Rights Management Services Microsoft

1
Rights Management Services _at_ Microsoft
Kimberly Malone DeAnne Dodson Darren
Justus Microsoft Corporation March 2004
2
RMS at MicrosoftAgenda

• IT at Microsoft Dogfooding vs. Running the
  Utility
• Building the Business Case for Rights Management
• Planning the Deployment
• Hardware Support
• Backup Disaster Recovery Monitoring Performance
• Template Definitions and Administration
• Distribution of Client bits
• User Education
• Current Deployment Statistics
• QA

3
RMS at MicrosoftBeing Microsofts First and Best

• What is it like to be Microsofts First and Best
  Enterprise Customer?
• Our responsibilities
• Shared Goals
• Product Feedback
• Planning
• Balancing Dogfooding vs. Running the Utility
• Managing Expectations
• Do 50,000 people across a worldwide organization
  really share the same affinity for dogfood?

4
RMS at Microsoft Building the Business Case
Trustworthy Messaging

• Goals
• Protection of Intellectual Property
• Greater Sharing of Sensitive Information
• Components of OTGs Trustworthy Messaging
• S/MIME Signing
• S/MIME Encryption
• Information Rights Management

5
RMS at Microsoft Components of Trustworthy
Messaging

• When Should I Use Which Technology?

Comparing OTGs implementation of S/MIME
signing, S/MIME encryption, and IRM.
OTGs implementation of S/MIME requires a High
level of security.
6
RMS at Microsoft Information Rights Managements
Role

• Overview
• Protect Content from Unauthorized Access and
  Tampering
• Enable Users to Grant Specific Rights to
  Consumers of their Content
• Allow Admins to Pre-Define Policy Templates (e.g.
  Company Confidential Messaging IT Staff)
• Templates Can Grant Different Rights to Different
  Individuals or Groups

7
RMS at MicrosoftPlanning the Deployment The
Basics

• Hardware Planning Acquisition
• Number of RMS Certification Clusters Dictated by
  Number of Logon Forests 4
• 1 SQL Server (30 GB configured data space) per
  Certification Cluster
• 2 RMS Servers per Certification Cluster
  (Availability)
• Centralized RMS Licensing Cluster
• 1 Additional RMS Server for Licensing Cluster
  (Availability and Scalability)
• nCipher nShield HSMs for all RMS Servers
• Support Planning
• Escalation and SLAs
• Training and KB Articles

8
RMS at MicrosoftPlanning the Deployment The
Basics

• Backup Disaster Recovery
• Daily Backups
• Simple Recovery on Logging and Directory Services
  Databases
• Full Recovery with Transaction Log Shipping on
  Config Database
• Performance Monitoring
• RMS, Memory, Disk, and CPU Performance Counters
  Sampled Every 15 Minutes on RMS Servers and DCs
• PerfMon Logs Reviewed Bi-Weekly
• Client Performance Measured and Reported Weekly
  from IIS Logs

9
RMS at Microsoft Microsofts RMS Topology
10
RMS at MicrosoftOTG Deployment Statistics

• 12,000 unique users per week
• 60,000 content licenses issued per week
• 50 RMS-related helpdesk calls per week
• Overall helpdesk volume is 11,000 calls per week
• Median time to license lt1 second
• No sustained performance impact measured on GCs

11
RMS at Microsoft Usage Metrics
Metric Definitions Unique Users Users are
derived from any activity in the log database,
whether they are getting a license, publishing,
activating or getting a cert. First Time Users
Users that have had license, publish, activation,
or certification activity during a specified time
period. License Requests Occurs each time a user
attempts to open something RMS protected License
Requests per User Total license
requests/distinct License request users. Machine
Activation Requests Occurs once per machine.
Specific to individual machines. If RAC is
deleted, machine activation needs to be done
again. User Certification Requests (RAC) Issued
once per user per activated machine the first
time that the user tried to consume or publish
content. Publication Certification Requests
Occurs once per content item. RMS checks to see
that the user certificate is valid to consume
content.
12
RMS at Microsoft Sample Daily Licensing Volumes
13
RMS at MicrosoftPlanning the Deployment RMS
Features

• RMS Templates
• Four Company-Wide Templates
• Group Templates Reviewed and Created Upon
  Request Offering Not Advertised
• Deployment of Client Bits
• Windows RMS Client Chained to Office 2003
• Configuration GPO
• User Education
• http//OTGWeb/RM
• OTG Messaging QRG

14
RMS at MicrosoftLessons Learned

• Client Distribution Complexities
• Multiple ways to install
• Chain RM Client install to Office 2003
• SMS but doesnt work for everybody
• Activation requires Admin user
• Configuration GPO to enforce Corp settings
• Client Education
• Corporate vs. Passport functionality confusing
• RMS Server Monitoring Challenges
• Most error events A general error occurred
• MOM Pack must be modified to reduce false alerts
• Managing Logging DB Growth
• Use the OTG archival and reporting tool shipping
  with RMS Toolkit!

15
Appendix Slides
16
RMS at MicrosoftSafeguarding Confidential Data
Comparison of Technologies Used to Safeguard
Confidential Data
17
RMS at MicrosoftExample of RMS Templates

• Corporate RMS templates available from the
  Permission menu of Outlook, Word, PowerPoint, and
  Excel