When you deploy Microsoft SharePoint Products and Technologies in your organization, you can also use Information Rights Management (IRM) to enable content creators to control and protect their documents. To use IRM in your organization, you must also deploy an Active Directory Rights Management Services (AD RMS) server. With Forefront Unified Access Gateway (UAG) Service Pack 1, you can allow users to access IRM-protected libraries by publishing your SharePoint server and the AD RMS server.
For information about deploying an AD RMS server, see Active Directory Rights Management Services (http://go.microsoft.com/fwlink/?LinkId=188558). For information about planning for IRM in Office 2010, see Plan for Information Rights Management in Office 2010 (http://go.microsoft.com/fwlink/?LinkId=188557).
If you want to allow your organization and external users to share IRM-protected content over the Internet, you should deploy your AD RMS clusters for both internal and external use by using one of the following options:
- Set the root cluster URL to a URL that can be
accessed over the Internet. Ensure that this URL is resolved in the
intranet to AD RMS servers for the same cluster. When you do
this, the publishing license URL that end-user computers use for
license acquisition works both in the intranet and on the
Internet.
- Set up a license server dedicated to extranet
users and configure the extranet cluster URL appropriately.
Forefront Unified Access Gateway (UAG) contains a publishing template that you can use to publish an AD RMS server. The following procedure describes how to publish the AD RMS server.
To publish an AD RMS server
-
In the Forefront UAG Management console, click the trunk to which you want to add the application, and then in the Applications area, click Add.
-
In the Add Application Wizard, on the Select Application page, click Web, and then in the list, click Rights Management Services.
-
On the Web Servers page, do the following:
- In the Addresses box, enter the internal host name of
the AD RMS server.
- In the Public host name box, enter the Extranet cluster
URL of the AD RMS server. The Extranet cluster URL is defined
on the Cluster URLs tab of the AD RMS properties dialog
box, which is available from the AD RMS Management
console.
- In either the HTTP port box or the HTTPS port
box, enter the port over which the AD RMS server is
available.
- In the Addresses box, enter the internal host name of
the AD RMS server.
-
On the Authentication page, select an authentication server, and select the Allow rich clients to bypass trunk authentication check box.
-
On the Portal Link page of the wizard, do not make any changes.
-
When you complete the wizard, click Finish.
The Add Application Wizard closes, and the application that you defined appears in the Applications area of the Configuration section.
-
On the toolbar of the Forefront UAG Management console, click the Activate configuration icon, and then on the Activate Configuration dialog box, click Activate.
After the configuration is activated, the message "Activation completed successfully" appears.