and I have some questions about how to use AD RMS in that scenario. Where should I go for more guidance and information on that?

    A: To get started, try these articles and then dig into the documents that are linked to off of them for the details that you want or that are appropriate for you here.

    Q: Is it necessary to use certifcates in AD RMS (without SSL)? If not can I just use self-signed certificates?
     
    A: Yes, certificates are required to support AD RMS. To get an overview of the various certificates that are used and how they get used, this topic should help:

    As to using self-signed certificates, according to the AD RMS Best Practices Guide (http://technet.microsoft.com/en-us/library/jj735304.aspx) as a deplooyment best practice you should only used self-signed certificates in test environment, not in live deployment.

    Q: Will Outlook clients contact directly the AD RMS server or do they go through the Exchange Server?

    A: For traditional Outlook desktop clients, they simply call and launch the AD RMS client which is part of recent versions of Windows operating systems, which contacts the AD RMS server directly.

    To understand better just how AD RMS works, this overview should be helpful to you:

    For OWA, its a little more complicated to answer your question (it depends on the version of Exchange you are running for how IRM can be supported in OWA and the other depdendencies) but this topic in Exchange Server 2013 content has a good coverage of what browser add-ons or other software is required to support IRM as an add-on feature in OWA.

    HTH,


    Brad Mahugh
    Microsoft Corporation
    ------------------------
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

    Friday, April 12, 2013 7:02 PM
  • Q: Is it necessary to use certifcates in AD RMS (without SSL)? If not can I just use self-signed certificates?
     
    A: Yes, certificates are required to support AD RMS. To get an overview of the various certificates that are used and how they get used, this topic should help:

    As to using self-signed certificates, according to the AD RMS Best Practices Guide (http://technet.microsoft.com/en-us/library/jj735304.aspx) as a deplooyment best practice you should only used self-signed certificates in test environment, not in live deployment.

    Hi,

    just to supplement the answer. The link Brad provided is related to XrML RMS certificates. These certificates are completely different from traditional X.509 (SSL) web server certificate.

    You can set up RMS infrastructure without SSL support thought this is not recommended (SSL is required if you use ADFS federation) and could be pretty painful to migrate/integrate once you decide (in future) that you would like SSL support (see for example http://social.technet.microsoft.com/Forums/en-US/rms/thread/41622658-fdc0-4601-9f9f-bb0bc49de60d/).

    Martin

    Monday, April 15, 2013 12:28 PM