Upload
della-henry
View
214
Download
1
Tags:
Embed Size (px)
Citation preview
Planning, Designing & Deploying a Highly Available AD RMS InfrastructureJovita NsohSenior Security ArchitectSecurity Governance & ArchitectureGFS Online Services Security & Compliance (OSSC)Microsoft Corporation
SIA323
A Bit About Me
Jovita Nsoh, MSc., MBACertifications: CITA-P, MCA, MCM, MCSE, CISSP, CISA, CISM
Is a Senior Security ArchitectAt Microsoft’s Online Services Security & Compliance (OSSC)
Security Governance & Architecture Team
Has several years at Microsoft Consulting Services (MCS)Based in Redmond, WA, USA.Contact Email: [email protected]
Microsoft Confidential
Session Objectives and TakeawaysSession Objective(s):
Identify the AD RMS Solution RequirementsDocument the Solution Design SummaryUnderstand, identify and document the solution scope and usage scenariosAD RMS Solution architecture recommendations
Cluster, Policy Templates, AD, Client, Pipelines, Extranet, Firewall, ARMS Server, Logging, AD RMS Security, Communication Dataflow, Backup, Restore and Disaster Recovery Recommendations
Takeaways:Demonstrate how you can build an Enterprise ready, highly redundant and resilient AD-RMS infrastructure for your customer.
AGENDAOverview & Introduction
Deployment Best Practices AD RMS Performance, Sizing and Fault Tolerance
Overview & IntroductionAD RMS Overview
AD RMS ComponentsAD RMS LicensesAD RMS CertificatesInformation FlowBootstrapping
What is AD RMS?
Information Protection technologyAimed at reducing information leakageServer and client componentsIntegrated with Windows, Office, Exchange, SharePoint and moreBased on Symmetric and Public Key CryptographyProtects data at rest, in transit and in useHelps enforce corporate data policies
Problems with unstructured data
Information Leakage Is Costly On Multiple Fronts
Legal, Regulatory &
Financial impacts
Damage to Image & Credibility
Damage to public image and credibility with customersFinancial impact on companyLeaked e-mails or memos can be embarrassing
Cost of digital leakage per year is measured in $ billionsIncreasing number and complexity of regulations, e.g. GLBA, SOX, CA SB 1386 Non-compliance with regulations or loss of data can lead to significant legal fees, fines and/or jail time
Loss of Competitive Advantage
Disclosure of strategic plans, M&A info potentially lead to loss of revenue, market capitalizationLoss of research, analytical data, and other intellectual capital
How does this happen, by who?
Ex-employees, partners, customersOver 1/3 due to negligenceNearly 30% of loss on portable devicesIncreasing loss from external collaboration
Percentage cause of data breach
Cost of Data Breach reportPonemon Institute 2010
Estimated sources of data breach
Global State of Information Security SurveyPriceWaterhouseCoopers 2010
How AD RMS Works
Client and user are “activated”Client creates rights-protected content (offline)User distributes rights-protected contentRecipient acquires licenses from server to decrypt protected informationClient enforces usage policies
How do you protect your sensitive information from unauthorized distribution?
Information Author
RecipientExternal Users
Mobile Devices
USB Drive
Using IRM to avoid data leakage• Encryption provides protection from unauthorized
access• Most effective if it is identity-based
• How you manage encryption is essential• Needs to be independent from content management• Must be integrated with ID management• Must be simple to use• Must be strong, reliable and recoverable
• Encryption is not enough• Users will misuse information if they can• Even trusted users make mistakes• But if policy is clear and not easily circumvented, legitimate users
will follow the policies
AD RMS Workflow
AD RMS Server AD RMS
Protected (Decrypted)
`
RMS Consumer
`
RMS Author
1.
3.
4.
Publishing [email protected]: Read,[email protected]: [email protected]:Read
Use [email protected]: Read,Print
RMS Protected
(Encrypted)
Consumption
Protection
2.
Machine certAndRAC
5.
Publishing LicenseAndRAC
Author automatically receives AD RMS credentials (“rights account certificate” and “client licensor certificate”) the FIRST TIME they rights-protect information (not on subsequent attempts).
The application works with the AD RMS client to create a “publishing license”, encrypts the file, and appends the publishing license to it.
The AD RMS Author distributes file.
Recipient clicks file to open. The application sends the recipient’s credentials and the publish license to the AD RMS server, which validates the user and issues a “use license.”
Application renders file and enforces rights.
AD RMS Highlights• Robust protection
• AES 128 bits, RSA 1024 bits, HSM support• Extensive client-side enforcement
• Very easy to use• UI integrated with Office products• Authors just select the appropriate option• No action required on consumers of protected
information• No significant need for user technical training
• Transparent operation• Automated certificate and license management• Small traffic and volume overhead• Low infrastructure cost
Protecting information with AD RMS• Users can manually assign rights over a document
• Who can read, print, edit, copy…• Can assign rights to users or groups• Document expiration, programmatic access, other advanced
options• Some applications have pre-defined options
• E.g. Outlooks “Do Not Forward”• Users can also use a pre-built template
• Templates reflect the organization’s security policies• Company Confidential• Managers only• Contains private information• Etc.
• Templates enforce a pre-defined set of rights• Templates are enforced at time of consumption
• Some applications can also automatically apply protection
Microsoft Confidential
AD RMS Breakdown
Persistent
+ PolicyEncryption
Trusted entities
Usage rights and conditions
Encryption
RMS vs EFS vs BitLockerScenario RMS EFS BitLockerProtect my information outside my direct control
Set fine-grained usage policy on my information
Collaborate with others on protected information
Protect my information to my smartcard
Untrusted admin of a file share
Protect information from other users on shared machine
Lost or stolen laptop
Physically insecure branch office server
Local single-user file & folder protection
Secure Collaboration
Protect Yourself
Protect Against Theft
AD RMS & Server Infrastructure
Microsoft AD RMSIndustry leading unstructured data security
Mature solution in the market since 2003Integrated with AD, Office, Exchange, SharePointCore to Microsoft cloud security strategy
RecipientInformation
Author
ActiveDirectory
ViewþEditPrintþ
þ
ViewþEditýPrintý
SQL Server AD RMS
AD RMS Components – Logical view
SQL
OS Platform
Client Platform
Applications
MMC 3.0 Host
Admin Snap-in
Admin Platform
RMS Client RMS Server RMS Administratio
n
ADADFS
SOAP/HTTP SOAP/HTTP
Passive Protocol(HTTP)
WebSSO Agent
System.Data.SqlClient
Native LDAP
WebSSO Redirects
MOM pack
PowerShellOS Platform
Client Platform
Applications
MOM pack
PowerShell
AD RMS and SharePoint• When content is downloaded from a library…
− RMS protection automatically applied− Information still searchable in SharePoint library− SharePoint rights IRM permissions
Recipient
AD RMS
SharePoint
AD RMS & ExchangeWhen users are sending emails unprotected…
Exchange transport rules and Outlook Protection Rules can apply protect email automatically
Based on content (what it says) and context (who its going to) analysisCan consume protected email in IE, Firefox and Safari
RecipientInformation
Author
AD RMS
Exchange
AD RMS and file shares
AD RMS
Windows
File Server
• When content is saved to a network file share...− Bulk Protection Tool secures all content in certain
folders− File Classification Infrastructure (FCI) can automate
classification, RMS and move into SharePoint
InformationAuthor
SharePoint
AD RMS and DLP
Microsoft AD RMS
RSA DLP
R&D department
Marketing department
Others
Endpoints:Laptops/Desktops
File Shares SharePoint
R&D Department
Marketing Department
Others
View, Edit, Print
View No Access
Intellectual Property (IP)template
Find ‘IP’ documents
Apply ‘IP’ AD RMS templateIP Policy
• DLP provides a powerful way to locate and classify your information− Maps AD RMS policy to DLP and therefore to content
AD RMS Topology
Database
Licensing-Only Server
Database
Database
Licensing-Only Server Cluster
AD RMS Root Cluster
AD RMS Topology
The number of AD RMS servers per forest or domain will depend on performance and special requirementsMany scenarios:
One certification + licensing-only clusterOne certification cluster and multiple licensing-only serversMultiple certification servers and one licensing-only serverCombinations
AD RMS Server
Runs on Windows Server 2008Requires IIS with ASP.NETStatelessUses Microsoft Message Queuing
Responsible for transactions to be applied to SQL databaseProvides tolerance when connectivity is lost between AD RMS server and SQL Server
Certification and Licensing AD RMS 2008 R2 SP1 servers
Configuration DatabaseStores, shares, and retrieves the following for a cluster:
Cluster keys (if not using an HSM)All cluster configuration dataRights account certificates (RAC) and their associated identitiesData that is needed to manage
CertificationLicensingPublishing services
Critical for AD RMS operationSome configurations can be edited manually
SQL 2008 R2 Enterprise Cluster
Logging Database
One per AD RMS clusterOne private message queue on each server in the AD RMS cluster for loggingAD RMS logging service transmits data from this message queue to the logging databaseNot critical for operation, never consumed by the service
Used for reporting, troubleshooting, and performance management“append only”
SQL 2008 R2 Enterprise Cluster
Directory Services DatabaseContains cached information about:
UsersIdentifiers (such as email addresses)Security ID (SID)Group membershipAlternate identifiers
Relieves stress on the domain controllers Is recycled on a daily basisNot critical for AD RMS operation
If lost, it is regenerated once the database is restored to a pristine state from a backup
SQL 2008 R2 Enterprise Cluster
Active DirectoryAD RMS contacts Global Catalogs for user and group information
Should be co-located with the AD RMS servers
AD RMS requires email attribute to be populated in usersIn multi-forest scenarios it also requires Exchange Server Schema ExtensionsAD RMS polls AD frequently for group membership information
Across forests it will talk to the local AD RMS in that forest
By default, clients and servers use the Service Connection Point registered in AD to find the Certification Cluster in a forest
32
Domain Controllers
AD RMS Performance, Sizing,Fault Tolerance
ObjectivesUnderstand bottlenecks and scaling factors affecting AD RMSLearn to design AD RMS for scalabilityUnderstand the process for sizing AD RMS adequately for an expected load
34
AD RMS Sizing ConsiderationsSizing AD RMS is about sizing AD RMS clusters (node)Consider licensing performance when determining the size of an AD RMS cluster:
How much content will need to be licensed per hour?Consider steady-state (average) usage Consider peak usage, such as a company-wide executive email
Certification-related load usually negligibleEstablish / Understand Service Level agreements (SLAs)
Aim for sub-second response (Normal)What is "acceptable" in special circumstances?
AD RMS Sizing Considerations (cont.)
AD RMS is EXTREMELY CPU-bound and network intensiveMore than 50% of Workload is cryptographic processingHSMs typically do not provide a performance advantage
Use 64 BitAlmost twice as much performance using 64 bit over 32 bit
Avoid 32 bit servers as much as possible
AD RMS can take advantage of additional memory:AD RMS caches directory lookups on the serverAD RMS also pre-generates key pairs while idle and stores them in-memory
Performance BenchmarkAD RMS was tested using a 2.4 GHz, x64 dual core server with 4 GB RAM.
AD RMS server delivered slightly over 100 licenses per second
AD RMS scales well with CPU count Quad core servers are usually the sweet spot in cost/performance
A few small servers in a cluster are usually sufficient for heavy loads without Hardware Security Module offload
2 GB RAM per AD RMS server is generally sufficient Additional RAM reduces load on DCs and can improve performance
Using Exchange Pre-licensing may significantly affect loadRequires licensing and email to a large number of users within a few minutes
Peak Load Considerations and Examples
# UsersAmount of time to
consume (in hours)
PeakLicense Requests per
min
PeakLicense Requests per
sec
No pre-licensing 50,000 4 209 3.5
Using pre-licensing 50,000 4 16,667 278
• Exchange pre-licensing agent acquires use licenses on delivery, not consumption• Pre-licensing has a default tolerance of approx. three minutes• Significant impact to peak load
• Exchange batches requests, which gains some, though not significant, efficiency
Scaling AD RMSAD RMS is normally scaled by adding processors to servers and servers to clusters
Licensing-only clusters are an inefficient way to scaleHSMs do not increase performance significantlyMemory and disk do not affect performance as much as CPUSQL Server is rarely the bottleneck
Adding servers to a cluster is easyAll configuration data is stored in the databaseLoad balancing needs to be configured appropriately
Clusters only used for certification rarely need dedicated sizing
Certification load is in general a small fraction of the load for clusters doing certification and licensingClusters used exclusively for certification have generally minimal requirements
Sizing AD RMS Guidelines
Typical 64 bit CPU can process ~50 licenses/second per core (without HSM assistance)
Some complex licenses might be heavier
HSM assistance does not significantly improve overall performance
32 bit CPUs are considerably slower than x64
AD RMS scales linearly up to about 8 cores per serverAbove 8 cores: It is more efficient to add servers100Mbps network usually becomes the bottleneck above 4 coresHyper threading does not provide an advantage
Sizing AD RMS Process
Certification-only clustersRarely stressed
Even the most basic server should handle the highest load for typical environments
Certification+licensing or licensing-only clustersCalculate peak load
Calculate # of CPU cores needed
Calculate # of servers needed
Specify memory and disk for servers
Add margins and define cluster size
Type Number
Internal AD RMS Users (Regular employee) 47,000
External AD RMS Users (Temporary users, and others)
3,000
Guest 0
Total 50,000
The Number of AD RMS Users
Real World Example
The Number of AD RMS client Computers
Real World ExampleType Number
Desktop Computer 47,000
NON domain joined Computer 3,000
Type NumberWindows 7 47,000Windows XP Professional 3,000
RMS protected document
Viewer #of Viewings per day/per person
# of Viewings Total per day
Note
Word, Excel, PPT 47,000(Internal AD RMS Users)
5 47,000
Outlook 47,000 (Internal AD RMS Users)
5 47,000
Word, Excel, PPT 3,000(external AD RMS Users)
10 30,000
The Volume of the AD RMS protected document viewed
Real World ExampleHardware
Recommendations
Model DL 380G7
CPU Server with dual Quad core CPU
Memory 8 GB of RAM
Hard Disk
3x 146GB Drives in RAID-1 configuration
NLB Hardware Load Balancer to be supplied by Halliburton
NIC Two Network Interfaces at 1000mbps
Hardware
Recommendations
Model DL 380G7CPU Server with dual Quad core CPUMemory 16 GB of RAMHard Disk
3x 146GB SAS Drives. SAN Storage
NLB Hardware Load Balancer to be supplied by HalliburtonNIC Two Network Interfaces at 1000mbps
SQL Server Hardware and Components
AD RMS Server Hardware and Components
Process for Sizing AD RMS
Obtain peak licenses per secondDivide by 50This yields the number of 64-bit cores (double for 32-bit cores)Divide by number of cores in standard server Typical web servers make for good AD RMS serversObtain number of serversRepeat for other clusters
Server specificationsAD RMS servers
CPUs as defined earlier
Up to 8 x64 cores is most efficient
Virtualization is OK
Memory: 2GB is typically enough
Disk: minimal requirements for OS
Database Servers
Dual Core is OK for most scenarios
4GB RAM recommended
High volume of reporting may require more CPU and memory
Can be put in cluster
Not strictly necessary as AD RMS can retain some functionality while DB is down
Estimating Average Load
Average load will be used mostly for calculating space needed for loggingAverage load per user can be approximated by multiplying the total number of documents consumed per user by the expected percentage that will be protected
Documents and emails should in general be calculated separately and then addedMultiply this number by the number of users
Pre-licensing in Exchange and protection through SharePoint libraries might affect the calculation
A license is needed even for what you don’t read
Estimating Average Load – ExampleItem Estimate
Number of Users 100,000
E-mails read per day per user 75
Number of e-mail messages per day
7,500,000
Percentage of messages with AD RMS protection
10%
Estimating Average Load – Example (cont.)AD RMS Messages
per day 750,000
per hour (10 hour day) 75,000
per minute 1250
per second 21
Calculating Average LoadAverage RMS load (for calculating logging DB size)# of Users 12,000 usersAverage emails sent individually per day per user 20 emailsNumber of average recipients in individual emails 3 recipientsAverage emails sent to DLs per day per user 1 emailsNumber of average recipients in a DL 10 recipients% of emails sent individually to be protected 5%% of emails sent to DLs to be protected 1%% of email in DLs that's read 75%
Number of documents created/edited per user per day 20 documentsNumber of documents read per user per day 20 documents% of documents to be protected manually 10%
Number of documents downloaded from protected sharepoint libraries per user per day 0 documentsExchange pre-licensing in use TRUE
Protected individual messages licenses per user
Protected DL messages licenses per user
# of protected emails sent per day 12,120 1 0.01# of protected emails read per day 37,200 3 0.1
Documents manually protected
# of protected documents read per day (does not include attachments) 24,000 2
# of licenses issued per day 61,200# of licenses issued per month 1,836,000
9180000000 Bytes /mo8964843.75 KB/mo8754.73022 MB/mo8.54954123 GB/mo0.00834916 TB / mo
Attachments don't need to be counted as they are not independently licensed
Estimating Peak LoadPeak load is used to size AD RMS clustersTwo methods:
1) Calculate average load and apply scaling factors for peak days and peak hours
Useful when average rate of document and email protection is high or when document protection is more significant than email protection
2) Consider worst case burst eventUseful when average ratio of document and email protection is low, and one time events can significantly affect loadMost common scenario
Estimating Peak Load – Method 1Calculate average load
# emails read + sent per day (consider DLs if using Pre-licensing)% emails protected# documents read/modified per day% documents protectedCalculate average licenses/second, L
Calculate load at peak daysX% of operations performed in those daysDivide by the number of days, DPeak Day=L*(X/100)/(D/365)
Calculate peak hoursY% of operations performed in peak hours (consider global environment)Divide by the number of hours HPeak Hours=Peak Day*(Y/100)/(H/24)
Calculating Peak Load - Method 1# Licenses on peak days 372,300
% of operations performed in peak hours 50%Number of peak hours per day 4# peak licenses per hour 46,538# peak licenses per second 13
Estimating Peak Load – Method 2Calculate worst case scenario:
One person sends a protected message to the whole organizationA few organization-wide protected responses
If pre-licensing is used, all messages and documents will be licensed within a few hours
Applying Method 2# of Users 45,000 users
# protected responses seen by each user on average 0 responsesExchange Pre-licensing in use? TRUETimespan (hours) during which users will read the original message 6 hoursMinutes to pre-license all emails 3 minutes
Seconds available to license all messages 180 seconds# of licenses to issue 45,000 licensesPeak licenses per second 250 licenses per second
Impact of Pre-licensingPre-licensing is required for several Exchange IRM featuresHas a tolerance of 3 minutesWith Pre-licensing, AD RMS must issue all use licenses for a message within 3 minutes of it being sent
Without pre-licensing, AD RMS issues use licenses as messages are consumed
Without Pre-licensingUsing Pre-licensing UL
ULUL
Calculating # of servers on a cluster
# of CPU cores needed 5# of servers (including spare) 3
Assumptions: 50 licenses per second for x6425 licenses per second for x86
Network Impact
Some additional network traffic will be generatedUse License Request 60KUse License Response 30KTotal: 90K Complex licenses might be larger
Server Network Card should not saturateQuad Core CPU will do 200 transactions per secondEach Transaction is 90KNIC load should not exceed :
18,000K -> 18 MB -> 144Mbits per secondServer NICs should be 1,000MbitsSSL Assist might be beneficial in high load environments
Consider network to DCs
Under peak load situations, traffic to/from GCs might be significantConsider putting a Global Catalog near the AD RMS cluster
AD RMS Database ServersConfiguration Database
Contains critical information, public/private keys, templates, RACsIf unavailable, some operations may continue, but no new usersNeeded for AD RMS boot
Directory Services DatabaseContains cached Active Directory informationNo significant impact when unavailable for short period of timeNot persistentContent will be automatically repopulated if the DB is restored to initial state
Logging DatabaseStores log of activity if enabledNot critical for service operationNecessary for analysis and reporting
Database GrowthConfiguration and Directory Services Cache databases remain stable over time
Need defragmentation, but they do not grow significantly
Configuration database: 3MB+2KB per user certification
DS Cache database: approximately 8KB per user and per group, varying depending on the complexity of groups
Logging DB: about 5KB per licensing transaction when including copies of certificates
Default in WS 2008Significantly more (250KB per transaction) if certificates are logged
Certifications take slightly more than 5KB per transaction
Database schema in Windows Server 2008 and 2008 R2 have been highly normalized
Database Growth (cont.)Use average load as calculated to estimate logging database size
1 Million transactions take 5GB in the default configuration
250GB space when logging certificates,
Database can be purged periodically
Consider a consolidated archival database for reporting and investigation
Log Maintenance Options
Disable loggingLose potential benefits of logging (Reporting, Audit, Troubleshooting)
Enable Log FilteringWhat is logged can be tuned in detailSettings in configuration database
Not logging certificatesSignificant savings from not logging XrML text (the default)Logging certificates might be necessary in certain situations but can be enabled on demand
Log Maintenance Options (cont.)
Log ConsolidationConsolidate partial logs from multiple clusters in central databaseDiscard data not useful in the long termRun custom reports from this DB
Log Trimming Identifies all records in the logging database that are older than a specified ageImplemented by script or stored procedureKeeps local logging database at a constant volume over time
AD RMS DB planningDetails
Database Size Planninghttp://technet.microsoft.com/en-us/library/cc747731.aspx
Estimate Database Growth http://technet.microsoft.com/en-us/library/cc747585.aspx
Maintaining Logging Databasehttp://technet.microsoft.com/en-us/library/cc747691.aspx
65
AD RMS Archiving (Cont.)Considerations
AD RMS Performance inside MSIT implementationhttp://technet.microsoft.com/en-us/library/dd941589(WS.10).aspx
MSIT Purging Database Example http://technet.microsoft.com/en-us/library/dd941624(WS.10).aspx
66
AD RMS Disaster Recovery
Planning AD RMS Database ServersBacking Up AD RMSRestoring AD RMS
Making AD RMS Highly Available While AD RMS might be a critical service, minor server downtime is typically not a huge problem
Users can mostly continue to work thanks to pre-licensing, caching, and offline publishing
To make the service highly available, load-balance multiple servers on each clusterGeographical distribution of RMS nodes is usually effective
Load balance between locationsYou must confirm a strong connection to RMS DB
Latency to the DB should not exceed 100ms
Making AD RMS Highly Available (cont.) The database can also have downtime without much impact
Functionality lost during DB downtime is:
New user certificationReportingConfiguration changesRebooting AD RMS nodesPre-licensing and Exchange IRM features dependent on Pre-licensing (OWA, Transport Decryption, Journaling, EAS IRM)
Will retry licensing at the time of consumption
DB servers can still be made highly available through clusters or log shipping
Though a proper backup schedule is usually a good substitute
Note: Clustering for the database does not help if the DB content is corrupt or broken
Backing Up AD RMS
• AD RMS certification cluster configuration database• Each AD RMS licensing cluster configuration database• Trusted Publishing Domain
To back up AD RMS, back up:
• Logging DB: daily or as the acceptable logging information loss dictates. Frequent local backup of transaction logs
• DS Cache: whenever AD RMS version changes or servers are installed
• The logging database content should be migrated to an archival database
Back up as required
depending on volume and
policy of organization
Restoring AD RMS
• Reinstall server, add to existing clusterIf AD RMS server fails
• Reinstall Windows, SQL Server, restore DB backup• If node is corrupt or damaged, reinstall AD RMS server(s)
adding them to the same cluster. Might ask for private key password
If SQL Server fails and no SQL
cluster
• Provides flexibility when restoring server to new host name
Best practice: Use cluster name for AD RMS cluster
Restoring AD RMS: Only Server in Cluster
• AD RMS needs to connect to the original DB and you need to provide the Cluster Key Password
Reprovision the server with original
DB
• Choose Join when prompted to Join or create a new cluster
• A new logging database will be created if needed
While reinstalling AD RMS, the original
configuration database will be
detected
• Must keep service connection point in Active Directory for provisioning
• If SCP is not present, setup will try to create a new cluster
If the root certification cluster is being reinstalled
Database Backup OptionsFailover cluster
Provides immediate recoveryDoes not protect against data-centric failuresNot an efficient use of resources
Log backupWe recommend running databases in full recovery modeA daily full backup is reasonable for most environmentsConsider your recovery needs and acceptable loss levelsBackups should be tested and contain hardware spares to rebuild the DB, if necessary
Log Shipping Sends copies of the transaction logs to a remote instance of the databaseUseful when logging information loss must be minimizedEnables up-to-the-minute recovery and recovery to other points in time (before database corruption, for example)Provides a “warm standby” database
Log MirroringNot officially supportedReplicate data between DBsDatabases can be in different locations
Database Disaster Recovery Architecture
Site A Site B
Log Shipping
DB CNAME
In Review: Session Objectives and Takeaways
Session Objective(s): To be able to deploy AD RMS in complex situations.To be able to support AD RMS integrated with Exchange 2010 when it doesn’t work as expected
Show how Exchange 2010 SP1 provide significant value to customers implementing information protection… something on the cloud …
Related Content
Breakout Sessions/Chalk TalksSession Codes and Titles
WebcastsSession Codes and Titles
Instructor-led LabsSession Codes and Titles
Hands-on LabsHands-on Lab Codes and Titles
Competitive ContentCompetitive Content related to your topic area (Session Codes and Titles)
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
demo
Making a GUI Tool
Reminder!
Watch my Twitter feed @concentrateddon for the download URL for these scriptsThe GUI builder I’ve been using is SAPIEN PrimalForms (www.sapien.com); they’re in the Expo hall if you’d like to talk to them. A free Community Edition is available.
Any Final Questions?
I’ll also be hanging out at the Expo HallPlease drop by and let me know what you think, or ask follow-up questions!You can post questions to me at here Or email me: [email protected] you!
Related Content
XXXXXX :
XXXXXX:
XXXXXX:
XXXXXX: Deep Dive on Windows Server Active Directory Shell
Find Me Later in the Expo Hall!
Track Resources
Resource 1
Resource 2
Resource 3
Resource 4
Required Slide *delete this box when your slide is finalized
Track PMs will supply the content for this slide, which will be inserted during the final scrub.
Resources
Connect. Share. Discuss.
http://northamerica.msteched.com
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn
Complete an evaluation on CommNet and enter to win!
MS Tag
Scan the Tagto evaluate thissession now onmyTechEd Mobile
Required Slide *delete this box when your slide is finalized
Your MS Tag will be inserted here during the final scrub.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.