DOC

RMSRecovery

By Craig Perkins,2014-07-26 11:49
25 views 0
RMSRecovery

Disaster Recovery for Microsoft Windows Rights

    Management Services

Microsoft Corporation

    Published: October 2004

    Updated: April 2005

    Authors: Paul Cullimore (MCS, UK) and Graham Calladine (MCS, UK)

    Special contributor: John Howie (MCS, USA)

Abstract

    This white paper exists to provide system administrators helpful information and describe best practices for designing a Microsoft? Windows? Rights Management Services (RMS) for Microsoft

    Windows Server? 2003 deployment. This discussion is most appropriate for those who

    understand the fundamentals of RMS and who have read the RMS technical overview white paper and have a solid grasp of the RMS system. This paper analyzes the potential breakdown points in an RMS system and the possible impacts on the infrastructure and sensitive data should a loss of service occur. In addition, the paper includes suggestions as to how to mitigate the risks of failure and how to restore an RMS server or configuration database.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

    This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

    Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

    ? 2005 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Outlook, Windows, the Windows logo, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Microsoft? Windows? Rights Management Services (RMS) for Windows Server 2003? White Paper

    Contents

    Introduction ........................................................................................................................................ 2 Disaster Recovery .............................................................................................................................. 3 Disaster Recovery Preparation.......................................................................................................... 3

    Intranet connection ........................................................................................................................ 3

    Certification and licensing pipelines ............................................................................................... 4 Certification Pipeline ......................................................................................................................... 4

    Licensing pipeline .......................................................................................................................... 5

    Database servers .......................................................................................................................... 6

    Table 3. RMS-enabled application databases ................................................................................ 7

    Directory services .......................................................................................................................... 9 RMS and Related Databases Restoration ......................................................................................... 9

    Restoring a previous RMS installation ........................................................................................... 9

    Restoring a database .................................................................................................................. 10 Disaster Recovery of Windows Rights Management Services 1

    Microsoft? Windows? Rights Management Services (RMS) for Windows Server 2003? White Paper Introduction

    Microsoft? Windows? Rights Management Services (RMS) for Windows Server? 2003 operating

    system is an information protection technology that works with RMS-enabled applications to help

    safeguard digital information from unauthorized useboth online and offline, inside and outside the firewall. With RMS, you can specify the authorized recipients and their usage rights. For example, you

    can decide who can read, copy, and print a particular file. For a general overview of RMS, please refer

    to the following Web sites.

    ? RMS home page: www.microsoft.com/rms

    ? RMS technical overview white paper:

    www.microsoft.com/windowsserver2003/techinfo/overview/rmenterprisewp.mspx

    ? RMS functionality in RMS-enabled applications in Microsoft Office System:

    www.microsoft.com/technet/prodtechnol/office/office2003/operate/of03irm.mspx

    Disaster Recovery of Windows Rights Management Services 2

Microsoft? Windows? Rights Management Services (RMS) for Windows Server 2003? White Paper

    Disaster Recovery

    When you set up an RMS system, it is important to consider the potential impact on your IT systems and your sensitive data should a loss of RMS service occur. The unforeseen loss of service can be a result of any component of the RMS system breaking down, from the intranet connection used by the RMS server, to the RMS certification server, to any of the sub-enrolled RMS licensing servers, and even to the database servers hosting the RMS configuration databases.

    While the majority of the aforementioned-scenarios would result in a temporary Denial of Service, the breakdown of the database servers that host the RMS configuration databases would be the one component that could prevent continued access to rights-protected information.

    This white paper analyzes the potential breakdown points of the RMS system and describes the steps necessary to prepare for, mitigate loss from, as well as recover from, an unforeseen loss of system capabilities.

