Difference between revisions of "MBAM Architecture"
From RiceFamily Wiki
(→Architecture) |
(→Architecture) |
||
Line 8: | Line 8: | ||
* The servers have been requested. | * The servers have been requested. | ||
** SQL Server 2014 has been installed | ** SQL Server 2014 has been installed | ||
+ | ** SSL Certificates have been requested, received and installed on both servers. | ||
+ | *** Needed to generate the CSR for the DB server from IIS itself. | ||
+ | *** Using OpenSSL caused issues with differences in the Cert formats. | ||
+ | *** Simpler to just use IIS. | ||
** MBAM has been installed on both servers. | ** MBAM has been installed on both servers. | ||
** Configuration has been run on the DB server. | ** Configuration has been run on the DB server. |
Revision as of 12:07, 6 April 2016
Overview
We are going to be setting up a "Stand-Alone" MBAM environment and using BigFix in place of Microsoft's SCCM to deploy the clients and gather status from endpoints.
Architecture
- 2 Servers.
- One Server will act as the DB server.
- The second Server will act as the Application Server.
- The servers have been requested.
- SQL Server 2014 has been installed
- SSL Certificates have been requested, received and installed on both servers.
- Needed to generate the CSR for the DB server from IIS itself.
- Using OpenSSL caused issues with differences in the Cert formats.
- Simpler to just use IIS.
- MBAM has been installed on both servers.
- Configuration has been run on the DB server.
- Configuration will not complete on the Application Server.
- The problem seems to be with Reporting Services.
- Need to review the documentation again.
Notes
- MBAM Monitoring Web Service no longer available
- https://technet.microsoft.com/en-us/library/dn645312.aspx
- The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.
- I wonder if this means that all the MBAM Client machines need access to the MBAM Database server. If so it will require a new Firewall Rule be implemented for the VRF that the server is in.