AD RMS SQL Server Requirements
Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
Servers in the AD RMS cluster are tightly integrated with the database server during normal operations. The AD RMS database server stores configuration, logging, and directory services information for AD RMS.
AD RMS uses the following databases:
Configuration database
The configuration database is a critical component of an AD RMS installation. It stores, shares, and retrieves all configuration data and other data that you need to manage account certification, licensing, and publishing services for a cluster. The way that you manage your configuration database directly affects the security and availability of rights-protected content.
Each AD RMS cluster has one configuration database. The configuration database for the root cluster contains a list of Windows user identities and each rights account certificate (RAC). If the cluster key is centrally managed by AD RMS, the certificate key pair is encrypted with the AD RMS cluster key before it is stored in the database. The configuration databases for licensing-only clusters do not contain this information.
Logging database
For each root or licensing-only cluster, by default AD RMS installs a logging database in the same database server instance that hosts the configuration database. This database can grow quite large; therefore, you will need a plan to help maintain adequate service and performance.
Note
In Windows Server 2008 R2, AD RMS created a private message queue on each server in the AD RMS cluster as logging was done using the Message Queuing service. In this earlier release of AD RMS, the AD RMS logging service would then transmit log data from this message queue to the logging database. Introduced in Windows Server 2012, service logging is now redesigned to use synchronous logging, which logs directly to the logging database, no longer requiring the Message Queuing or AD RMS Logging services.
Because AD RMS now writes directly to the logging database, logging performance is improved but availability of the logging database is critical. If the logging database becomes unavailable, the ability to log licensing and certification activity data will be impaired. Therefore, database designs in Windows Server 2012 for AD RMS clusters need to consider all aspects of availability when making planning decisions. For information about the high availability options that AD RMS supports for SQL Server, see the following section.
Directory services database
This database caches information about users, identifiers (such as e-mail addresses), security ID (SID), group membership, and alternate identifiers. This information is obtained from Lightweight Directory Access Protocol (LDAP) queries that are made to the Active Directory Domain Services global catalog by the AD RMS licensing service. By default, this data is cached every 12 hours.
You can use the Windows Internal Database to support a new installation of AD RMS, which means that you can run AD RMS with a single server. However, this is supported only in a test environment, and it is not supported for the mobile device extension. For a production environment, and always for the mobile device extension, use a separate server that runs SQL Server for your AD RMS databases.
AD RMS Support for SQL Server High Availability
AD RMS supports the following high availability solutions for SQL Server:
Failover clustering
For more information, see the Failover Clustering section in the AD RMS and Database Design topic.
Log shipping
For more information, see the Log Shipping section in the AD RMS and Database Design topic.
Database mirroring (asynchronous without witness)
For more information, see Test Lab Guide: Configuring AD RMS with SQL Mirroring in Windows Server 2012 on the TechNet wiki.
SQL Server AlwaysOn is not supported for AD RMS.
AD RMS SQL Server System Requirements for Windows Server 2012 and Windows Server 2012 R2
The following table describes the hardware requirements for AD RMS SQL Server.
AD RMS SQL Server Hardware Requirements for Windows Server 2012
| Hardware | Requirements | Recommendations |
|---|---|---|
CPU |
x86 Processor: 1.0 GHz |
2.0 GHz or higher |
Memory |
1 GB |
At least 4 GB and should be increased as database size increases to ensure optimal performance. |
Hard Disk |
40 GB of free hard disk space |
200 GB of free hard disk space or higher |
Network Adapter |
1 |
2 (public and private interface) |
Share Disks |
External disks for MSCS/SQL configuration |
Using RAID 1+0 for logging and RAID 5 for database recommended |
The following table describes the software requirements for AD RMS SQL Server.
AD RMS SQL Server Software Requirements for Windows Server 2012 and Windows Server 2012 R2
| Software | Requirements |
|---|---|
Supported SQL Server editions |
Enterprise Standard |
Supported SQL Server versions |
Microsoft SQL Server 2014 (and all service packs) Microsoft SQL Server 2012 (and all service packs) Microsoft SQL Server 2008 R2 (and all service packs) Microsoft SQL Server 2008 (and all service packs) Microsoft SQL Server 2005 (and all service packs) |
Special considerations for using SQL Server databases with AD RMS in Windows Server 2012
The setup process for AD RMS has been redesigned with the introduction of Windows Server 2012 to enable better support for remote deployment of AD RMS and SQL servers and to address customer feedback that requested more flexible deployment options.
