active directory rights management services integration ... · sharepoint deployment planning...
TRANSCRIPT
SharePoint Deployment Planning Services
MOSS Information Rights Management Ashish Bahuguna
Active Directory Rights Management Services integration (AD RMS)
SharePoint Deployment Planning Services
Agenda
AD RMS Overview
AD RMS Architecture Components
MOSS IRM
MOSS IRM Demo (Screenshots)
SharePoint Deployment Planning Services
AD RMS Overview
SharePoint Deployment Planning Services
How do you protect your sensitive information from unauthorized distribution?
Information Author
Recipient
External Users
Mobile Devices
USB Drive
SharePoint Deployment Planning Services
Business Reasons for AD RMS
More data is available electronically
Information can be distributed easily
Easy to compromise information intentionally or accidentally
More privacy regulations are being established
Government
Industry
AD RMS helps with compliance
SharePoint Deployment Planning Services
What AD RMS Does
Protects documents and
Encrypts data
Decrypts for authorized personnel
Can restrict other capabilities
• Forward
• Cut/Copy/Paste
Enforces document security after the file
is opened
Central policy management via
templates
SharePoint Deployment Planning Services
AD RMS Advantages
Keeps internal information internal
Helps prevent accidental leaks
External
unauthorized
users
SharePoint Deployment Planning Services
Rights Management Services
Provides identity-based protection for sensitive data Controls access to information across the information lifecycle
Allows only authorized access based on trusted identity
Secures transmission and storage of sensitive information wherever it goes – policies embedded into the content; documents encrypted with 128 bit encryption
Embeds digital usage policies (print, view, edit, expiration etc. ) in to the content to help prevent misuse after delivery
Persistent Protection
+ Encryption Policy: • Access Permissions
• Use Right Permissions
SharePoint Deployment Planning Services
2 Protection and
policy stay with
the file
4 Policy
Portal stores
file in the
clear
Policy
Portal
protects file
on access
5
1 Protection
and policy
stay with the
file
3
Protection
and policy
stay with the
file
6 Policy
Archive stores
file and policy
in the clear
AD RMS Capabilities
SharePoint Deployment Planning Services
AD RMS Architecture Components
SharePoint Deployment Planning Services
©Microsoft Confidential 2005. All rights
reserved.
Overview of RMS Components
Workstation
•RMS Lockbox
•Client API
•Templates (XML Copy)
RMS Server
•Certification
•Licensing
•Templates
Active Directory •Authentication
•Service Discovery
•Group Membership
SQL Server •Configuration data
•Logging
•Cache
Clients and Servers compatible with RMS
MOSS 2007 •Document Libraries with
IRM
Exchange 2007
SP1 •Pre-licensing Fetching
SharePoint Deployment Planning Services
OS Versions and Operating System Clients
RM client Windows Vista or higher
Active Directory Rights Management Services (AD RMS) client
(Integrated with the OS) Supported OS:
Windows Vista
Windows 2008 family
Legacy Client Microsoft Windows Rights Management Services Client with Service Pack 2
Supported OS:
Windows 2000 Service Pack 4
Windows Server 2003 Service Pack 1
Windows XP Service Pack 2
Windows Mobile 6 or higher RMS Client integrated in the operating system
SharePoint Deployment Planning Services
Information Rights Management-aware Applications
• Microsoft Office 2003 Standard (Read-only)
• Microsoft Office 2003 Professional (Read and create content)
• Microsoft Office Ultimate 2007 (Read and create content)
• Microsoft Office Professional Plus 2007 (Read and create content)
• Microsoft Office Enterprise 2007 (Read and create content)
• Other Microsoft Office 2007 Versions (Read-only)
• Microsoft Pocket Office (Windows Mobile 6 only Email Read and create/ Documents read only*)
RMS-Aware Office Suite Versions
• Microsoft Office Word 2003/2007
• Microsoft Office Excel 2003/2007
• Microsoft Office PowerPoint 2003/2007
• Microsoft Office Outlook 2003/2007
• Microsoft Office InfoPath 2007
• Microsoft Office SharePoint 2007 Standard
• Microsoft Office SharePoint 2007 Enterprise
• Microsoft Exchange 2007 with SP1
• XML Paper Specification (XPS)
RMS-Aware Applications
* Word, PowerPoint, and Excel
SharePoint Deployment Planning Services
MOSS IRM
SharePoint Deployment Planning Services
Office SharePoint Server 2007 IRM Integration
Provides Information Rights Management capabilities to Office SharePoint Server 2007
New feature introduced in Office SharePoint Server 2007
Not supported in Windows SharePoint Services 3.0
Integrated with document lifecycle management of files stored into Document Libraries
Assigns Office IRM permissions based on Office SharePoint Server 2007 permissions
Optimize policy enforcement by applying content-based protection without user intervention
SharePoint Deployment Planning Services
How Does Office SharePoint Server 2007 IRM Work?
