What is the difference between installing AD RMS on a physical server and on Hyper-V?
Published Sep 07 2018 08:32 PM 416 Views
First published on CloudBlogs on Apr, 28 2012

(This post was published on the original RMS team blog in April 2010.)

Perhaps you have decided to implement AD RMS in your organization and need to decide whether to install AD RMS on a virtual server using Hyper-V or on a physical server.  Or, perhaps you tested AD RMS using Hyper-V, but will be installing it on a physical server in your production environment.  This post is designed to explain the differences between the two options.

In our testing at Microsoft we have found that there is a very slight performance degradation when using AD RMS on Hyper-V, but it is rarely noticeable.  This is especially true when the virtual server has the recommended amount of RAM allotted to it.  There is also no significant impact on network bandwidth, unless you are sharing the network connections with other resource-intensive applications.  In short, it is unlikely that you will see a noticeable difference in performance between installing AD RMS on a virtual server and a physical server.

The primary benefit to installing AD RMS on a virtual server is that it is easier to use dedicated servers for your AD RMS environment.   We do not recommend installing AD RMS on the same server as a domain controller, Microsoft Exchange, Certification Authority, or Microsoft Office SharePoint Server.  Installing AD RMS on a domain controller is especially not recommended, as you must add the AD RMS service account to the Domain Admins group.  In addition to these concerns, installing other roles on an AD RMS server can slow down or interfere with the proper functioning of AD RMS.

One important consideration is that if you install AD RMS on a virtual server you will not be able to use an internal hardware security module (HSM) for AD RMS key storage.  An HSM offers added protection by protecting the AD RMS keys in tamper-proof resistant hardware.  Instead, you will only be able to use AD RMS centrally managed key storage or software CSP key storage.

With the exception of not being able to use an internal HSM, installing AD RMS on a virtual server will behave exactly the same as an AD RMS installation on a physical server.

Version history
Last update:
‎Sep 07 2018 08:32 PM