Sunday, 11 August 2013

Installing and Configuring Active Directory Rights Management Service in a Cluster on Windows Server 2012

In this article, I will cover the installation and configuration of Active Directory Information Rights Management Service as a cluster on Windows Server 2012 with databases on SQL Server Always on Group on SQL Server 2012.

This is a prep work for configuring the Information Rights Management for SharePoint 2013 which I will cover later.

Overview of the demo environment I am using.

  • Contoso DC: DNS, Active Directory Domain Controller
  • Contoso IRM: Active Directory Rights Management Service A
  • Contoso CA: Active Directory Rights Management Service B
  • SQL01: Primary Replica SQL Server 2012
  • SQL02: Secondary Replica SQL Server 2012
  • SQLAAG01: Always on Availability Group 01
  • FIM01: SharePoint 2013 Server



Installation and Configuration of AD RMS on the First Server and configuring the Cluster:

I will start with the 
  • Installation of Active Directory Rights Management Service on the first server i.e ContosoIRM
  • Configuriation of the Additional Steps and creating the cluster

Launch the Server Manager , Click on Add Roles and Features




Click on Next


Click on Next 

Select the Server, Click Next 


Select Active Directory Rights Management Services, Click Next


 Click Next 


Click Next 


Select AD RMS  , Click Next 


Click Install to Start the Installation Process.


Installation may consume around 15 minutes or less


Installation Complete, Click on Close


In the Server Manager, Click on the Falg to Perform the Additional Configuration 


Click on Next

Select Create a new AD RMS root cluster, Click Next


In this scenerio , I am using Always on Availability Group, Click on Specify a Database Server and a Database Instance

I have specified the AAG name  and Selectthe Database Instance

Click Next


Specify the Service Account that has access to the Database Server


 I have gone with the Cryptographic Mode 2 option, click Next


Its good to have a centrally managed key storage but depending upon the required select what you need 


Specify the Cluster Key Password, this will be used while joining the AD RMS Server B in the cluster


Select the Web Site , I have already named the website as ContosoIRM

You can pre-configure the website with DNS Host entry


I will go with http instead of https though the screenshot is for https 


Name the server Licensor Certificate 

This is an important step to register the SCP , I will register it via the configuration wizard. If you have already attempted to install AD RMS on the same server, you will have to delete the RMS from AD Sites and Services to install it again


Click Install to Configure it. Note if you use https the databases will have 443 in the suffix of the database names. 

Click Install to proceed


This may consume again upto 15 minutes


Installation Complete


Now log off and log in back

Launch the Active Directory Rights Management Services  from the metro menu


Here we go the Cluster is configured


Following 3 databases have been created in Always On Group primary replica, I will add the the databases in AAG group later. As I am using http all databases have 80 in the suffix.



2) Installation and Configuration of AD RMS on Server B i.e. ContosoCA

Launch the Server Manager
Install the Active Directory Rights Management Services as covered above.
Once installed, Click on the Flag in Server Manager to perform Additional Configuration Steps , I will cover the steps from here.

Click on Perform Additional Configuration
 


This launches the Configuration Wizard for AD RMS, Click Next


Select Join an existing AD RMS Cluster, Click Next


Specify the Database Server Name , in my case Iwill provide the Always on Availabilty Group name click on Select 
Select Default Instance from the List

It should pick up the Configuration Database name, if not click on the drop down to select the Config database name

Click Next


Specify the same Cluster Key which was used while creating the Cluster i.e. centrally managed key

Click Next

Specify the database service account by clicking on Specify 


Now that I have specified the Service Account details , Click Next


Select the website, you can pre-configuring by creating a blank website with fqdn and bindings. This is important if you want to load balance the AD RMS website.

You can do this by using Microsoft NLB for POC purpose but in real world you would want to use Hardware Load Balancer like F5 or Barracuda to achieve load balancer I won't get into the details of this here as there are good articles which cover the same somewhere else.

In this scenario I'm selecting the default website I created, Click Next.



Click on Install to start the Installation and Configuration




The installation is complete now


Log off and Log in Back, Launch AD RMS






The installation and  configuration of the AD RMS is completed and we created the cluster as well all on Windows 2012 and databases highly available on SQL Server 2012 Always on Group.

There is more to AD RMS i.e. Trust Policies , User Execution, Security policies, policy templates etc. This article is just to illustrate the installation of AD RMS and configuration of the cluster for demo purpose. For more information please refer to the relevant tech net article.

I will configure AD RMS for SharePoint 2013 ad will cover this in some other article.



5 comments:

  1. Replies
    1. Nice try . trying to ruin a informative blog for your advertising.

      Delete
  2. Governance and Management Services Australia We provide back office and administrative services for not for profits. We take the time consuming and routine tasks such as subscription management, supplier payment and even inquiry responses from you. We do this in such a seamless way as if the responses came from your organization. We leave you more time to focus on your ideas and reasons you joined - to make a difference. In addition, we take care of minutes of meetings, compliance, insurances and therefore enhance governance for you, your mission and your members.

    ReplyDelete
  3. Thank you for this post

    ReplyDelete
  4. Thank you for the helpful post.

    ReplyDelete