Microsoft Active Directory Rights Management Services (AD RMS)
This document describes how to install, configure, and integrate Microsoft Active Directory Rights Management Services (AD RMS) with the CipherTrust Manager.
AD RMS is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use. Content owners can define who can open, modify, print, forward, or take other actions with the information. CipherTrust Manager is deployed to provide a security framework to the data in use, data at rest, and the data in transit.
Microsoft Office uses AD RMS to implement document security utilizing SafeNet ProtectApp Cryptographic Service Provider (CSP) to store the AD RMS cluster keys on the CipherTrust Manager. CipherTrust Manager secures the AD RMS Cluster Key generated and used by the AD RMS.
Following diagram shows the integration:
Supported Product Versions
This integration is validated on the following operating system variants:
Windows Server 2012 Standard
Windows Server 2012 R2
Windows Server 2016 Standard
CipherTrust Manager
- CipherTrust Manager 2.1 and higher
SafeNet ProtectApp
- SafeNet ProtectApp 8.4.3 and higher
Prerequisites
Ensure that the CipherTrust Manager is installed and configured. For more details, refer to the CipherTrust Manager Documentation.
AD RMS communicates with the CipherTrust Manager using the Network Attached Encryption (NAE)-XML Interface. Ensure that the NAE-XML interface is configured. For more details, refer to the CipherTrust Manager Documentation.
Ensure that Active Directory Domain Controller (AD DC) is installed and configured. For more information, refer to the Microsoft Documentation.
Ensure that AD RMS is installed and configured. For more information, refer to the Microsoft Documentation.
Ensure that the port configured on NAE-XML interface is accessible from the AD RMS machine.
Steps for Integration
To integrate AD RMS with the CipherTrust Manager:
Further, you can verify the integration using the instructions mentioned in the Verifying the Integration section.