Partager via

AD RMS SQL Server Requirements

  • Article

Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Servers in the AD RMS cluster are tightly integrated with the database server during normal operations. The AD RMS database server stores configuration, logging, and directory services information for AD RMS.

AD RMS uses the following databases:

  • Configuration database

    The configuration database is a critical component of an AD RMS installation. It stores, shares, and retrieves all configuration data and other data that you need to manage account certification, licensing, and publishing services for a cluster. The way that you manage your configuration database directly affects the security and availability of rights-protected content.

    Each AD RMS cluster has one configuration database. The configuration database for the root cluster contains a list of Windows user identities and each rights account certificate (RAC). If the cluster key is centrally managed by AD RMS, the certificate key pair is encrypted with the AD RMS cluster key before it is stored in the database. The configuration databases for licensing-only clusters do not contain this information.

  • Logging database

    For each root or licensing-only cluster, by default AD RMS installs a logging database in the same database server instance that hosts the configuration database. This database can grow quite large; therefore, you will need a plan to help maintain adequate service and performance.

Note

In Windows Server 2008 R2, AD RMS created a private message queue on each server in the AD RMS cluster as logging was done using the Message Queuing service. In this earlier release of AD RMS, the AD RMS logging service would then transmit log data from this message queue to the logging database. Introduced in Windows Server 2012, service logging is now redesigned to use synchronous logging, which logs directly to the logging database, no longer requiring the Message Queuing or AD RMS Logging services.
Because AD RMS now writes directly to the logging database, logging performance is improved but availability of the logging database is critical. If the logging database becomes unavailable, the ability to log licensing and certification activity data will be impaired. Therefore, database designs in Windows Server 2012 for AD RMS clusters need to consider all aspects of availability when making planning decisions. For information about the high availability options that AD RMS supports for SQL Server, see the following section.

  • Directory services database

    This database caches information about users, identifiers (such as e-mail addresses), security ID (SID), group membership, and alternate identifiers. This information is obtained from Lightweight Directory Access Protocol (LDAP) queries that are made to the Active Directory Domain Services global catalog by the AD RMS licensing service. By default, this data is cached every 12 hours.

You can use the Windows Internal Database to support a new installation of AD RMS, which means that you can run AD RMS with a single server. However, this is supported only in a test environment, and it is not supported for the mobile device extension. For a production environment, and always for the mobile device extension, use a separate server that runs SQL Server for your AD RMS databases.

AD RMS Support for SQL Server High Availability

AD RMS supports the following high availability solutions for SQL Server:

SQL Server AlwaysOn is not supported for AD RMS.

AD RMS SQL Server System Requirements for Windows Server 2012 and Windows Server 2012 R2

The following table describes the hardware requirements for AD RMS SQL Server.

AD RMS SQL Server Hardware Requirements for Windows Server 2012

Hardware Requirements Recommendations

CPU

x86 Processor: 1.0 GHz
x64 Processor: 1.4 GHz

2.0 GHz or higher

Memory

1 GB

At least 4 GB and should be increased as database size increases to ensure optimal performance.

Hard Disk

40 GB of free hard disk space

200 GB of free hard disk space or higher

Network Adapter

1

2 (public and private interface)

Share Disks

External disks for MSCS/SQL configuration

Using RAID 1+0 for logging and RAID 5 for database recommended

The following table describes the software requirements for AD RMS SQL Server.

AD RMS SQL Server Software Requirements for Windows Server 2012 and Windows Server 2012 R2

Software Requirements

Supported SQL Server editions

Enterprise

Standard

Supported SQL Server versions

Microsoft SQL Server 2014 (and all service packs)

Microsoft SQL Server 2012 (and all service packs)

Microsoft SQL Server 2008 R2 (and all service packs)

Microsoft SQL Server 2008 (and all service packs)

Microsoft SQL Server 2005 (and all service packs)

Special considerations for using SQL Server databases with AD RMS in Windows Server 2012

The setup process for AD RMS has been redesigned with the introduction of Windows Server 2012 to enable better support for remote deployment of AD RMS and SQL servers and to address customer feedback that requested more flexible deployment options.

