Setting Up Hardware Encryption Devices

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

RMS can use the standard Windows cryptographic service providers (CSPs), such as basic and enhanced CSPs, to generate the public and private keys that will be encrypted and stored in the configuration database. To provide higher-level of key protection, a hardware-based CSP provided by a hardware security module (HSM) can be used.

If you will be using an HSM to provide additional security for your server keys, install and configure the hardware on the servers before you start the installation of RMS.