Documents stored in clear text Provides search capabilities, content listed on search based on ACLs
Documents protected before user downloads the file After a user selects a file, it is protected and provided to the client
Office SharePoint Server 2007 requires online access to the AD RMS infrastructure every time a user downloads a protected file
If connection fails, the file won’t be provided to the client
When protected file is uploaded to the portal, the content protection is removed
This feature optimizes document lifecycle into Office SharePoint Server 2007
SharePoint Deployment Planning Services
Office SharePoint Server 2007 Permissions and IRM Rights
Office SharePoint Server 2007 rights
IRM permissions
Manage Permissions
Manage Web
Full Control
Edit List Items
Manage List
Add and Customize Pages
Edit, Copy, and Save
View List Item Read
All Other Rights No Mapping
SharePoint Deployment Planning Services
File Formats Supported by Office SharePoint Server 2007 IRM
File formats that natively support MOSS IRM Integration: Office 2003 Suite
Microsoft Office Word 2003
Microsoft Office Excel 2003
Microsoft Office PowerPoint 2003
Office 2007 Suite Microsoft Office Word 2007
Microsoft Office Excel 2007
Microsoft Office PowerPoint 2007
Microsoft Office InfoPath 2007
Microsoft XPS
Additional file formats are supported under MOSS IRM using partner solutions: http://www.microsoft.com/windowsserver2008/en/us/ida-information-protection.aspx
SharePoint Deployment Planning Services
Office SharePoint Server 2007 IRM Prerequisites
Office SharePoint 2007 Prerequisites
Office SharePoint 2007 farm running on Windows Server 2003 and Windows Server 2008
Requires at least RMS Client v1.0 with SP2 before proceeding with the configuration of all server farm nodes
http://support.microsoft.com/?kbid=917275
AD RMS servercertification.asmx file ACL permissions must be modified
Read and Execute permissions must assigned to every server in the server farm
Additional permissions must be applied in complex scenarios when multiple service accounts and application pulls are used
SharePoint Deployment Planning Services
Office SharePoint Server 2007 IRM Architecture Considerations
Architecture considerations
ADRMS Certificates for MOSS Server/Server Farm
Office SharePoint Server 2007 must belong to the same forest as the AD RMS platform in order to get RAC certificates
ADRMS Licensing Issuance
In multiple forest scenarios, you can centralize them using licensing-only clusters
NOTE:
Office SharePoint 2007 doesn’t support AD RMS policy templates
Permissions supported are provided using MOSS and IRM mapping
SharePoint Deployment Planning Services
Office SharePoint Server 2007 Enabling IRM Functionality
Information Rights Management applied at server farm level
Configuration defined on Central Administration
MOSS can use the AD SCP to locate the AD RMS cluster, or be configured to use a specific server
SharePoint Deployment Planning Services
Office SharePoint Server 2007 IRM Document Libraries Settings
Document Libraries Settings
SharePoint Deployment Planning Services
DEMO
SharePoint Deployment Planning Services
SharePoint Deployment Planning Services
SharePoint Deployment Planning Services
SharePoint Deployment Planning Services
SharePoint Deployment Planning Services
SharePoint Deployment Planning Services
SharePoint Deployment Planning Services
SharePoint Deployment Planning Services
SharePoint Deployment Planning Services
SharePoint Deployment Planning Services
SharePoint Deployment Planning Services
For More Information
AD RMS Web Site
http://www.microsoft.com/rms/
AD RMS Deployment with Microsoft Office SharePoint Server 2007 Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc753046.aspx
SharePoint Deployment Planning Services
Questions
SharePoint Deployment Planning Services
© 2006 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Microsoft, Active Directory, MSN, Outlook, PowerPoint, SharePoint, Visual Studio, and Windows are registered trademarks of Microsoft
Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Microsoft Corporation • One Microsoft Way • Redmond, WA 98052-6399 • USA