SEC331 - Windows Rights Management Services RMS RMS

SEC331 -  Windows Rights Management Services   RMS  RMS

SEC331 - Windows Rights Management Services RMS RMS & RMS $40 Afghanistan ? $40 Kabul $40 US 40$ USB : US US

Source: BBC News http://news.bbc.co.uk/2/hi/south_asia/4905052.stm LA times http://www.latimes.com/news/opinion/editorials/la-ed-bagram14apr14,1,4404976.story , 2004 IP $500 Eli Lilly 600 & Victorias Secret State of New York $50 , .

T-Mobile Virus infection Unintended forwarding of emails 36% Loss of mobile devices 35% Password compromise Email piracy Loss of digital assets, restored 63% 22% 22% 20% Frequency of Reference ,

Jupiter Research Report, 2004 Home USB Drive Independent Consultant Mobile Devices , Partner Organization 8

Yes No Firewall Perimeter Rights Management Services? Windows , , , ,

, RMS , Full Control ISVs SDKs

11 RMS RMS &

RMS / RMS RMS / RMS RMS RMS APIs 1. 2. 3. 4. 5. RMS Client RMS Server

RMS Administration AD SQL Admin APIs HTTP/SOAP API HTTP/SOAP OS RMS Server Admin Snap-in

MMC Host E12 3rd Party Office SharePoint Pocket Office Windows Pres. Foundation Managed RMS Client API HTTP/SOAP Proxies RMS API

& & RMS APIs & RMS APIs , RMS- XPS (Office 12 formats, etc.) Office 12 formats, etc.) Web ASP.Net 98% Logging API MSMQ

XrML Active Directory SQL Certify License Admin Pre-license ASP.Net

MSMQ AD IIS SQL & HTTP/SOAP Proxies Administration HTTP/SOAP Proxies

APIs Snap-in & MMC Snap-in Vista & Longhorn Server MMC snap-in APIs XrML 1.2 SPC Security Processor Certificate RAC Rights management Account Certificate PL

Publishing License UL Use License CLC Client Licensor Certificate SLC Server Licensor Certificate (Office 12 formats, etc.) ID) (Office 12 formats, etc.) e-mail, SID) : RMS

1. Vista RMS 2. SPC Machine key Machine identity Protected by Security Processor System Workflow Deployment User certification Publishing information Licensing Information consumption & 1. Longhorn Server RMS Server 2. SLC Enterprise key Enterprise identity

System Workflow Deployment User certification Publishing information Licensing Information consumption : RMS 1.RAC 1.SPC 2.Windows Proof of user identity Used for encryption of information key RAC key encrypted by SPC Signed by SLC

2.CLC Authorization to publish in enterprise Used to sign PL CLC key encrypted by RAC Signed by SLC User is ready to consume and publish : RMS System Workflow Deployment User certification Publishing information Licensing Information consumption 1.RMS

a. b. c. PL all SLC CLC PL : RMS 1.RAC 2.PL System Workflow Deployment User certification Publishing information Licensing Information consumption

1.UL RAC SLC User is authorized to consume information Publishing License servers public key Content Key End User

Licenses Rights for a particular user Rights Info servers public key Content Key , 128bit AES Content Key w/ email addresses ( ) a ( , , , ) server licenses

users public key users public key E-mail ULs are stored in the local RMS license cache, not in the e-mails directly : RMS System Workflow Deployment User certification Publishing information Licensing Information consumption

UL RAC RMS 1. 2. 3. 4. 5. UL Security Processor & Machine key RAC private key RAC key UL (Office 12 formats, etc.) , , , .) RMS Vista/Longhorn

Longhorn ADFS RMS RMS Server Server Microsoft Microsoft Vista Vista RMS RMS ..

64 64 RMS RMS Longhorn Longhorn Server Server MMC MMC Quality Quality gates gates ADFS

: Fabrikam Contoso ADFS SharePoint , , . Contoso RMS , Fabrikam Contoso RMS Contoso Fabrikam RACs ULs ADFS AD 1. Contoso Fabrikam 3. RMS 4. WebSSO 5. RMS FS-R

6. RMS FS-A 7. RMS FS-R 8. RMS RMS 9. WebSSO , RMS 10.RMS 11.RMS use license 12. AD FS-A FS-R 9 2. Fabrikam WebSSO 4

6 5 3 7 8 RMS 2 PL 10 1 11 12 RAC CLC RAC CLC UL

RMS-wave 2006/07 Windows Vista/ Longhorn Server (Office 12 formats, etc.) FIPS) RMS v2 client and server built into the Windows OS RMS leverages ADFS trust Longhorn Server Role and built in MMC snapin

Microsoft Self-enrollment document library SharePoint provides protected document libraries InfoPath supports RMS protection e-mail Better user experience Windows Presentation Foundation WPF allows anything to be output to a protected file

RMS Open Packaging Convention container format supports RMS through managed interface Exchange 2007 e-mail Pre-licensing of protected e-mail Exchange e-mail Exchange policy can specify information protection Office/ Sharepoint 2007 28 RMS RMS &

RMS RMS RMS Windows Rights Management Services (Office 12 formats, etc.) RMS) service Windows Server 2003 (Office 12 formats, etc.) Standard, Enterprise, Web Datacenter) Internet Information Services, ASP.NET, Message Queuing installed Active Directory service (Office 12 formats, etc.) Windows Server 2000 SP3 ) AD E-mail Microsoft SQL Server 2000 SP3 Microsoft SQL Desktop Engine (Office 12 formats, etc.) MSDE) (Office 12 formats, etc.) ) Windows Rights Management client software RMS APIs Lockbox, Windows 2000 RMS

RMS SDK Microsoft Office Professional Edition 2003 Internet Explorer RMS RMS Pentium III processor 800 MHz or higher Two Pentium 4 processors 2.4 GHz 256 MB of RAM 1 GB of RAM 20 GB 40 GB

RMS RMS RMS = Log DB RMS Web Services Certification Publishing Licensing NLB HSM MSIT RMS Items Published 100000 90000 80000

70000 60000 50000 40000 30000 20000 10000 0 2003 6 RMS Technical Chats and Webcasts http://www.microsoft.com/communities/chats/default.mspx

http://www.microsoft.com/usa/webcasts/default.asp Microsoft Learning and Certification http://www.microsoft.com/learning/default.mspx MSDN & TechNet http://microsoft.com/msdn http://microsoft.com/technet Virtual Labs http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx Newsgroups http://communities2.microsoft.com/ communities/newsgroups/en-us/default.aspx Technical Community Sites http://www.microsoft.com/communities/default.mspx User Groups http://www.microsoft.com/communities/usergroups/default.mspx

Recently Viewed Presentations