(This post was published on the original RMS team blog in February 2011.)
Service Pack 1 for Microsoft Windows Server 2008 R2 provides a very cool new feature in AD RMS: You can federate with organizations running Microsoft Exchange Server 2010 through the Microsoft Federation Gateway. In case you haven't heard about the Microsoft Federation Gateway, this is how it's described by MSDN (
Microsoft Federation Gateway
is a new identity service that runs in the cloud—that is, over the Internet and beyond your corporate network domain. This gateway service sits between an organization or business like yours and the services that the organization wants to use. The gateway acts as a hub for all the connections the organization wants to make, whether to a developer application built on Windows Azure or to a Microsoft application running in the cloud. This gateway is valuable because it is a hub for connecting users and other identities to the services that it works with, so that an organization has to manage only a single identity-federation relationship to enable its identities to access any and all Microsoft and Microsoft-based services that they want to use.
In the case of AD RMS and Exchange, Microsoft Federation Gateway Support gives AD RMS the ability to federate with the Microsoft Federation Gateway to authenticate users for certification and licensing. Microsoft Exchange Server 2010 SP1 can take advantage of this by enabling messages protected by AD RMS to be sent between organizations that do not share an Active Directory Domain Services (AD DS) infrastructure. Users can send AD RMS–protected e-mail messages to recipients outside the sender’s organization, and those recipients can then view the messages by using Exchange Server 2010 Outlook Web App.