    Disaster Recovery Preparation

    This section describes the important considerations and factors in preparing for disaster recovery for an RMS system, including the following:

    ? Intranet connectivity

    ? Certification and licensing pipelines

    ? Database servers

    ? Directory services

    Intranet connection

    RMS is a client-server technology that relies on a connected infrastructure. Without a functioning intranet network, RMS servers cannot connect to required services within the enterprise or to the users to supply its services. Specifically, the intranet connection is a requirement for machine activation because the RMS server sends the request for a lockbox and acts as a proxy to the Microsoft Activation service. Furthermore, without intranet connectivity, users can not obtain rights account certificates (RACs), client licensor certificates (CLCs), and use licenses from the RMS servers. As a best practice,

    organizations should consider redundant routing architectures and failover links to remote sites. Once a user has obtained a CLC for that user’s computer, the user can publish rights-protected

    information offline when there is no access to the RMS license server. If the user’s Microsoft Office

    Outlook? 2003 has been configured to download use licenses for the associated rights-protected e-mail

    messages automatically when synchronizing his or her inbox, the user will be able to read rights-protected e-mail messages even if the intranet connection is no longer present (for example, as if the user had been disconnected from the network).

    While a connection to a functioning intranet network is required, an Internet connection is no longer required to run RMS. With RMS Service Pack 1 (SP1), organizations with air-gap networks and organizations that do not want outside operational dependencies can deploy and manage server enrollment and client-machine activation within the network perimeter and without a connection to the Internet.

    Disaster Recovery of Windows Rights Management Services 3

    Microsoft? Windows? Rights Management Services (RMS) for Windows Server 2003? White Paper Certification and licensing pipelines

    The RMS system relies heavily on two virtual directories within Internet Information Services (IIS) 6.0,

    the certification and licensing pipelines. These pipelines allow users and their computers to enroll into

    the RMS environment and RMS-enabled applications to publish and access rights-protected

    information.

    Certification Pipeline

    The certification pipeline’s primary function is to enroll components into the RMS system. Table 1 lists

    the files that can be found within the certification virtual directory within IIS. If these files are missing, or

    if users do not have permissions to these files, then the associated service will be unavailable.

Table 1. RMS Certification Pipeline Files

    RMS Certification Pipeline Files Activation.asmx Required to enroll workstations into RMS and proxies the

    request for lockbox code

    Required to enroll users by supplying the user certificatethe Certification.asmx

    RAC

    SubEnrolllService.asmx Required to enroll additional license servers into the RMS

    hierarchy

The location of these pipelines is illustrated in Figure 1.

Figure 1. Screen capture illustrating location of RMS certification pipeline.

    Disaster Recovery of Windows Rights Management Services 4

    Microsoft? Windows? Rights Management Services (RMS) for Windows Server 2003? White Paper Licensing pipeline

    The licensing pipeline is for publishing and obtaining licenses for rights-protected information. Users will

    be unable to publish or obtain use licenses when the RMS Licensing server is not functioning. This rule

    applies regardless of whether the content was published online or published by using the CLC.

    Table 2 shows the filenames and the effects on users if the licensing pipeline is unavailable.

Table 2. Filenames and effects on users

    Filenames and the Effects on Users When the Licensing Pipeline is Unavailable

    License.asmx Required to issue use licenses so that applications can open

    rights-protected information for the user Publish.asmx Required to publish rights-protected information and permit

    users to request a CLC to allow offline publishing

Figure 2 illustrates the location of the licensing pipeline.

Figure 2. RMS licensing pipeline

    If the certification server stops working, users will be unable to obtain or renew RACs. Without a valid

    RAC, a user cannot obtain a CLC from the licensing server, nor protect information in an online

    transaction with a Licensing server, nor obtain a use license from a licensing server. RMS client

    systems will be unable to obtain a lockbox if a certification server stops working.

    Certification servers can function as licensing servers. Users will be unable to obtain use licenses for

    any information protected by the certification server if it breaks down.

