You can enable extranet access to the AD RMS platform so that users can create and consume protected content outside the corporate network. Clients talk to the AD RMS server over Port 443, so there are no weird ports to open on your firewalls.
AD RMS only requires one SSL certificate, which can be generated by your existing CA infrastructure. AD RMS creates its own set of certificates to authenticate users, based on XrML. This is to provide the granular permissions options.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.