alexwhite19800
asked on
RMS / DRM - differences?
Hello
I'm trying to get my head around Active Directory RMS. I've also heard the term DRM - are they essentially the same thing?
My understanding is that RMS is method to protect data.
Let me give a simple example:
1. I have a Word document that i protect via RMS
2. I send via email to friend@hisdomain.com
3. Friend opens the document using the mail client on his mobile device
4. The beauty of RMS is that we can protect this document from being forwarded, having data copy and pasted etc
Is this correct? If so, how?
I'm trying to get my head around Active Directory RMS. I've also heard the term DRM - are they essentially the same thing?
My understanding is that RMS is method to protect data.
Let me give a simple example:
1. I have a Word document that i protect via RMS
2. I send via email to friend@hisdomain.com
3. Friend opens the document using the mail client on his mobile device
4. The beauty of RMS is that we can protect this document from being forwarded, having data copy and pasted etc
Is this correct? If so, how?
ASKER
Thanks btan
Couple of followers up questions;
1. Do all mobile clients (e.g. Apple Mail, Outlook iOS...) support RMS? What happens if Friend tries to view the attachment on a mobile client that doesn't support RMS?
2. The first time Friend tries to view the attachment, he presumably needs to be online to download it in the first place and for the client to connect to the RMS server. What happens if he tries to view the cached attachment again when the device is offline?
3. Essentially, am I correct in saying that AD RMS protects the information at the data/file level, as opposed to traditional mobile containers (e.g Good, Airwatch) that attempt this at the application level?
4. Does RMS work on attachments only? Or can be for email content too?
Couple of followers up questions;
1. Do all mobile clients (e.g. Apple Mail, Outlook iOS...) support RMS? What happens if Friend tries to view the attachment on a mobile client that doesn't support RMS?
2. The first time Friend tries to view the attachment, he presumably needs to be online to download it in the first place and for the client to connect to the RMS server. What happens if he tries to view the cached attachment again when the device is offline?
3. Essentially, am I correct in saying that AD RMS protects the information at the data/file level, as opposed to traditional mobile containers (e.g Good, Airwatch) that attempt this at the application level?
4. Does RMS work on attachments only? Or can be for email content too?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
RMS adds on to DRM and mostly refers to as system implementations is provided by Microsoft AD RMS (Active Directory Rights Management Services). RMS introduces a number of granular configuration options, which also allow rights to be revoked after a document has been shared, for example. These include: View, Change, Copy, Print, Save, Automated access, Full control.
the use case is possible but likely to be specific there is specific system required.
For example, to grant access rights for a file via RMS, the client must first connect to an RMS server. This is done separately for each file.
a) The licensing server first checks the credentials and determines the user’s access rights by checking with AD.
The content of the processed document is not sent.
b) The file author configure the required settings under Permissions.
These are returned by the publishing server and can be saved together with the file.
c) The file is encrypted by the RMS using the public key method. The owner will still be able to view it.
The file permissions are set for the other users as well.
d) The file is now shared and a user wants to process it (open, edit, copy, etc.), their machine need to check with the licensing server.
It checks user credentials and access rights. If the user has the necessary privileges, access is granted. Otherwise, they are denied.
You may be interested in this blog - Oracle termed it as IRM. Read on
https://blogs.oracle.com/irm/entry/irm_erm_edrm_drm_what_does_it