Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Microsoft Active Directory Rights Management Services (AD RMS)

Integration with the CipherTrust Manager

search

Integration with the CipherTrust Manager

This section outlines the steps to integrate AD RMS with the CipherTrust Manager.‌

Setting up the Environment

The setup consists of the following systems in a private network:

HostApplications and Services
CipherTrust ManagerNAE
AD DC ServerActive Directory, Domain Name System (DNS)
AD RMS ServerAD RMS, Internet Information Services(IIS), Message Queuing, and Safenet ProtectApp CSP
AD RMS ClientMicrosoft Office

Note

Join AD RMS server and AD RMS client to AD Domain Controller.

Configuring AD DC

  1. Configure the domain on AD Domain Controller. For more details, refer to Active Directory Domain Controller.

  2. Add desired user accounts to the Active Directory. In this document, we are using the user accounts as mentioned in the following table. However, you can create the user accounts as per your requirement.

    User NameE-mail AddressPurpose
    rmssrvrmssrv@rms.localEnterprise Admins Schema Admins
    jamesjames@rms.localRead Access user
    peterpeter@rms.localChange Access user
    stevesteve@rms.localContent Owner

Configuring CSP for AD RMS

  1. Install AD RMS. For more details, refer to Microsoft documentation.

  2. On the Post Installation screen, after installation is completed, either click Close to close the wizard or click Perform additional configuration. Moreover, you can click the Notification flag to open the configuration wizard later.

  3. On the AD RMS screen, click Next.

  4. On the AD RMS Cluster screen, select the Create a new AD RMS root cluster option, and click Next.

  5. On the Configuration Database screen, select the Use Windows Internal Database on this server option, and click Next.

  6. On the Service Account screen, click Specify... to select the Service Account.

  7. Specify username as rmssrv and Password, click OK, and then click Next.

  8. On the Cryptographic Mode screen, select a cryptographic mode, and click Next.

  9. On the Cluster Key Storage screen, select Use CSP key storage option, and click Next.

  10. On the Cluster Key CSP screen, select SafenetProtectApp enhanced RSA and AES Cryptographic provider from the CSP drop-down list. Further, select the Create a new key with the selected CSP option, and click Next.

  11. On the Cluster Web Site screen, click Next. Ensure that the Default Web Site is listed.

  12. On the Cluster Address screen, select Use an unencrypted connection (http://) and specify the Fully Qualified Domain Name (FQDN). Further, click Next to continue.

    Note

    FQDN should be the same as the AD RMS Server. You can rename the system to give it a user-friendly name.

  13. On the Licensor Certificate screen, ensure that the server name (same as AD RMS Server) is listed, and click Next to continue.

  14. On the SCP Registration screen, select the Register the SCP now option, and click Next.

  15. On the Confirmation screen, click Install.

  16. Click Close.

At this stage, a key is created on the CipherTrust Manager. Moreover, you can verify the integration using the instructions mentioned in Verifying the Integration.

On this page