[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
You can deploy separate AD RMS infrastructures for internal and external users and create a trusted user domain relationship between them.
You can create a single Active Directory forest and AD RMS infrastructure that is available on the Internet and to users in your intranet.
You can create an AD RMS infrastructure in separate forest and use AD FS to federate the intranet- and extranet-facing forests.
Host all of the AD RMS servers (root and licensing-only servers) in a perimeter network and configure them to access the directory services servers, which are hosted in the core network.
Host an AD RMS licensing-only cluster in a perimeter network and configure it to access the directory services servers and the AD RMS root server, which are hosted in the core network.
Host AD RMS servers, together with domain controllers to service them, in a perimeter network.
Host all of the AD RMS servers in the core network and publish them to the Internet through a reverse proxy, by using a product such as Internet Security and Acceleration (ISA) Server.
Perhaps your organization plans to share protected information in a more casual manner, and you would like to avoid any type of prolonged trust. This scenario is common in a business to consumer relationship or when you simply want to share a single document with a partner. You can configure your AD RMS cluster to trust the Windows Live ID service and then partner users can open protected content using WLID credentials. While partner users will be able to open protected content, they are unable to create protected content that your users will be able to consume. Furthermore, these users will not be able to open protected content on their Windows Mobile device or access your documents in a protected SharePoint library. Finally, protection must be applied on an individual basis; WLID accounts cannot be added to an Active Directory group.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.