Title: Rights Management Services Microsoft
1Rights Management Services _at_ Microsoft
Kimberly Malone DeAnne Dodson Darren
Justus Microsoft Corporation March 2004
2RMS at MicrosoftAgenda
- IT at Microsoft Dogfooding vs. Running the
Utility - Building the Business Case for Rights Management
- Planning the Deployment
- Hardware Support
- Backup Disaster Recovery Monitoring Performance
- Template Definitions and Administration
- Distribution of Client bits
- User Education
- Current Deployment Statistics
- QA
3RMS at MicrosoftBeing Microsofts First and Best
- What is it like to be Microsofts First and Best
Enterprise Customer? - Our responsibilities
- Shared Goals
- Product Feedback
- Planning
- Balancing Dogfooding vs. Running the Utility
- Managing Expectations
- Do 50,000 people across a worldwide organization
really share the same affinity for dogfood?
4RMS at Microsoft Building the Business Case
Trustworthy Messaging
- Goals
- Protection of Intellectual Property
- Greater Sharing of Sensitive Information
- Components of OTGs Trustworthy Messaging
- S/MIME Signing
- S/MIME Encryption
- Information Rights Management
5RMS at Microsoft Components of Trustworthy
Messaging
- When Should I Use Which Technology?
Comparing OTGs implementation of S/MIME
signing, S/MIME encryption, and IRM.
OTGs implementation of S/MIME requires a High
level of security.
6RMS at Microsoft Information Rights Managements
Role
- Overview
- Protect Content from Unauthorized Access and
Tampering - Enable Users to Grant Specific Rights to
Consumers of their Content - Allow Admins to Pre-Define Policy Templates (e.g.
Company Confidential Messaging IT Staff) - Templates Can Grant Different Rights to Different
Individuals or Groups
7RMS at MicrosoftPlanning the Deployment The
Basics
- Hardware Planning Acquisition
- Number of RMS Certification Clusters Dictated by
Number of Logon Forests 4 - 1 SQL Server (30 GB configured data space) per
Certification Cluster - 2 RMS Servers per Certification Cluster
(Availability) - Centralized RMS Licensing Cluster
- 1 Additional RMS Server for Licensing Cluster
(Availability and Scalability) - nCipher nShield HSMs for all RMS Servers
- Support Planning
- Escalation and SLAs
- Training and KB Articles
8RMS at MicrosoftPlanning the Deployment The
Basics
- Backup Disaster Recovery
- Daily Backups
- Simple Recovery on Logging and Directory Services
Databases - Full Recovery with Transaction Log Shipping on
Config Database - Performance Monitoring
- RMS, Memory, Disk, and CPU Performance Counters
Sampled Every 15 Minutes on RMS Servers and DCs - PerfMon Logs Reviewed Bi-Weekly
- Client Performance Measured and Reported Weekly
from IIS Logs
9RMS at Microsoft Microsofts RMS Topology
10RMS at MicrosoftOTG Deployment Statistics
- 12,000 unique users per week
- 60,000 content licenses issued per week
- 50 RMS-related helpdesk calls per week
- Overall helpdesk volume is 11,000 calls per week
- Median time to license lt1 second
- No sustained performance impact measured on GCs
11RMS at Microsoft Usage Metrics
Metric Definitions Unique Users Users are
derived from any activity in the log database,
whether they are getting a license, publishing,
activating or getting a cert. First Time Users
Users that have had license, publish, activation,
or certification activity during a specified time
period. License Requests Occurs each time a user
attempts to open something RMS protected License
Requests per User Total license
requests/distinct License request users. Machine
Activation Requests Occurs once per machine.
Specific to individual machines. If RAC is
deleted, machine activation needs to be done
again. User Certification Requests (RAC) Issued
once per user per activated machine the first
time that the user tried to consume or publish
content. Publication Certification Requests
Occurs once per content item. RMS checks to see
that the user certificate is valid to consume
content.
12RMS at Microsoft Sample Daily Licensing Volumes
13RMS at MicrosoftPlanning the Deployment RMS
Features
- RMS Templates
- Four Company-Wide Templates
- Group Templates Reviewed and Created Upon
Request Offering Not Advertised - Deployment of Client Bits
- Windows RMS Client Chained to Office 2003
- Configuration GPO
- User Education
- http//OTGWeb/RM
- OTG Messaging QRG
14RMS at MicrosoftLessons Learned
- Client Distribution Complexities
- Multiple ways to install
- Chain RM Client install to Office 2003
- SMS but doesnt work for everybody
- Activation requires Admin user
- Configuration GPO to enforce Corp settings
- Client Education
- Corporate vs. Passport functionality confusing
- RMS Server Monitoring Challenges
- Most error events A general error occurred
- MOM Pack must be modified to reduce false alerts
- Managing Logging DB Growth
- Use the OTG archival and reporting tool shipping
with RMS Toolkit!
15Appendix Slides
16RMS at MicrosoftSafeguarding Confidential Data
Comparison of Technologies Used to Safeguard
Confidential Data
17RMS at MicrosoftExample of RMS Templates
- Corporate RMS templates available from the
Permission menu of Outlook, Word, PowerPoint, and
Excel