In prior releases of Windows Server, AD RMS Setup required that the account used to install the AD RMS server role needed to have local administrator privileges on any computers hosting a SQL Server installation that would be used to support AD RMS. This was because AD RMS Setup required the ability to read SQL database settings from the Windows Registry. Because of customer feedback, this has been changed for this release.
Starting with Windows Server 2012, AD RMS now has the following requirements for access to SQL Server.
The AD RMS installer account must have sysadmin permissions in the SQL Server instance.
For assistance in accessing and locating available SQL Server instances, the SQL Server Browser service must also be running on the server computer where AD RMS databases are installed.
SQL Server named instances are supported by AD RMS on Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. To use SQL Server named instances, the SQL Server Browser service must be running on the database server.
The SQL Server computer that supports AD RMS must have firewall exceptions enabled for well-known SQL Server ports. For example, the SQL Server Browser service uses UDP port 1434 and the default SQL Server TCP port is 1433. These default ports, if used for your SQL Server installation, need to have port exceptions made in Windows Firewall.
Additionally, to access SQL Server instances, any non-default TCP ports must be enabled for exceptions that are configured with your SQL Server installation. For default SQL instances, TCP port 1433 is usually assigned. If you have configured any SQL Server instances intended for use with AD RMS so that they are using a non-default TCP port, those ports must be enabled for Windows Firewall exceptions so that AD RMS Setup can connect to your targeted SQL Server installation.
AD RMS SQL Server System Requirements for Windows Server 2008 R2
The following table describes the SQL Server hardware requirements for supporting AD RMS.
AD RMS SQL Server Hardware Requirements for Windows Server 2008 R2
| Hardware | Requirements | Recommendations |
|---|---|---|
CPU |
Pentium III processor (800 MHz or higher) |
2 Pentium 4 processors (1.5 GHz or higher) |
Memory |
512 MB of RAM |
2 GB of RAM |
Hard Disk |
20 GB of free hard disk space |
160 GB of free hard disk space or higher |
Network Adapter |
1 |
2 (public and private interface) |
Share Disks |
External disks for MSCS/SQL configuration |
Using RAID 1+0 for logging and RAID 5 for database recommended |
The following table describes the software requirements for AD RMS SQL Server.
AD RMS SQL Server Software Requirements Windows Server 2008 R2
| Software | Requirements |
|---|---|
Supported SQL Server editions |
Enterprise Standard |
Supported SQL Server versions |
Microsoft SQL Server 2014 (and all service packs): Requires hotfix. Microsoft SQL Server 2012 (and all service packs): Requires hotfix. Microsoft SQL Server 2008 R2 (and all service packs) Microsoft SQL Server 2008 (and all service packs) Microsoft SQL Server 2005 (and all service packs) |
Note
For information about the hotfix required for SQL Server 2014 and SQL Server 2012, see Deploying AD RMS in Windows Server 2008 R2 SP1 with SQL Server 2012 on the TechNet wiki.
For additional information about AD RMS and SQL Server, see AD RMS Performance and Logging Best Practices.
For additional information about AD RMS, see AD RMS Prerequisites.
For hardware and software requirements to install SQL Server, see Hardware and Software Requirements for Installing SQL Server 2014, and if necessary, use the Other Versions option at the top of the page.
Special considerations for using SQL Server databases with AD RMS and Windows Server 2008 R2
Important
If you are using MSDE 2000 to host the Rights Management Services (RMS) databases, you cannot upgrade to AD RMS. Similarly, an upgrade will not succeed if a version of SQL Server is detected that is not supported by AD RMS.
User account considerations:
If you are using an external database server for the AD RMS databases, the user account that installs AD RMS must have the right to create new databases. This user account must be a member of the System Administrators (sysadmins) database role, or equivalent.
If you are using SQL Server remotely, the user account that is installing AD RMS must be a member of the local administrators group on the SQL server. This allows the AD RMS installation to query the registry on the SQL server remotely.
The user account that is installing AD RMS will be granted Database Owner permissions on all three of these databases automatically.
Firewall considerations if there is an intervening firewall between the AD RMS server and SQL Server:
Allow the TCP port for the SQL Server instance (default and named instances).
Allow the UDP port for the SQL Browser if you are using a SQL Server named instance.