Photo of keys

Key Management Server

Photo of keys
KMS is software that activates Microsoft software licenses, both for Windows and Office.

During the 2013 UTS Annual Kickoff, Dana Haggas surprised attendees with the knowledge that Enterprise Applications, Business Systems team supports 11 applications.  This team is a subgroup of Enterprise Applications and consists of 11 people managed by John B. Wilson Jr.  Over the next few weeks, we will be presenting an in-depth look into these applications and services.

The first application is Key Management Service (KMS), which is supported by Tom Armour (Enterprise Applications – Business Systems). The KMS activates Microsoft software licenses, both for Windows and Office. This application replaced the old MAK (multiple activation key) system in which the key is used on each machine.

Emory MAKs have been compromised a few times over the past several years, requiring the key to be deactivated and reissued. This caused tremendous pain to the IT support community. The problem with re-keying MAKs is you have to physically visit each machine or use a software distribution method.

KMS protects machines from becoming compromised because it forces all the devices on the network to be configured against a master key on a server. This helps because a device has to be physically on the network or its key would automatically expire after 180 days. KMS reactivates the key every week behind the scenes so if the device goes off-site it can still work for 180 days without connecting to the Emory network.

When Emory suffered its first MAK being compromised in 2010, the end users felt the pain directly. However with the KMS management process that is transparent to the endusers.  In addition Microsoft re-issues the MAK keys every year.  KMS makes the process easier and transparent by being one key managed centrally rather than managed broadly on many devices. Tom is in the process of coordinating the migration of all of Emory’s servers, workstations and Office over to KMS. MAK keys are still available for specific cases, but KMS is now the preferred method. There are two KMS servers behind a virtual IP that are round-robined for redundancy.

This application was an example of a “bottom-up initiative,” in which Tom decided to improve the system for key management, researched the tool in 2011, and began testing in the Spring of 2012.  The service went live in November 2012.

For more information about KMS, go to: http://technet.microsoft.com/en-us/library/ff793434.aspx.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *