Planning, Designing & Deploying a Highly Available AD RMS InfrastructureJovita NsohSenior Security ArchitectSecurity Governance & ArchitectureGFS Online Services Security & Compliance (OSSC)Microsoft Corporation

SIA323

A Bit About Me

Jovita Nsoh, MSc., MBACertifications: CITA-P, MCA, MCM, MCSE, CISSP, CISA, CISM

Is a Senior Security ArchitectAt Microsoft’s Online Services Security & Compliance (OSSC)

Security Governance & Architecture Team

Has several years at Microsoft Consulting Services (MCS)Based in Redmond, WA, USA.Contact Email: jovitan@microsoft.com

Microsoft Confidential

Session Objectives and TakeawaysSession Objective(s):

Identify the AD RMS Solution RequirementsDocument the Solution Design SummaryUnderstand, identify and document the solution scope and usage scenariosAD RMS Solution architecture recommendations

Cluster, Policy Templates, AD, Client, Pipelines, Extranet, Firewall, ARMS Server, Logging, AD RMS Security, Communication Dataflow, Backup, Restore and Disaster Recovery Recommendations

Takeaways:Demonstrate how you can build an Enterprise ready, highly redundant and resilient AD-RMS infrastructure for your customer.

AGENDAOverview & Introduction

Deployment Best Practices AD RMS Performance, Sizing and Fault Tolerance

Overview & IntroductionAD RMS Overview

AD RMS ComponentsAD RMS LicensesAD RMS CertificatesInformation FlowBootstrapping

What is AD RMS?

Information Protection technologyAimed at reducing information leakageServer and client componentsIntegrated with Windows, Office, Exchange, SharePoint and moreBased on Symmetric and Public Key CryptographyProtects data at rest, in transit and in useHelps enforce corporate data policies

Problems with unstructured data

Information Leakage Is Costly On Multiple Fronts

Legal, Regulatory &

Financial impacts

Damage to Image & Credibility

Damage to public image and credibility with customersFinancial impact on companyLeaked e-mails or memos can be embarrassing

Cost of digital leakage per year is measured in $ billionsIncreasing number and complexity of regulations, e.g. GLBA, SOX, CA SB 1386 Non-compliance with regulations or loss of data can lead to significant legal fees, fines and/or jail time

Loss of Competitive Advantage

Disclosure of strategic plans, M&A info potentially lead to loss of revenue, market capitalizationLoss of research, analytical data, and other intellectual capital

How does this happen, by who?

Ex-employees, partners, customersOver 1/3 due to negligenceNearly 30% of loss on portable devicesIncreasing loss from external collaboration

Percentage cause of data breach

Cost of Data Breach reportPonemon Institute 2010

Estimated sources of data breach

Global State of Information Security SurveyPriceWaterhouseCoopers 2010

How AD RMS Works

Client and user are “activated”Client creates rights-protected content (offline)User distributes rights-protected contentRecipient acquires licenses from server to decrypt protected informationClient enforces usage policies

How do you protect your sensitive information from unauthorized distribution?

Information Author

RecipientExternal Users

Mobile Devices

USB Drive

Using IRM to avoid data leakage• Encryption provides protection from unauthorized

access• Most effective if it is identity-based

• How you manage encryption is essential• Needs to be independent from content management• Must be integrated with ID management• Must be simple to use• Must be strong, reliable and recoverable

• Encryption is not enough• Users will misuse information if they can• Even trusted users make mistakes• But if policy is clear and not easily circumvented, legitimate users

will follow the policies

AD RMS Workflow

AD RMS Server AD RMS

Protected (Decrypted)

`

RMS Consumer

`

RMS Author

1.

3.

4.

Publishing LicenseBob@abc.com: Read,PrintCathy@abc.com: ReadLawyers@abc.com:Read

Use LicenseBob@abc.com: Read,Print

RMS Protected

(Encrypted)

Consumption

Protection

2.

Machine certAndRAC

5.

Publishing LicenseAndRAC

Author automatically receives AD RMS credentials (“rights account certificate” and “client licensor certificate”) the FIRST TIME they rights-protect information (not on subsequent attempts).

The application works with the AD RMS client to create a “publishing license”, encrypts the file, and appends the publishing license to it.

The AD RMS Author distributes file.

Recipient clicks file to open. The application sends the recipient’s credentials and the publish license to the AD RMS server, which validates the user and issues a “use license.”

Application renders file and enforces rights.

AD RMS Highlights• Robust protection

• AES 128 bits, RSA 1024 bits, HSM support• Extensive client-side enforcement

• Very easy to use• UI integrated with Office products• Authors just select the appropriate option• No action required on consumers of protected

information• No significant need for user technical training

• Transparent operation• Automated certificate and license management• Small traffic and volume overhead• Low infrastructure cost

Protecting information with AD RMS• Users can manually assign rights over a document

• Who can read, print, edit, copy…• Can assign rights to users or groups• Document expiration, programmatic access, other advanced

options• Some applications have pre-defined options

• E.g. Outlooks “Do Not Forward”• Users can also use a pre-built template

• Templates reflect the organization’s security policies• Company Confidential• Managers only• Contains private information• Etc.

• Templates enforce a pre-defined set of rights• Templates are enforced at time of consumption

• Some applications can also automatically apply protection

Microsoft Confidential

AD RMS Breakdown

Persistent

+ PolicyEncryption

Trusted entities

Usage rights and conditions

Encryption

RMS vs EFS vs BitLockerScenario RMS EFS BitLockerProtect my information outside my direct control

Set fine-grained usage policy on my information

Collaborate with others on protected information

Protect my information to my smartcard

Untrusted admin of a file share

Protect information from other users on shared machine

Lost or stolen laptop

Physically insecure branch office server

Local single-user file & folder protection

Secure Collaboration

Protect Yourself

Protect Against Theft

AD RMS & Server Infrastructure

Microsoft AD RMSIndustry leading unstructured data security

Mature solution in the market since 2003Integrated with AD, Office, Exchange, SharePointCore to Microsoft cloud security strategy

RecipientInformation

Author

ActiveDirectory

ViewþEditPrintþ

þ

ViewþEditýPrintý

SQL Server AD RMS

AD RMS Components – Logical view

SQL

OS Platform

Client Platform

Applications

MMC 3.0 Host

Admin Snap-in

Admin Platform

RMS Client RMS Server RMS Administratio

n

ADADFS

SOAP/HTTP SOAP/HTTP

Passive Protocol(HTTP)

WebSSO Agent

System.Data.SqlClient

Native LDAP

WebSSO Redirects

MOM pack

PowerShellOS Platform

Client Platform

Applications

MOM pack

PowerShell

AD RMS and SharePoint• When content is downloaded from a library…

− RMS protection automatically applied− Information still searchable in SharePoint library− SharePoint rights IRM permissions

Recipient

AD RMS

SharePoint

AD RMS & ExchangeWhen users are sending emails unprotected…

Exchange transport rules and Outlook Protection Rules can apply protect email automatically

Based on content (what it says) and context (who its going to) analysisCan consume protected email in IE, Firefox and Safari

RecipientInformation

Author

AD RMS

Exchange

AD RMS and file shares

AD RMS

Windows

File Server

• When content is saved to a network file share...− Bulk Protection Tool secures all content in certain

folders− File Classification Infrastructure (FCI) can automate

classification, RMS and move into SharePoint

InformationAuthor

SharePoint

AD RMS and DLP

Microsoft AD RMS

RSA DLP

R&D department

Marketing department

Others

Endpoints:Laptops/Desktops

File Shares SharePoint

R&D Department

Marketing Department

Others

View, Edit, Print

View No Access

Intellectual Property (IP)template

Find ‘IP’ documents

Apply ‘IP’ AD RMS templateIP Policy

• DLP provides a powerful way to locate and classify your information− Maps AD RMS policy to DLP and therefore to content

AD RMS Topology

Database

Licensing-Only Server

Database

Database

Licensing-Only Server Cluster

AD RMS Root Cluster

AD RMS Topology

The number of AD RMS servers per forest or domain will depend on performance and special requirementsMany scenarios:

One certification + licensing-only clusterOne certification cluster and multiple licensing-only serversMultiple certification servers and one licensing-only serverCombinations

AD RMS Server

Runs on Windows Server 2008Requires IIS with ASP.NETStatelessUses Microsoft Message Queuing

Responsible for transactions to be applied to SQL databaseProvides tolerance when connectivity is lost between AD RMS server and SQL Server

Certification and Licensing AD RMS 2008 R2 SP1 servers

Configuration DatabaseStores, shares, and retrieves the following for a cluster:

Cluster keys (if not using an HSM)All cluster configuration dataRights account certificates (RAC) and their associated identitiesData that is needed to manage

CertificationLicensingPublishing services

Critical for AD RMS operationSome configurations can be edited manually

SQL 2008 R2 Enterprise Cluster

Logging Database

One per AD RMS clusterOne private message queue on each server in the AD RMS cluster for loggingAD RMS logging service transmits data from this message queue to the logging databaseNot critical for operation, never consumed by the service

Used for reporting, troubleshooting, and performance management“append only”

SQL 2008 R2 Enterprise Cluster

Directory Services DatabaseContains cached information about:

UsersIdentifiers (such as email addresses)Security ID (SID)Group membershipAlternate identifiers

Relieves stress on the domain controllers Is recycled on a daily basisNot critical for AD RMS operation

If lost, it is regenerated once the database is restored to a pristine state from a backup

SQL 2008 R2 Enterprise Cluster

Active DirectoryAD RMS contacts Global Catalogs for user and group information

Should be co-located with the AD RMS servers

AD RMS requires email attribute to be populated in usersIn multi-forest scenarios it also requires Exchange Server Schema ExtensionsAD RMS polls AD frequently for group membership information

Across forests it will talk to the local AD RMS in that forest

By default, clients and servers use the Service Connection Point registered in AD to find the Certification Cluster in a forest

32

Domain Controllers

AD RMS Performance, Sizing,Fault Tolerance

ObjectivesUnderstand bottlenecks and scaling factors affecting AD RMSLearn to design AD RMS for scalabilityUnderstand the process for sizing AD RMS adequately for an expected load

34

AD RMS Sizing ConsiderationsSizing AD RMS is about sizing AD RMS clusters (node)Consider licensing performance when determining the size of an AD RMS cluster:

How much content will need to be licensed per hour?Consider steady-state (average) usage Consider peak usage, such as a company-wide executive email

Certification-related load usually negligibleEstablish / Understand Service Level agreements (SLAs)

Aim for sub-second response (Normal)What is "acceptable" in special circumstances?

AD RMS Sizing Considerations (cont.)

AD RMS is EXTREMELY CPU-bound and network intensiveMore than 50% of Workload is cryptographic processingHSMs typically do not provide a performance advantage

Use 64 BitAlmost twice as much performance using 64 bit over 32 bit

Avoid 32 bit servers as much as possible

AD RMS can take advantage of additional memory:AD RMS caches directory lookups on the serverAD RMS also pre-generates key pairs while idle and stores them in-memory

Performance BenchmarkAD RMS was tested using a 2.4 GHz, x64 dual core server with 4 GB RAM.

