Export (0) Print
Expand All
4 out of 4 rated this helpful - Rate this topic

Understanding AD RMS Key Protection and Storage

Updated: December 30, 2007

Applies To: Windows Server 2008 R2, Windows Server 2012

You can protect the AD RMS cluster key by using a hardware- or software-based cryptographic service provider (CSP) or by storing the cluster key in the AD RMS configuration database. A hardware-based CSP stores the cluster key in a hardware device.

As a best security practice, we recommend using a hardware-based CSP to protect the AD RMS cluster key. When using AD RMS to centrally manage the cluster key from the AD RMS configuration database, you should use a strong cluster key password. If you are upgrading from RMS to AD RMS and using a hardware-based CSP, ensure that the drivers are compatible with Windows Server 2008 R2 before proceeding with the upgrade.

noteNote
If there are multiple servers in the AD RMS cluster and you are using either a software- or hardware-based CSP to protect the cluster key, you must manually move the cluster key to the other computers before installing AD RMS. Consult the CSP documentation for procedures on moving the cluster key.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.