Updating Your Deployment with RMS Service Pack 1 (SP1)

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

This section provides information to help you install to Microsoft® Windows® Rights Management Services (RMS) Service Pack 1 (SP1) in an organization with an existing RMS deployment. Only organizations that have already deployed RMS need to update their deployment with RMS SP1. Organizations that are deploying RMS for the first time can deploy RMS with SP1 by following the guidelines in Planning an RMS Deployment and Deploying an RMS system in this documentation collection.

You can install RMS SP1 without removing your existing RMS installation. The setup program for RMS SP1 detects that RMS is installed and adds the additional features and settings as required.

In this subject

• Preparing for the RMS SP1 Update

• Performing the RMS SP1 Update

• Updating Clusters

• Updating RMS Clients

• Interoperability with RMS Version 1.0

• Removing RMS with SP1

Preparing for the RMS SP1 Update

The RMS SP1 update is designed to allow you to continue RMS operations without interruption. However, before you upgrade your RMS servers, it is recommended that you do the following:

• Back up the configuration database and RMS private key. For more information see "System Backups for RMS" in the "Planning an RMS Deployment" section of this documentation collection.

• Make sure you have the RMS private key password.

• Back up the logging database if you want to retain previously logged statistics.

• Make sure you have the latest critical updates and security updates for the operating system installed on your clients and servers. To verify that you have all critical updates and security updates, click Start, click Windows Update, and then follow the instructions that appear on your screen.

Performing the RMS SP1 Update

When the RMS SP1 Setup Wizard detects your RMS installation, it only adds new files or replaces files that need to be changed for RMS SP1. If you are already successfully running RMS, you do not need to reprovision or perform any additional configuration after you install RMS SP1 to continue running RMS.

Updating Clusters

If you have installed RMS in a cluster configuration you should plan for the update of your clusters to minimize the impact of the update on your installation. Consider the following recommendations when determining how best to implement RMS SP1 in your organization:

• As a best practice, install RMS SP1 on a portion of a cluster at a time, so that the upgrade of the cluster can be more predictable and have less of a chance of causing degradation in service during the upgrade.

• If you have multiple RMS clusters you should upgrade the root certification clusters first and then upgrade the subenrolled licensing clusters.

• If you are using cross-forest group expansion, you can upgrade the clusters in the forests independently without impacting the ability of the RMS servers to expand group membership across forests.

• RMS SP1 and RMS version 1.0 server can co-exist and interoperate.

• The RMS SP1 setup package can also be used to install a new version of RMS SP1 on a server; it does not require that RMS version 1.0 be installed.

Updating RMS Clients

A new RMS client is included in RMS with SP1. The RMS SP1 client setup package can also be used to install a new version of the RMS SP1 client on a computer; it does not require that the RMS version 1.0 client be installed. The RMS SP1 client includes a backwards compatibility feature to enable it to be used with RMS-enabled applications that require RMS version 1.0.

This new RMS client provides the following features:

• The client no longer needs to connect to Microsoft over the Internet and download a lockbox.

• If you install RMS client by using an SMS or group policy, administrator privileges are not required for installation.

• The RMS SP1 client includes a new server lockbox (also known as a server security processor) that can be used to RMS-enable Web services or server-side applications, such as Windows SharePoint® Services and Exchange Server 2003, to allow the service to consume and redistribute RMS-protected content. This lockbox is designed to be highly performant and scalable when used in trusted server applications

• RMS client uses FIPS 140-2 certified cryptographic algorithms. This enables the client to be deployed in a FIPS-compliant organization.

Interoperability with RMS Version 1.0

Because RMS SP1 provides many improvements and performance enhancements, you should install it after you complete your testing. Although RMS servers and clients that are running RMS SP1 are fully interoperable with RMS servers and clients that are not running RMS SP1, be aware of the following differences in how they function in a mixed environment:

• Only servers running RMS SP1 are capable of offline enrollment.

• Only clients running RMS SP1 are self-activating.

• The following table depicts the supported functionality for mixed environments:

Removing RMS with SP1

If you want to return your RMS server to its previous configuration after you install RMS SP1, you can use Add or Remove Programs in Control Panel to remove RMS SP1.