Windows Server 2008 's Active Directory Rights Management Service (AD RMS) (formerly Windows RMS) is a key to protecting sensitive information. Windows Server 2008, previously published, is an RMS-protected document shared with the enterprise network outside the user, requiring a compatible RMS server in the recipient's organization. Alternatively, outside users can give an Active Directory account within the corporate network, a process that raises challenging administrative and security issues. Microsoft's collaboration platform, on the basis of User Activity directory Introduction, the share Point Server 2007 also has the ability to dynamically request the RMS protection for the document. However, this also requires a local Active Directory account.
Windows Server 2008 protects sensitive data by using a new, more comprehensive and manageable approach. Because of the Active Directory Federation Service (AD FS) in Windows Server 2003, you can establish a federated trust between an organization and another organization. Once a user logs on to their local domain, identity and access to the federation can be entered into the partners ' domains. Because the Windows Server 2008,AD RMS has been consolidated with AD FS, the Federated Trust now allows AD RMS to recognize the appropriate RMS license to external users without having to log on locally or have their own AD RMS server.
This situation is called "secure federal Collaboration". Essentially, an administrator within a company needs to share RMS protection information and no longer need to maintain a separate user name and password for external users. External users require a separate login (SSO) to enable them to get the RMS protected content appropriately without having to retain multiple identities. In short, securely sharing confidential information-whether it is with partners, suppliers, or customers-has become easier. When an external user is authenticated, RMS automatically provides all appropriate licenses, allowing external users to work and share the organization's internal sensitive content. The administrator obtains a single point of control, which controls how external users interact with protected content, including the ability to define the module, so that it can be applied to exponentially increasing partnerships.
The Windows Server 2008,ad FS works with AD RMS to enable users to share documents securely in different areas, rather than at the local Active Directory level, based on federated identification. This allows AD FS to authenticate users and control their access to content. When external users log in to their local ad domain, they provide their federal requirements, which requires a trust book and access rights that should be recognized.
This creates a powerful new content sharing-federated document collaboration-eliminates the need for external users to maintain shadow accounts and provides these users with separate logins to enter RMS protected content. Once two entities have established federated trusts, users can share and take advantage of protected content almost as if they were in the same domain. In the resource provider-administrators can control some good points-they have some way of getting into something else, and no need to manage identities for individual users.
Persistence Information Protection
The Windows Server 2008,ad RMS can work with many applications and work across platforms, and it will provide tightly integrated access to and encryption of subsequent content wherever it runs. It can be used to protect documents, spreadsheets, intranet sites and emails. It also provides the tools necessary to develop the integration of RMS functionality with non-RMS applications. Also, organizations can create custom usage rights modules that can be used instantly.
AD RMS server and client system processing, step one: Start issuing user license to request AD RMS content license. Once a user has issued an account certificate through the RMS server, the user can protect the content. This makes the RMS protection of the document simple; the RMS feature is built into Microsoft apps, such as Microsoft Office? Word and Microsoft Office Excel? The RMS server binds the information content and encrypted content of the rights to protect against unauthorized access. It is appropriate for the RMS server to beep when a user tries to view or otherwise use a protected document, and to check the user's permissions and issue decryption and use licenses.
Before Windows Server 2008, the content that an external user needs to enter RMS protection must have a local user account. This is no longer necessary after simplifying the management of external accounts.