Determining Access Requirements
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
During this portion of the planning phase, you should have identified the scope of your RMS implementation. In assessing the security of your RMS system, you should consider methods by which you can limit the scope to those participants and ensure that the data they are protecting with RMS is also protected by using traditional information security best practices. You should also make sure that the access to the RMS server for administration and configuration is restricted to only trusted administrators. The access security methods that you can use with RMS include the following:
Access control lists (ACLs). Each of the RMS Web services and the Administration Web site can be protected by ACLs. To ensure that only appropriate users areauthorized to use RMS, you can use access control lists to restrict the ability of users to connect to the RMS certification and licensing services. This can be useful if you want only certain groups to be able to create protected content or if you want to enable only certain groups to obtain licenses for protected content.
Client authentication. You can also require smart cards or other client authentication to occur when a user attempts to acquire a use license or certificate. This can help mitigate the potential for an unauthorized user to open content using an authorized user's session.
Secure Sockets Layer. To provide an additional layer of protection you can also require an SSL connection between the RMS clients and the RMS server. It is recommended that you enable SSL and require 128-bit encryption on each of the RMS Web services files. These files have the .asmx file name extension and are located in the Licensing, Certification, and Admin virtual directories in the RMS cluster. If you want to open the RMS Administration Web pages from a browser on a remote computer, you must enable SSL.
Even with SSL enabled, you cannot open the Global Administration page from a remote computer.
For information about configuring SSL on servers, see IIS Help.
In some organizations there is a need for a departmental licensing system that is isolated and secured from other departments. An RMS server can be used in that scenario to provide a means for establishing information rights management policies. If you have a department or other branch of your organization that controls extremely sensitive content, consider setting up a separate licensing-only cluster to manage the licensing of their content separately from the rest of the organization. A licensing-only cluster is subenrolled with the root cluster, which provides certification and other services for the licensing-only cluster. However, licensing-only servers provide their own licensing and publishing services.
User accounts, ACLs, and physical security are all critical elements of your deployment. Before you implement RMS in a production environment, ensure that you evaluate and implement all security best practices, as appropriate.