Difference between revisions of "MBAM Architecture"
From RiceFamily Wiki
(→Resources) |
(→Resources) |
||
Line 20: | Line 20: | ||
= Resources = | = Resources = | ||
* [https://social.technet.microsoft.com/Forums/en-US/home Technet Forums] | * [https://social.technet.microsoft.com/Forums/en-US/home Technet Forums] | ||
+ | * [https://www.youtube.com/results?search_query=mbam+2.5 YouTube Videos about MBAM 2.5] | ||
+ | ** [https://www.youtube.com/watch?v=5rFhJGVgAto Deploying Microsoft BitLocker Administration and Monitoring (MBAM) 2.5] 1:06:57 | ||
+ | ** [https://www.youtube.com/watch?v=1T0uPQ-SInM Deploying Microsoft BitLocker Administration and Monitoring 2.5] 1:05:35 | ||
= Notes = | = Notes = |
Revision as of 12:27, 6 April 2016
Contents
Overview
We are going to be setting up a "Stand-Alone" MBAM environment and using BigFix in place of Microsoft's SCCM to deploy the clients and gather status from endpoints.
Architecture
- 2 Servers.
- One Server will act as the DB server.
- The second Server will act as the Application Server.
- The servers have been requested.
- SQL Server 2014 has been installed
- SSL Certificates have been requested, received and installed on both servers.
- Needed to generate the CSR for the DB server from IIS itself.
- Using OpenSSL caused issues with differences in the Cert formats.
- Simpler to just use IIS.
- MBAM has been installed on both servers.
- Configuration has been run on the DB server.
- Configuration will not complete on the Application Server.
- The problem seems to be with Reporting Services.
- Need to review the documentation again.
Resources
Notes
- MBAM Monitoring Web Service no longer available
- https://technet.microsoft.com/en-us/library/dn645312.aspx
- The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.
- I wonder if this means that all the MBAM Client machines need access to the MBAM Database server. If so it will require a new Firewall Rule be implemented for the VRF that the server is in.