AD RMS server delivered slightly over 100 licenses per second

AD RMS scales well with CPU count Quad core servers are usually the sweet spot in cost/performance

A few small servers in a cluster are usually sufficient for heavy loads without Hardware Security Module offload

2 GB RAM per AD RMS server is generally sufficient Additional RAM reduces load on DCs and can improve performance

Using Exchange Pre-licensing may significantly affect loadRequires licensing and email to a large number of users within a few minutes

Peak Load Considerations and Examples

# UsersAmount of time to

consume (in hours)

PeakLicense Requests per

min

PeakLicense Requests per

sec

No pre-licensing 50,000 4 209 3.5

Using pre-licensing 50,000 4 16,667 278

• Exchange pre-licensing agent acquires use licenses on delivery, not consumption• Pre-licensing has a default tolerance of approx. three minutes• Significant impact to peak load

• Exchange batches requests, which gains some, though not significant, efficiency

Scaling AD RMSAD RMS is normally scaled by adding processors to servers and servers to clusters

Licensing-only clusters are an inefficient way to scaleHSMs do not increase performance significantlyMemory and disk do not affect performance as much as CPUSQL Server is rarely the bottleneck

Adding servers to a cluster is easyAll configuration data is stored in the databaseLoad balancing needs to be configured appropriately

Clusters only used for certification rarely need dedicated sizing

Certification load is in general a small fraction of the load for clusters doing certification and licensingClusters used exclusively for certification have generally minimal requirements

Sizing AD RMS Guidelines

Typical 64 bit CPU can process ~50 licenses/second per core (without HSM assistance)

Some complex licenses might be heavier

HSM assistance does not significantly improve overall performance

32 bit CPUs are considerably slower than x64

AD RMS scales linearly up to about 8 cores per serverAbove 8 cores: It is more efficient to add servers100Mbps network usually becomes the bottleneck above 4 coresHyper threading does not provide an advantage

Sizing AD RMS Process

Certification-only clustersRarely stressed

Even the most basic server should handle the highest load for typical environments

Certification+licensing or licensing-only clustersCalculate peak load

Calculate # of CPU cores needed

Calculate # of servers needed

Specify memory and disk for servers

Add margins and define cluster size

Type Number

Internal AD RMS Users (Regular employee) 47,000

External AD RMS Users (Temporary users, and others)

3,000

Guest 0

Total 50,000

The Number of AD RMS Users

Real World Example

The Number of AD RMS client Computers

Real World ExampleType Number

Desktop Computer 47,000

NON domain joined Computer 3,000

Type NumberWindows 7 47,000Windows XP Professional 3,000

RMS protected document

Viewer #of Viewings per day/per person

# of Viewings Total per day

Note

Word, Excel, PPT 47,000(Internal AD RMS Users)

5 47,000  

Outlook 47,000 (Internal AD RMS Users)

5 47,000  

Word, Excel, PPT 3,000(external AD RMS Users)

10 30,000  

The Volume of the AD RMS protected document viewed

Real World ExampleHardware

Recommendations

Model DL 380G7

CPU Server with dual Quad core CPU

Memory 8 GB of RAM

Hard Disk

3x 146GB Drives in RAID-1 configuration

NLB Hardware Load Balancer to be supplied by Halliburton

NIC Two Network Interfaces at 1000mbps

Hardware

Recommendations

Model DL 380G7CPU Server with dual Quad core CPUMemory 16 GB of RAMHard Disk

3x 146GB SAS Drives. SAN Storage

NLB Hardware Load Balancer to be supplied by HalliburtonNIC Two Network Interfaces at 1000mbps

SQL Server Hardware and Components

AD RMS Server Hardware and Components

Process for Sizing AD RMS

Obtain peak licenses per secondDivide by 50This yields the number of 64-bit cores (double for 32-bit cores)Divide by number of cores in standard server Typical web servers make for good AD RMS serversObtain number of serversRepeat for other clusters

Server specificationsAD RMS servers

CPUs as defined earlier

Up to 8 x64 cores is most efficient

Virtualization is OK

Memory: 2GB is typically enough

Disk: minimal requirements for OS

Database Servers

Dual Core is OK for most scenarios

4GB RAM recommended

High volume of reporting may require more CPU and memory

Can be put in cluster

Not strictly necessary as AD RMS can retain some functionality while DB is down

Estimating Average Load

Average load will be used mostly for calculating space needed for loggingAverage load per user can be approximated by multiplying the total number of documents consumed per user by the expected percentage that will be protected

Documents and emails should in general be calculated separately and then addedMultiply this number by the number of users

Pre-licensing in Exchange and protection through SharePoint libraries might affect the calculation

A license is needed even for what you don’t read

Estimating Average Load – ExampleItem Estimate

Number of Users 100,000

E-mails read per day per user 75

Number of e-mail messages per day

7,500,000

Percentage of messages with AD RMS protection

10%

Estimating Average Load – Example (cont.)AD RMS Messages

per day 750,000

per hour (10 hour day) 75,000

per minute 1250

per second 21

Calculating Average LoadAverage RMS load (for calculating logging DB size)# of Users 12,000 usersAverage emails sent individually per day per user 20 emailsNumber of average recipients in individual emails 3 recipientsAverage emails sent to DLs per day per user 1 emailsNumber of average recipients in a DL 10 recipients% of emails sent individually to be protected 5%% of emails sent to DLs to be protected 1%% of email in DLs that's read 75%

Number of documents created/edited per user per day 20 documentsNumber of documents read per user per day 20 documents% of documents to be protected manually 10%

Number of documents downloaded from protected sharepoint libraries per user per day 0 documentsExchange pre-licensing in use TRUE

Protected individual messages licenses per user

Protected DL messages licenses per user

# of protected emails sent per day 12,120 1 0.01# of protected emails read per day 37,200 3 0.1

Documents manually protected

# of protected documents read per day (does not include attachments) 24,000 2

# of licenses issued per day 61,200# of licenses issued per month 1,836,000

9180000000 Bytes /mo8964843.75 KB/mo8754.73022 MB/mo8.54954123 GB/mo0.00834916 TB / mo

Attachments don't need to be counted as they are not independently licensed

Estimating Peak LoadPeak load is used to size AD RMS clustersTwo methods:

1) Calculate average load and apply scaling factors for peak days and peak hours

Useful when average rate of document and email protection is high or when document protection is more significant than email protection

2) Consider worst case burst eventUseful when average ratio of document and email protection is low, and one time events can significantly affect loadMost common scenario

Estimating Peak Load – Method 1Calculate average load

# emails read + sent per day (consider DLs if using Pre-licensing)% emails protected# documents read/modified per day% documents protectedCalculate average licenses/second, L

Calculate load at peak daysX% of operations performed in those daysDivide by the number of days, DPeak Day=L*(X/100)/(D/365)

Calculate peak hoursY% of operations performed in peak hours (consider global environment)Divide by the number of hours HPeak Hours=Peak Day*(Y/100)/(H/24)

Calculating Peak Load - Method 1# Licenses on peak days 372,300

% of operations performed in peak hours 50%Number of peak hours per day 4# peak licenses per hour 46,538# peak licenses per second 13

Estimating Peak Load – Method 2Calculate worst case scenario:

One person sends a protected message to the whole organizationA few organization-wide protected responses

If pre-licensing is used, all messages and documents will be licensed within a few hours

Applying Method 2# of Users 45,000 users

# protected responses seen by each user on average 0 responsesExchange Pre-licensing in use? TRUETimespan (hours) during which users will read the original message 6 hoursMinutes to pre-license all emails 3 minutes

Seconds available to license all messages 180 seconds# of licenses to issue 45,000 licensesPeak licenses per second 250 licenses per second

Impact of Pre-licensingPre-licensing is required for several Exchange IRM featuresHas a tolerance of 3 minutesWith Pre-licensing, AD RMS must issue all use licenses for a message within 3 minutes of it being sent

Without pre-licensing, AD RMS issues use licenses as messages are consumed

Without Pre-licensingUsing Pre-licensing UL

ULUL

Calculating # of servers on a cluster

# of CPU cores needed 5# of servers (including spare) 3

Assumptions: 50 licenses per second for x6425 licenses per second for x86

Network Impact

Some additional network traffic will be generatedUse License Request 60KUse License Response 30KTotal: 90K Complex licenses might be larger

