Revision as of 12:27, 6 April 2016

Overview

We are going to be setting up a "Stand-Alone" MBAM environment and using BigFix in place of Microsoft's SCCM to deploy the clients and gather status from endpoints.

Architecture

• 2 Servers.
  • One Server will act as the DB server.
  • The second Server will act as the Application Server.
• The servers have been requested.
  • SQL Server 2014 has been installed
  • SSL Certificates have been requested, received and installed on both servers.
    • Needed to generate the CSR for the DB server from IIS itself.
    • Using OpenSSL caused issues with differences in the Cert formats.
    • Simpler to just use IIS.
  • MBAM has been installed on both servers.
  • Configuration has been run on the DB server.
  • Configuration will not complete on the Application Server.
    • The problem seems to be with Reporting Services.
    • Need to review the documentation again.

Resources

• Technet Forums
• YouTube Videos about MBAM 2.5
  • Deploying Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 1:06:57
  • Deploying Microsoft BitLocker Administration and Monitoring 2.5 1:05:35

Notes

MBAM Monitoring Web Service no longer available

https://technet.microsoft.com/en-us/library/dn645312.aspx

The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.

I wonder if this means that all the MBAM Client machines need access to the MBAM Database server. If so it will require a new Firewall Rule be implemented for the VRF that the server is in.