    To prepare for potential loss of service, consider creating the certification server and sub-enrolled

    licensing server clusters so that the breakdown of any node in a cluster will not have an impact on

    availability of the service. As a best practice, consider building surplus capacity into clusters so that

    Disaster Recovery of Windows Rights Management Services 5

Microsoft? Windows? Rights Management Services (RMS) for Windows Server 2003? White Paper

    faults on any node will not have an impact on overall performance. When installing the first certification

    server and each sub-enrolled licensing server, or the first sub-enrolled licensing server in a cluster,

    carefully record the configuration options and data entered during provisioning.

    Database servers

    The most important components in the RMS system are the database servers that hold the

    configuration database. Each RMS server or cluster of servers uses databases to store configuration

    and logging information. The configuration information is essential to the operation of RMS. These

    databases hold the private and public keys, the rights-protection templates that have been produced,

    and a list of users enrolled within the RMSenabled application. The application consists of three

    databases, as described in Table 3.

    Disaster Recovery of Windows Rights Management Services 6

    Microsoft? Windows? Rights Management Services (RMS) for Windows Server 2003? White Paper Table 3. RMS-enabled application databases

     RMS-enabled Application Databases Config Database Stores all the critical information needed by the RMS service including the public (Configuration) and private key needed for certification and licensing operations.

    If this database becomes unavailable during operation of the RMS server, the RMS

    services can continue to operate because the information the services require

    are cached locally. However, if an event occurs that requires the RMS service to

    interact with the configuration database, such as a new user enrollment or license

    request, the RMS service will encounter an error and the new user will not be able

    to work with right-protected information. If an operation occurs that causes the

    RMS server to discard the cached information, such as restarting the IIS service or

    a scheduled refresh of the local cache, the RMS service will stop working. The

    RMS server will not be able to return to normal service until the configuration

    database is available.

    DirectoryServices Holds cached information about group names and their membership details

    Database obtained from a global catalogue server. There is no noticeable reduction in RMS

    (Directory services when this table is not available for short periods of time. Services)

    Logging If logging has been enabled on the RMS server then this is the database to be

    Database used to store this log. If the database is unavailable, then the log entries will build

    up on the Microsoft Message Queue (MSMQ) service on the RMS server, and will

    use all available disk space unless configured not to do so.

Disaster Recovery of Windows Rights Management Services 7

Microsoft? Windows? Rights Management Services (RMS) for Windows Server 2003? White Paper

    The databases can be found by installing the SQL client tools (if you have chosen to use Microsoft

    SQL Server? 2000 for the database service) and by running Enterprise Manager. Figure 3 illustrates

    the location of the databases.

Figure 3. Location of RMS databases

    If the configuration database becomes corrupted or permanently unavailable, the RMS servers will stop

    working. You can use a backup of this database to restore a previous RMS installation onto a new

    installation of Windows Server 2003.

    Note

    If you provisioned using the default options, which allow you to use a software private

    key, then you must know the private key password that you originally used during

    provisioning. If you are using a Hardware Security Module (HSM), you must duplicate

    your HSM configuration on the new RMS server. Please consult your HSM

    documentation to determine the best way to accomplish this duplication.

    As a best practice, cluster the database servers to provide active-standby, failover protection. Also, regularly back up databases for RMS certification servers and clusters, as well as Licensing servers

    and clusters.

    Another best practice is to use transaction log shipping as a means to maintain a ready, backup database. While this practice might require additional hardware, it enables organizations to recover the

    databases more quickly. Microsoft IT implemented this method for RMS configuration database

    recovery. To accomplish this, select the virtual SQL name when the RMS server is being first

    provisioned. The virtual SQL name enables you to map to the real SQL name by way of domain name

    system (DNS) name mapping. Should the original SQL Server 2000 stop working, you can switch easily

    to the backup SQL Server by changing the DNS name mapping from the original server to the backup

    server. For more information, please see the white paper, Microsoft IT Showcase: Deploying Windows

    Disaster Recovery of Windows Rights Management Services 8

Report this document

For any questions or suggestions please email
cust-service@docsford.com