Server Network Card should not saturateQuad Core CPU will do 200 transactions per secondEach Transaction is 90KNIC load should not exceed :

18,000K -> 18 MB -> 144Mbits per secondServer NICs should be 1,000MbitsSSL Assist might be beneficial in high load environments

Consider network to DCs

Under peak load situations, traffic to/from GCs might be significantConsider putting a Global Catalog near the AD RMS cluster

AD RMS Database ServersConfiguration Database

Contains critical information, public/private keys, templates, RACsIf unavailable, some operations may continue, but no new usersNeeded for AD RMS boot

Directory Services DatabaseContains cached Active Directory informationNo significant impact when unavailable for short period of timeNot persistentContent will be automatically repopulated if the DB is restored to initial state

Logging DatabaseStores log of activity if enabledNot critical for service operationNecessary for analysis and reporting

Database GrowthConfiguration and Directory Services Cache databases remain stable over time

Need defragmentation, but they do not grow significantly

Configuration database: 3MB+2KB per user certification

DS Cache database: approximately 8KB per user and per group, varying depending on the complexity of groups

Logging DB: about 5KB per licensing transaction when including copies of certificates

Default in WS 2008Significantly more (250KB per transaction) if certificates are logged

Certifications take slightly more than 5KB per transaction

Database schema in Windows Server 2008 and 2008 R2 have been highly normalized

Database Growth (cont.)Use average load as calculated to estimate logging database size

1 Million transactions take 5GB in the default configuration

250GB space when logging certificates,

Database can be purged periodically

Consider a consolidated archival database for reporting and investigation

Log Maintenance Options

Disable loggingLose potential benefits of logging (Reporting, Audit, Troubleshooting)

Enable Log FilteringWhat is logged can be tuned in detailSettings in configuration database

Not logging certificatesSignificant savings from not logging XrML text (the default)Logging certificates might be necessary in certain situations but can be enabled on demand

Log Maintenance Options (cont.)

Log ConsolidationConsolidate partial logs from multiple clusters in central databaseDiscard data not useful in the long termRun custom reports from this DB

Log Trimming Identifies all records in the logging database that are older than a specified ageImplemented by script or stored procedureKeeps local logging database at a constant volume over time

AD RMS DB planningDetails

Database Size Planninghttp://technet.microsoft.com/en-us/library/cc747731.aspx

Estimate Database Growth http://technet.microsoft.com/en-us/library/cc747585.aspx

Maintaining Logging Databasehttp://technet.microsoft.com/en-us/library/cc747691.aspx

65

AD RMS Archiving (Cont.)Considerations

AD RMS Performance inside MSIT implementationhttp://technet.microsoft.com/en-us/library/dd941589(WS.10).aspx

MSIT Purging Database Example http://technet.microsoft.com/en-us/library/dd941624(WS.10).aspx

66

AD RMS Disaster Recovery

Planning AD RMS Database ServersBacking Up AD RMSRestoring AD RMS

Making AD RMS Highly Available While AD RMS might be a critical service, minor server downtime is typically not a huge problem

Users can mostly continue to work thanks to pre-licensing, caching, and offline publishing

To make the service highly available, load-balance multiple servers on each clusterGeographical distribution of RMS nodes is usually effective

Load balance between locationsYou must confirm a strong connection to RMS DB

Latency to the DB should not exceed 100ms

Making AD RMS Highly Available (cont.) The database can also have downtime without much impact

Functionality lost during DB downtime is:

New user certificationReportingConfiguration changesRebooting AD RMS nodesPre-licensing and Exchange IRM features dependent on Pre-licensing (OWA, Transport Decryption, Journaling, EAS IRM)

Will retry licensing at the time of consumption

DB servers can still be made highly available through clusters or log shipping

Though a proper backup schedule is usually a good substitute

Note: Clustering for the database does not help if the DB content is corrupt or broken

Backing Up AD RMS

• AD RMS certification cluster configuration database• Each AD RMS licensing cluster configuration database• Trusted Publishing Domain

To back up AD RMS, back up:

• Logging DB: daily or as the acceptable logging information loss dictates. Frequent local backup of transaction logs

• DS Cache: whenever AD RMS version changes or servers are installed

• The logging database content should be migrated to an archival database

Back up as required

depending on volume and

policy of organization

Restoring AD RMS

• Reinstall server, add to existing clusterIf AD RMS server fails

• Reinstall Windows, SQL Server, restore DB backup• If node is corrupt or damaged, reinstall AD RMS server(s)

adding them to the same cluster. Might ask for private key password

If SQL Server fails and no SQL

cluster

• Provides flexibility when restoring server to new host name

Best practice: Use cluster name for AD RMS cluster

Restoring AD RMS: Only Server in Cluster

• AD RMS needs to connect to the original DB and you need to provide the Cluster Key Password

Reprovision the server with original

DB

• Choose Join when prompted to Join or create a new cluster

• A new logging database will be created if needed

While reinstalling AD RMS, the original

configuration database will be

detected

• Must keep service connection point in Active Directory for provisioning

• If SCP is not present, setup will try to create a new cluster

If the root certification cluster is being reinstalled

Database Backup OptionsFailover cluster

Provides immediate recoveryDoes not protect against data-centric failuresNot an efficient use of resources

Log backupWe recommend running databases in full recovery modeA daily full backup is reasonable for most environmentsConsider your recovery needs and acceptable loss levelsBackups should be tested and contain hardware spares to rebuild the DB, if necessary

Log Shipping Sends copies of the transaction logs to a remote instance of the databaseUseful when logging information loss must be minimizedEnables up-to-the-minute recovery and recovery to other points in time (before database corruption, for example)Provides a “warm standby” database

Log MirroringNot officially supportedReplicate data between DBsDatabases can be in different locations

Database Disaster Recovery Architecture

Site A Site B

Log Shipping

DB CNAME

In Review: Session Objectives and Takeaways

Session Objective(s): To be able to deploy AD RMS in complex situations.To be able to support AD RMS integrated with Exchange 2010 when it doesn’t work as expected

Show how Exchange 2010 SP1 provide significant value to customers implementing information protection… something on the cloud …

Related Content

Breakout Sessions/Chalk TalksSession Codes and Titles

WebcastsSession Codes and Titles

Instructor-led LabsSession Codes and Titles

Hands-on LabsHands-on Lab Codes and Titles

Competitive ContentCompetitive Content related to your topic area (Session Codes and Titles)

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

demo

Making a GUI Tool

Reminder!

Watch my Twitter feed @concentrateddon for the download URL for these scriptsThe GUI builder I’ve been using is SAPIEN PrimalForms (www.sapien.com); they’re in the Expo hall if you’d like to talk to them. A free Community Edition is available.

Any Final Questions?

I’ll also be hanging out at the Expo HallPlease drop by and let me know what you think, or ask follow-up questions!You can post questions to me at here Or email me: jovitan@microsoft.comThank you!

Related Content

XXXXXX :

XXXXXX:

XXXXXX:

XXXXXX: Deep Dive on Windows Server Active Directory Shell

Find Me Later in the Expo Hall!

Track Resources

Resource 1

Resource 2

Resource 3

Resource 4

Required Slide *delete this box when your slide is finalized

Track PMs will supply the content for this slide, which will be inserted during the final scrub.

Resources

Connect. Share. Discuss.

http://northamerica.msteched.com

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Resources for Developers

http://microsoft.com/msdn

Complete an evaluation on CommNet and enter to win!

MS Tag

Scan the Tagto evaluate thissession now onmyTechEd Mobile

Required Slide *delete this box when your slide is finalized

Your MS Tag will be inserted here during the final scrub.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.