Microsoft RMS enables the flow of protected data on all important devices, of all important file types, and lets these files be used by all important people in a user’s collaboration circle. Yes, RMS will now protect any file type (not just Microsoft Office documents), let you access them on many devices (not just Windows PCs), and enable sharing with other organizations (not just within your organization). Furthermore Cyquent can perform simple, planned deployments of RMS or, if not deployed by the Cyquent, Information workers (IWs) can opt RMS on their own (dubbed ‘RMS for Individuals’) for free.
The Microsoft Rights Management suite is implemented as a Windows Azure service. For brevity, we reference it within as Azure RMS so as not to confuse with Windows Server Rights Management Services (aka RMS). It comprises a set of RMS applications that work on all your common devices, a set of software development kits, and related tooling. By leveraging Windows Azure , the Azure RMS service acts as a trusted hub for secure collaboration where one organization can easily share information securely with other organizations without additional setup or configuration. The other organization(s) may be existing Azure RMS customers but if not, they can use a free Azure ‘RMS for Individuals’ capability.
By using Rights Management Services (RMS) and the RMS client, you can augment an organization's security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it is moved. You can use RMS to help prevent sensitive information—such as financial reports, product specifications, customer data, and confidential e-mail messages—from intentionally or accidentally getting into the wrong hands.
In the following sections, learn more about RMS, the required and optional features in RMS, and hardware and software used for running RMS. At the end of this topic, learn how to open the RMS console and how to find more information about RMS.
An RMS system includes a Windows Server® 2008 R2-based server running the Rights Management Services (RMS) server role that handles certificates and licensing, a database server, and the RMS client. The latest version of the RMS client is included as part of the Windows® 7 and Windows Vista® operating systems. The deployment of an RMS system provides the following benefits to an organization:
Safeguard sensitive information. Applications such as word processors, e-mail clients, and line-of-business applications can be RMS-enabled to help safeguard sensitive information Users can define who can open, modify, print, forward, or take other actions with the information. Organizations can create custom usage policy templates such as "confidential - re only" that can be applied directly to the information.
Persistent protection. RMS augments existing perimeter-based security solutions, such as firewalls and access control lists (ACLs), for better information protection by locking the usage rights within the document itself, controlling how information is used even after it has been opened by intended recipients.
Flexible and customizable technology . Independent software vendors (ISVs) and developers can RMS-enable any application or enable other servers, such as content management systems or portal servers running on Windows or other operating systems, to work with RMS to help safeguard sensitive information. ISVs are enabled to integrate information protection into server-based solutions such as document and records management, e-mail gateways and archival systems, automated workflows, and content inspection.
By using Server Manager, you can set up the following components of RMS:
Rights Management Services . The Rights Management Services ( RMS) role service is a required role service that installs the RMS components used to publish and consume rights-protected content.
Identity Federation Support . The identity federation support role service is an optional role service that allows federated identities to consume rights-protected content by using Federation Services.
Microsoft Federation Gateway Support . The Microsoft Federation Gateway is an identity service that runs over the Internet and mediates between an organization or business and the external services that the organization wants to use. The gateway connects users and other identities to the services that it works with, so that an organization only has to manage a single identity-federation relationship to enable its identities to access all Microsoft and Microsoft-based services they want to use.
RMS runs on a computer running the Windows Server 2008 R2 operating system. When the RMS server role is installed, the required services are installed, one of which is Internet Information Services (IIS). RMS also requires a database, such as Microsoft SQL Server, which can be run either on the same server as RMS or on a remote server, and an Domain Services forest. The following table describes the minimum hardware requirements and recommendations for running Windows Server 2008 R2-based servers with the RMS server role.