In prior releases of Windows Server, AD RMS Setup required that the account used to install the AD RMS server role needed to have local administrator privileges on any computers hosting a SQL Server installation that would be used to support AD RMS. This was because AD RMS Setup required the ability to read SQL database settings from the Windows Registry. Because of customer feedback, this has been changed for this release.

Starting with Windows Server 2012, AD RMS now has the following requirements for access to SQL Server.

  • The AD RMS installer account must have sysadmin permissions in the SQL Server instance.

  • For assistance in accessing and locating available SQL Server instances, the SQL Server Browser service must also be running on the server computer where AD RMS databases are installed.

  • SQL Server named instances are supported by AD RMS on Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. To use SQL Server named instances, the SQL Server Browser service must be running on the database server.

  • The SQL Server computer that supports AD RMS must have firewall exceptions enabled for well-known SQL Server ports. For example, the SQL Server Browser service uses UDP port 1434 and the default SQL Server TCP port is 1433. These default ports, if used for your SQL Server installation, need to have port exceptions made in Windows Firewall.

  • Additionally, to access SQL Server instances, any non-default TCP ports must be enabled for exceptions that are configured with your SQL Server installation. For default SQL instances, TCP port 1433 is usually assigned. If you have configured any SQL Server instances intended for use with AD RMS so that they are using a non-default TCP port, those ports must be enabled for Windows Firewall exceptions so that AD RMS Setup can connect to your targeted SQL Server installation.

AD RMS SQL Server System Requirements for Windows Server 2008 R2

The following table describes the SQL Server hardware requirements for supporting AD RMS.

AD RMS SQL Server Hardware Requirements for Windows Server 2008 R2

Hardware Requirements Recommendations

CPU

Pentium III processor (800 MHz or higher)

2 Pentium 4 processors (1.5 GHz or higher)

Memory

512 MB of RAM

2 GB of RAM

Hard Disk

20 GB of free hard disk space

160 GB of free hard disk space or higher

Network Adapter

1

2 (public and private interface)

Share Disks

External disks for MSCS/SQL configuration

Using RAID 1+0 for logging and RAID 5 for database recommended

The following table describes the software requirements for AD RMS SQL Server.

AD RMS SQL Server Software Requirements Windows Server 2008 R2

Software Requirements

Supported SQL Server editions

Enterprise

Standard

Supported SQL Server versions

Microsoft SQL Server 2014 (and all service packs): Requires hotfix.

Microsoft SQL Server 2012 (and all service packs): Requires hotfix.

Microsoft SQL Server 2008 R2 (and all service packs)

Microsoft SQL Server 2008 (and all service packs)

Microsoft SQL Server 2005 (and all service packs)

Note

For information about the hotfix required for SQL Server 2014 and SQL Server 2012, see Deploying AD RMS in Windows Server 2008 R2 SP1 with SQL Server 2012 on the TechNet wiki.

For additional information about AD RMS and SQL Server, see AD RMS Performance and Logging Best Practices.

For additional information about AD RMS, see AD RMS Prerequisites.

For hardware and software requirements to install SQL Server, see Hardware and Software Requirements for Installing SQL Server 2014, and if necessary, use the Other Versions option at the top of the page.

Special considerations for using SQL Server databases with AD RMS and Windows Server 2008 R2

Important

If you are using MSDE 2000 to host the Rights Management Services (RMS) databases, you cannot upgrade to AD RMS. Similarly, an upgrade will not succeed if a version of SQL Server is detected that is not supported by AD RMS.

User account considerations:

  • If you are using an external database server for the AD RMS databases, the user account that installs AD RMS must have the right to create new databases. This user account must be a member of the System Administrators (sysadmins) database role, or equivalent.

  • If you are using SQL Server remotely, the user account that is installing AD RMS must be a member of the local administrators group on the SQL server. This allows the AD RMS installation to query the registry on the SQL server remotely.

  • The user account that is installing AD RMS will be granted Database Owner permissions on all three of these databases automatically.

Firewall considerations if there is an intervening firewall between the AD RMS server and SQL Server:

  • Allow the TCP port for the SQL Server instance (default and named instances).

  • Allow the UDP port for the SQL Browser if you are using a SQL Server named instance.

See Also

Concepts

Technical Reference: AD RMS