Difference between revisions of "MBAM Architecture"
From RiceFamily Wiki
(→Architecture) |
(→Resources) |
||
(12 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
* The servers have been requested. | * The servers have been requested. | ||
** SQL Server 2014 has been installed | ** SQL Server 2014 has been installed | ||
+ | ** SSL Certificates have been requested, received and installed on both servers. | ||
+ | *** Needed to generate the CSR for the DB server from IIS itself. | ||
+ | *** Using OpenSSL caused issues with differences in the Cert formats. | ||
+ | *** Simpler to just use IIS. | ||
** MBAM has been installed on both servers. | ** MBAM has been installed on both servers. | ||
** Configuration has been run on the DB server. | ** Configuration has been run on the DB server. | ||
+ | ** Configuration will not complete on the Application Server. | ||
+ | *** The problem seems to be with Reporting Services. | ||
+ | *** Need to review the documentation again. | ||
+ | |||
+ | = Resources = | ||
+ | * [https://social.technet.microsoft.com/Forums/en-US/home Technet Forums] | ||
+ | * [https://www.youtube.com/results?search_query=mbam+2.5 YouTube Videos about MBAM 2.5] | ||
+ | ** [https://www.youtube.com/watch?v=5rFhJGVgAto Deploying Microsoft BitLocker Administration and Monitoring (MBAM) 2.5] 1:06:57 | ||
+ | ** [https://www.youtube.com/watch?v=1T0uPQ-SInM Deploying Microsoft BitLocker Administration and Monitoring 2.5] 1:05:35 | ||
+ | ** [https://www.youtube.com/watch?v=eqnp4CU7vm4 BitLocker Deployment Using MBAM Is a Snap!] 1:09:59 | ||
+ | ** [https://www.youtube.com/watch?v=sNEm_OsQH4I TWC | Microsoft BitLocker Administration and Monitoring 2.5 Extravaganza] 1:14:11 | ||
+ | ** [https://www.youtube.com/watch?v=xGyVlVbarMA&list=PLNexv9-FdEWzfOobxDgNuRKxrb-ByPTue BitLocker Video Playlist] - 10 Videos | ||
+ | * [https://technet.microsoft.com/en-us/library/ms191192.aspx Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager)] - The DB Group completed this step after I imported the certificates | ||
+ | |||
+ | = Upgrade = | ||
+ | * [https://learn.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/how-to-move-the-mbam-25-databases#how-to-move-the-recovery-database How to move the Recovery Database] | ||
+ | |||
+ | = Processes = | ||
+ | * [https://technet.microsoft.com/en-us/library/dn645343.aspx Configuring the MBAM 2.5 Server Features] | ||
= Notes = | = Notes = |
Latest revision as of 12:44, 24 October 2023
Overview
We are going to be setting up a "Stand-Alone" MBAM environment and using BigFix in place of Microsoft's SCCM to deploy the clients and gather status from endpoints.
Architecture
- 2 Servers.
- One Server will act as the DB server.
- The second Server will act as the Application Server.
- The servers have been requested.
- SQL Server 2014 has been installed
- SSL Certificates have been requested, received and installed on both servers.
- Needed to generate the CSR for the DB server from IIS itself.
- Using OpenSSL caused issues with differences in the Cert formats.
- Simpler to just use IIS.
- MBAM has been installed on both servers.
- Configuration has been run on the DB server.
- Configuration will not complete on the Application Server.
- The problem seems to be with Reporting Services.
- Need to review the documentation again.
Resources
- Technet Forums
- YouTube Videos about MBAM 2.5
- Deploying Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 1:06:57
- Deploying Microsoft BitLocker Administration and Monitoring 2.5 1:05:35
- BitLocker Deployment Using MBAM Is a Snap! 1:09:59
- TWC | Microsoft BitLocker Administration and Monitoring 2.5 Extravaganza 1:14:11
- BitLocker Video Playlist - 10 Videos
- Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager) - The DB Group completed this step after I imported the certificates
Upgrade
Processes
Notes
- MBAM Monitoring Web Service no longer available
- https://technet.microsoft.com/en-us/library/dn645312.aspx
- The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.
- I wonder if this means that all the MBAM Client machines need access to the MBAM Database server. If so it will require a new Firewall Rule be implemented for the VRF that the server is in.