Checklist: Deploying AD RMS with Microsoft Federation Gateway Support

Applies To: Windows Server 2008 R2, Windows Server 2012

The following steps in this checklist describe the tasks required to install and configure Microsoft Federation Gateway Support on an Active Directory Rights Management Services (AD RMS) cluster. For more information about Microsoft Federation Gateway, see Understanding the Microsoft Federation Gateway.

  1. If you have not already done so, on each server in the cluster assign a secure sockets layer (SSL) certificate to the Web site that is hosting the AD RMS cluster. The certificate must be from a certificate authority that is trusted by the Microsoft Federation Gateway. For more information, see Important considerations for installing AD RMS with Microsoft Federation Gateway Support.

  2. If you have rights policy templates that grant user rights to Anyone , you should consider modifying them to prevent granting rights to external users who are authenticated through the Microsoft Federation Gateway. For information on changing a rights policy template, see Edit a Rights Policy Template.

  3. In order to ensure that you can recover your AD RMS cluster in case of a problem, you should back up your AD RMS databases. The AD RMS databases have names that begin with the DRMS_ prefix. The method and procedure you use to back up the databases will depend on the server on which they are stored and the procedure that you typically follow to back up the server databases.

  4. On each server of the AD RMS cluster, install Service Pack 1 for Windows Server® 2008 R2 and then add Microsoft Federation Gateway Support to each server in the cluster by following the instructions in Add Microsoft Federation Gateway Support.

  5. On one server in the AD RMS cluster, enroll the cluster with the Microsoft Federation Gateway and then enable Microsoft Federation Gateway Support by following the instructions in Enroll with the Microsoft Federation Gateway.

Additional references