(This blog post was published on the original RMS team blog in March 2010.)
Today I'm acting as a conduit for one of the many AD RMS experts that we have in the community that work with us at Microsoft. Thanks to Alexey for sharing his knowledge about the inner workings of AD RMS!
First of all let me introduce myself. My name is Alexey Goldbergs and I’m a Technology Solutions Professional on Security from Microsoft Russia. With this blog post I want to start the series which I call “AD RMS Under the Hood” where I’m going to explain you how AD RMS really works behind the scene.
Those of you who have heard about Active Directory Rights Management Services (hereinafter referred to as “AD RMS”) have at least once seen the following picture or one like it:
But what does it really mean to say that the “author receives a Client Licensor Certificate”? What is the Publishing License (PL)? What does the Use License (UL) look like? Well…. This is why I’m here, actually.
On the next few of my blog posts you will get to know the answers to all these questions.
But before we get started let’s step back and look at the activation process of the first server in a new AD RMS cluster (also known as server bootstrapping). What happens when you click on the Install button on the last page of AD RMS Server role installation wizard?
And this is the key difference between AD RMS and Windows RMS (the predecessor of AD RMS) server bootstrapping. Unlike Windows RMS, the AD RMS key chain root does not link up to Microsoft; instead, it ends in the organization’s AD RMS certification cluster SLC.
Here is how Windows RMS (Windows Rights Management Services) bootstrapping looked after the server generated the key pair:
Another difference is that the Windows RMS SLC key was valid for one year and needed to be periodically renewed, whereas the AD RMS SLC is valid for 250 years.
The created SLC is shared by all the servers in the new AD RMS cluster.
On the next blog post I’m going to add some details which Enrique intentionally skipped through on his blog post.
Alexey Goldbergs, Technology Solutions Professional, Microsoft Russia
Enrique Saggese, Senior Security Consultant, Security Center of Excellence
Sergey Simakov, Senior Security Consultant, Security Center of Excellence