Active Directory Rights Management Services protects information within a digital file, such as a Microsoft Office document. Once the protection is added, it stays with the file. By default, only the content owner is able to remove the protection from the file. The owner grants rights to other users to perform actions on the content, such as the ability to view, copy, or print the document. AD RMS requires the installation of Internet Information Services (IIS), where SSL (Secure Sockets Layer) encryption is highly recommended for https connections between each client using AD RMS and the AD RMS cluster.
IIS and Active Directory Certificate Services, which issue the SSL certificates with Microsoft Certificate Authority, can be secured by the SafeGuard CryptoServer as well. For further information about integrating SafeGuard CryptoServer into Microsoft Windows 2008 Server Active Directory Certificate Services and Internet Information Services, we refer to the corresponding documents; HowToW2K8Server-ADCS-CryptoServer and IIS7withSGCryptoServer. In this guide, a self-signed certificate for https connection between client and AD RMS server is created.
The SafeGuard CryptoServer is a hardware security module developed by Utimaco Safeware AG, i.e. a physically protected, specialized computer unit designed to perform sensitive cryptographic tasks and to securely manage cryptographic keys and data. In a SafeGuard CryptoServer system, security-relevant actions can be executed and security-relevant information can be stored. It can be used as a universal, independent security component for heterogeneous computer systems.