Complete guide to Oracle IRM (Part 3): Client configuration and basic system tests
By Simon Thorpe on Aug 13, 2009
Now the IRM Server and Management Website have been installed its time to install the IRM Desktop, create a classification and protect some documents to check the system works.
Currently the guide comprises of;
- Part 1: Oracle IRM Server installation
- Part 2: Oracle IRM Management Website installation
- Part 3: Client configuration and basis system testing
- Part 4: Using Windows authentication
Install the Oracle IRM DesktopThe Oracle IRM Desktop is a small piece of software which provides support for all the IRM formats such as Microsoft Office documents, Adobe PDF's, email etc. The single install also allows not only for the opening and editing of sealed documents but provides functionality to create new documents and search inside them. For only an 8MB download it sure packs a lot of features. You can get the IRM Desktop from Oracle's OTN download pages.
Once downloaded just double click on the .exe to start the installation. It is wise to close any programs such as Microsoft Word, Outlook, Adobe Reader so that any files the installation wishes to update do not require a reboot.
Choose, or leave the default installation folder.
Then hit install! Very easy...
At the end of the installation you will see a new icon in your task tray, like the following...
Create test classification
Now that we have all the software installed we need to create a classification to secure a document against. Oracle IRM calls classifications contexts and the best way to create them is using the Management Website. This way new contexts follow the standard rights model, the benefits of which will become obvious.
Fire up a browser and head to the home page of the Management Website, this is going to be http://yourirm.server.name/manage. Then hit the login button, top right of the web page.
During the Management Website installation we created 2 new accounts, one called the System Manager. It is this account we will use to create our first context. Now if, when you installed the Management Website you set the default password creation to specified and passed in a value then this will be the password for your system manager. However if you left the default to random you have two options.
Getting the user password from email
When creating the system manager you gave the installer an email address. If this was a valid account and the Windows SMTP server is able to lookup the MX record for the domain of that user account and successfully deliver the email, then go check the inbox for that account and you should have an email like the following.
Manually resetting a users email from the Management Console
When the Oracle IRM server was installed it also installed the Oracle IRM Management Console which was used to initially login to the server.
- Start the Management Console from the Windows program group Oracle -> Information Rights Management.
- Then login to the server using the administrator password you created at initial IRM server install.
- Click on Users & Groups and you should see your system owner account. Right click and select Authentication from the menu.
- Leave the authentication type selected as Standard
- Select reset and supply the new password for the user, de-select User must change password on next login and hit finish.
Login to Management Website and create context
Now that the system owner password is known, lets login to the Management Website. If you got the password from email you are going to be asked to change it on login. You should then see the homepage for the system owner.
Now switch to the Contexts tab and hit the Add Context button. Here you have a simple dialog asking for a name, description and a user to be the context manager. Note that we only have one person in the system right now that could be a classification manager.
This creates a context in the server based on a template using the standard rights model. It also sends an email to the new context manager which is going to be the same user you've logged in as. The email gives important information for new context managers to be able to work with the context.
By default the context manager is also given a role, Contributor, which allows them create, open, edit, print sealed content.
Add a user to the IRM serverTo make this test a little more complete it would be wise to add another user to the server and give that account a slightly lower set of rights than the context manager so we can see the IRM technology working correctly. Whilst still logged into the Management Website click on the Users tab.
Notice that when business users can add new accounts, they can also give this new account a role in an existing context. So select Initial Role Assignment and choose the context and for this test choose the Reader (No Print> role.
Again to get this users password if you've set it to random you need to access their email inbox or reset it using the Management Console.
Sealing the first piece of contentFinally the time has come to protect a document! The server is running, we've got a context ready, a few users in the system but there is simple and obvious hoop left to jump through.
To seal a document we need to have the users rights cached to the local machine. For this to take place, the IRM Desktop needs to know where the Oracle IRM server is on the network so we can synchronize these rights and then be able to seal a document. The usual way for the IRM Desktop to know about the IRM server is to open an existing piece of content that someone has sent you... ack. Bit of a chicken or the egg dilemma. The simple solution is to manually tell the IRM Desktop the location of the IRM Server and then force a synchronization of rights.
- Right click on the Oracle IRM Desktop icon in the system tray and select Options...
- The options dialog will default nicely to the Synchronization, hit Add and enter in the hostname to your server.
- Hit OK and then OK the IRM Desktop Options dialog.
- Right click once more on the IRM Desktop tray icon and this time select Synchronize.
- The IRM Desktop will then present you with the login dialog and you'll need to enter in the username and password for the context manager. The same account you logged into the Management Website as. It is worth also checking the Login Automatically option.
- Open a copy of Windows Explorer and locate the file you wish to seal.
- Right click on the document and select Seal To -> Context
- You are now presented with the Select Context dialog.
- You can now select the context you created and hit OK
You'll now have a sealed copy of the document sat in the same location. Double click on this document and it will open using the system manager account credentials you asked the IRM Desktop to cache when selecting the login automatically option.
As the context manager you have full access to the content. You can copy, edit print and as we've seen, create sealed content against the context.
Finally, lets login as the second user created. Double click on the Oracle IRM bar or the icon in the toolbar. This will display the IRM Desktop control panel and it will default to File Properties. Switch to the login tab and enter in the details of the other user you added to the server. The document will now open, yet this time because you only gave the user the role Reader (No Print) they cannot edit or print the content.
This completes a full installation and test of an Oracle IRM service. The next guide will walk through in a bit more detail the decisions around how to now use this system to start protecting real content in accordance with information protection policies.