Planning for the Integration of the Rights Management Services Prelicensing Agent
[This is pre-release documentation and subject to change in future releases. This topic's current status is: Writing Not Started.]
Applies to: Exchange Server 2010 Beta* *Topic Last Modified: 2008-12-11
Planning for the integration of the Active Directory Rights Management Services (AD RMS) Prelicensing agent into your Microsoft Exchange environment requires software updates and setup procedures, in addition to coordination between you, as Exchange administrator, and the AD RMS administrator.
The AD RMS Prelicensing agent is included in Microsoft Exchange Server 2010. You must be running Exchange 2010 on all Hub Transport servers in your organization to enable the AD RMS functionality in Exchange 2010.
Understanding RMS and the AD RMS Prelicensing Agent
The term Rights Management Services (RMS) encompasses all the server and client technologies that are required to support Information Rights Management (IRM) in an organization. The AD RMS certification root and licensing clusters in the organization, together with the Microsoft-hosted RMS services, which are services that run the enrollment, activation, and RMS account certification services, certify trusted entities that are in the AD RMS system. In addition, the AD RMS licensing servers in the organization issue publishing and use licenses that control how rights-protected content is used by the AD RMS-enabled client applications. RMS client technologies, including the AD RMS client, lockbox, and RMS-enabled applications such as Microsoft Outlook, run on client computers and let users create, publish, and use rights-protected content.
The different AD RMS client and server technologies work together to support the following functions:
- Creating rights-protected content
- Licensing and distributing rights-protected content
- Acquiring licenses to decrypt rights-protected information and enforcing usage policies
The Active Directory directory service provides authentication for users of RMS.
AD RMS Prelicensing Agent
The AD RMS Prelicensing agent, which is a managed software component that performs a task in response to an application event, uses this technology to deliver content to e-mail recipients through Microsoft Office Outlook 2007 and Microsoft Windows Mobile 6.0.
The AD RMS Prelicensing agent improves the experience of Exchange users when they open rights-protected e-mail messages. Users no longer have to wait for the e-mail client to contact an AD RMS cluster to open a rights-protected message. This functionality improves the offline and mobile device synchronization scenarios. In the offline scenario, when a user is running Outlook in cache mode, rights-protected messages are pre-licensed so that if a user opens the rights-protected message when the user is offline, the content is accessible. For mobile devices that synchronize with Exchange 2007, rights-protected messages that are synchronized to the devices running Windows Mobile 6.0 are pre-licensed.
The AD RMS Prelicensing agent is part of the Exchange 2010 installation but is not enabled or configured.
Working with the AD RMS Administrator
To use the AD RMS Prelicensing agent, you must collaborate with the AD RMS administrator to perform the following tasks:
Upgrade the AD RMS server or AD RMS cluster to RMS Server on Windows Server 2003 SP2 or to Active Directory Rights Management Services on Windows Server 2008 – X64.
Set the permissions on the server certification pipeline, which is named servercertification.asmx, so that the account that is used on the computer that has the Hub Transport server role installed can access the AD RMS server or server cluster. You can do this by adding the Exchange Servers group.
Note
The AD RMS server can be configured to use either the HTTP protocol or the HTTPS protocol when it communicates with the AD RMS Prelicensing agent. By using the HTTPS protocol (HTTP over SSL), you prevent unauthorized users from monitoring traffic to determine who is receiving rights-protected messages.
AD RMS Software Requirements
Exchange 2010 requires the following software versions to use the AD RMS Prelicensing agent:
- RMS Server on Windows Server 2003 SP2 or Active Directory Rights Management Services on Windows Server 2008 – X64 must be installed on AD RMS servers that issue licenses.
For information about the feature changes between Windows Server 2003 and Windows Server 2008, see Terminology Changes.
For More Information
For more information about how to plan for the AD RMS Prelicensing agent, see the following topic:
For more information about how AD RMS works and about configuration tasks for the AD RMS administrator, see the following topics: