Leverage the Mobile Device Extension for ad rms

Yüklə 3,87 Mb.

səhifə	2/20
tarix	16.08.2018
ölçüsü	3,87 Mb.
	#63133

1 2 3 4 5 6 7 8 9 ... 20

Objectives of this paper

This document provides information about the Mobile Device Extension for AD RMS, and how it can be deployed on top of existing Windows Server 2012 and Windows Server 2012 R2-based AD RMS clusters to support devices with mobile RMS-enlightened applications.

By following the steps outlined in this document you should be able to successfully prepare your environment to deploy the Mobile Device Extension, and start using it within your organization to create and consume protected content on your devices.

Please note that the detailed step by step guidance in this paper covers not only the deployment of the Mobile Device Extension, but also the installation and configuration of AD RMS, the domain controllers that support the environment, Active Directory Federation Services (AD FS) servers, the virtual machines to host those components and other required components. If this guide is used to support the deployment of MDE in an existing environment, only specific sections of the detailed procedures will apply, while others will have to be modified.

Non-objectives of this paper

This document doesn’t provide a full description of AD RMS. It rather focuses on key aspects that aims at providing the readers an understanding on how to leverage and deploy the Mobile Device Extension on their existing on-premises corporate AD RMS infrastructure.

Note For additional information on AD RMS, see the Microsoft TechNet article Active Directory Rights Management Services Overview¹¹, as well as the several posts of the AD RMS Team Blog¹².

It doesn’t provide neither guidance for setting up and configuring AD RMS in a production environment nor a complete technical reference for AD RMS.

Organization of this paper

To cover the aforementioned objectives, this document is organized in the following four sections:

Overview of the Mobile Device .
Building an evaluation environment.
Setting up the Windows Server 2012 R2 Base Configuration test lab.
Testing and evaluating the Mobile Device Extension for AD RMS.

These sections provide the information details necessary to (hopefully) successfully build a working environment with the Mobile Device Extension for AD RMS. They must be followed in order.

About the audience

This document is intended for system architects and IT professionals who are interested in understanding how to enable and configure the Mobile Device Extension for AD RMS on their existing on-premises AD RMS infrastructure.

Overview of the Mobile Device Extension for AD RMS

As introduced before, the Mobile Device Extension for AD RMS lets users who have mobile devices protect and consume sensitive data when their device supports the latest RMS client (also known as the mobile client) and uses RMS-enlightened apps. For example, users on these devices can do the following:

Use the RMS sharing app to consume protected text files in different formats (including .txt, .csv, and .xml).
Use the RMS sharing app to consume protected image files (including .jpg, .gif, and .tif).
Use the RMS sharing app to open any file that have been generically protected (.pfile format).
Use the RMS sharing app to open an Office or PDF file encoded in PPDF format (to learn more about the PPDF format see the relevant section in the RMS Sharing app documentation).
Use the RMS sharing app to protect image files on the device.
Use an RMS-enlightened PDF viewer for mobile devices to open PDF files that were protected with the RMS sharing app for Windows, or another RMS-enlightened application.
Use other apps from software vendors who provide RMS-enlightened apps that support file types that natively support RMS.
Use your internally developed RMS-enlightened apps that were written by using the lightweight Microsoft Rights Management SDK (RMS SDK) 4.0.

The first mobile client that was based on the RMS SDK 3.0 was initially intended to work only in conjunction with Azure RMS. More specifically, it was designed to interact with the highly abstracted and simplified REST APIs exposed by Azure RMS through rights management service endpoints - along with a service discovery process - for authoring of new content and for consumption of protected content on mobile devices.

To enable the above usage scenario, the Mobile Device Extension for AD RMS enables an on-premises AD RMS clusters to expose similar service endpoints as the ones exposed by Azure RMS.

Such an approach leverages a common logic to locate via a service discovery process the REST service endpoints of the RMS service, whether it is an on-premises AD RMS cluster with the Mobile Device Extension or Azure RMS.

The newly introduced RMS SDK 4.0 for creating rights-enabled applications integrates this common logic and abstracts all access to service endpoints in a platform agnostic manner for the REST APIs. This version of the RMS SDK thus enables to develop RMS-enlightened apps on mobile devices with the new AD RMS server's Mobile Device Extension.

Important note The RMS SDK 4.0 supersedes the RMS SDK 3.0, which is now deprecated.
Note The RMS SDK 4.0 is a simplified, next-generation API that enables a lightweight development experience in building or upgrading device apps with information protection via the RMS service, whether it is an on-premises AD RMS cluster with the Mobile Device Extension or Azure RMS.

Its APIs support standard programming languages and models for each operating system so, they are easy and familiar to work with. The RMS SDK 4.0 provides support in mobile devices (Android¹³, iOS¹⁴, Mac OS X¹⁵, Windows Phone, and Windows RT).

For additional information on the RMS SDK 4.0, see the eponym MSDN page Microsoft Rights Management SDK 4.0¹⁶.

Yüklə 3,87 Mb.

Dostları ilə paylaş:

1 2 3 4 5 6 7 8 9 ... 20