Share via

AD RMS Licensing-only Cluster Deployment Step-by-Step Guide

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2

About This Guide

This step-by-step walks you through the process of setting up a working licensing-only Active Directory Rights Management Services (AD RMS) cluster in a test environment. During this process you install a database server, install the AD RMS server role, configure the AD RMS licensing-only cluster, and configure the AD RMS-enabled client computer to acquire licenses from the licensing-only cluster.

Note

For most purposes, we recommend that you add AD RMS servers to the root cluster so that you can set up redundancy and load balancing across all servers that are in your deployment. Although licensing-only clusters can also be used to offload the processing of licensing and publishing requests, a licensing-only cluster cannot be load balanced with the root cluster.

In this guide, you create a test deployment that includes the following components:

  • Two AD RMS servers

  • Two AD RMS database servers

  • AD RMS-enabled client

  • Active Directory domain controller

This guide assumes that you previously completed Windows Server Active Directory Rights Management Services Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=72134), and that you have already deployed the following components:

  • One AD RMS server

  • One AD RMS database server

  • AD RMS-enabled client

  • Active Directory domain controller

What This Guide Does Not Provide

This guide does not provide the following:

  • An overview of AD RMS. For more information about the advantages that AD RMS can bring to your organization, see https://go.microsoft.com/fwlink/?LinkId=84726.

  • Guidance for setting up and configuring AD RMS in a production environment

  • Complete technical reference for AD RMS

Deploying an AD RMS Licensing-only Cluster in a Test Environment

We recommend that you first use the steps provided in this guide in a test lab environment. Step-by-step guides are not necessarily meant to be used to deploy Windows Server features without additional deployment documentation and should be used with discretion as a stand-alone document.

Upon completion of this step-by-step guide, you will have a working AD RMS infrastructure with an AD RMS licensing-only cluster. You can then test and verify AD RMS functionality as follows:

  • Restrict permissions on a Microsoft Office Word 2007 document

  • Have an authorized user open and work with the document.

  • Have an unauthorized user attempt to open and work with the document.

Licensing-only clusters are optional and are most often deployed to address specific licensing requirements, such as supporting unique rights management requirements of a department. For instance, a group within your organization may require specific rights policy templates that no other department can access.

The test environment described in this guide includes six computers connected to a private network and using the following operating systems, applications, and services:

Computer Name Operating System Applications and Services

ADRMS-SRV

Windows Server® 2008

AD RMS, Internet Information Services (IIS) 7.0, World Wide Web Publishing Service, and Message Queuing

CPANDL-DC

Windows Server 2008 or Windows Server 2003 with Service Pack 2 (SP2)

Active Directory Domain Services or Active Directory®, Domain Name System (DNS)

ADRMS-DB

Windows Server 2003 with SP2

Microsoft SQL Server® 2005 Standard Edition with Service Pack 2 (SP2)

ADRMS-CLNT

Windows Vista®

Microsoft Office Word 2007 Enterprise Edition

CPANDL-ADRMSLIC

Windows Server 2008

AD RMS, Internet Information Services (IIS) 7.0, World Wide Web Publishing Service, and Message Queuing

CPANDL-LICDB

Windows Server 2003 with SP2

Microsoft SQL Server® 2005 Standard Edition with Service Pack 2 (SP2)

Note

For more information about the system requirements for installing AD RMS, see https://go.microsoft.com/fwlink/?LinkId=84733.

The computers form a private intranet and are connected through a common hub or Layer 2 switch. This configuration can be emulated in a virtual server environment if desired. This step-by-step exercise uses private addresses throughout the test lab configuration. The private network ID 10.0.0.0/24 is used for the intranet. The domain controller is named CPANDL-DC for the domain named cpandl.com. The following figure shows the configuration of the test environment: