In this article, I will cover the installation and configuration of Active Directory Information Rights Management Service as a cluster on Windows Server 2012 with databases on SQL Server Always on Group on SQL Server 2012.
This is a prep work for configuring the Information Rights Management for SharePoint 2013 which I will cover later.
Overview of the demo environment I am using.
- Contoso DC: DNS, Active Directory Domain Controller
- Contoso IRM: Active Directory Rights Management Service A
- Contoso CA: Active Directory Rights Management Service B
- SQL01: Primary Replica SQL Server 2012
- SQL02: Secondary Replica SQL Server 2012
- SQLAAG01: Always on Availability Group 01
- FIM01: SharePoint 2013 Server
Installation and Configuration of AD RMS on the First Server and configuring the Cluster:
I will start with the
- Installation of Active Directory Rights Management Service on the first server i.e ContosoIRM
- Configuriation of the Additional Steps and creating the cluster
Launch the Server Manager , Click on Add Roles and Features
Click on Next
Click on Next
Select Active Directory Rights Management Services, Click Next
Select AD RMS , Click Next
Click Install to Start the Installation Process.
Installation may consume around 15 minutes or less
Installation Complete, Click on Close
In the Server Manager, Click on the Falg to Perform the Additional Configuration
Click on Next
Select Create a new AD RMS root cluster, Click Next
In this scenerio , I am using Always on Availability Group, Click on Specify a Database Server and a Database Instance
I have specified the AAG name and Selectthe Database Instance
Specify the Service Account that has access to the Database Server
I have gone with the Cryptographic Mode 2 option, click Next
Its good to have a centrally managed key storage but depending upon the required select what you need
Specify the Cluster Key Password, this will be used while joining the AD RMS Server B in the cluster
Select the Web Site , I have already named the website as ContosoIRM
You can pre-configure the website with DNS Host entry
I will go with http instead of https though the screenshot is for https
Name the server Licensor Certificate
This is an important step to register the SCP , I will register it via the configuration wizard. If you have already attempted to install AD RMS on the same server, you will have to delete the RMS from AD Sites and Services to install it again
Click Install to Configure it. Note if you use https the databases will have 443 in the suffix of the database names.
Click Install to proceed
This may consume again upto 15 minutes
Now log off and log in back
Launch the Active Directory Rights Management Services from the metro menu
Here we go the Cluster is configured
Following 3 databases have been created in Always On Group primary replica, I will add the the databases in AAG group later. As I am using http all databases have 80 in the suffix.
2) Installation and Configuration of AD RMS on Server B i.e. ContosoCA
Launch the Server Manager
Install the Active Directory Rights Management Services as covered above.
Once installed, Click on the Flag in Server Manager to perform Additional Configuration Steps , I will cover the steps from here.
Click on Perform Additional Configuration
This launches the Configuration Wizard for AD RMS, Click Next
Select Join an existing AD RMS Cluster, Click Next
Specify the Database Server Name , in my case Iwill provide the Always on Availabilty Group name click on Select
Select Default Instance from the List
It should pick up the Configuration Database name, if not click on the drop down to select the Config database name
Specify the same Cluster Key which was used while creating the Cluster i.e. centrally managed key
Specify the database service account by clicking on Specify
Now that I have specified the Service Account details , Click Next
Select the website, you can pre-configuring by creating a blank website with fqdn and bindings. This is important if you want to load balance the AD RMS website.
You can do this by using Microsoft NLB for POC purpose but in real world you would want to use Hardware Load Balancer like F5 or Barracuda to achieve load balancer I won't get into the details of this here as there are good articles which cover the same somewhere else.
In this scenario I'm selecting the default website I created, Click Next.
Click on Install to start the Installation and Configuration
The installation is complete now
Log off and Log in Back, Launch AD RMS
The installation and configuration of the AD RMS is completed and we created the cluster as well all on Windows 2012 and databases highly available on SQL Server 2012 Always on Group.
There is more to AD RMS i.e. Trust Policies , User Execution, Security policies, policy templates etc. This article is just to illustrate the installation of AD RMS and configuration of the cluster for demo purpose. For more information please refer to the relevant tech net article.
I will configure AD RMS for SharePoint 2013 ad will cover this in some other article.