MBAM Architecture
From RiceFamily Wiki
Contents
Overview
We are going to be setting up a "Stand-Alone" MBAM environment and using BigFix in place of Microsoft's SCCM to deploy the clients and gather status from endpoints.
Architecture
- 2 Servers.
- One Server will act as the DB server.
- The second Server will act as the Application Server.
- The servers have been requested.
- SQL Server 2014 has been installed
- SSL Certificates have been requested, received and installed on both servers.
- Needed to generate the CSR for the DB server from IIS itself.
- Using OpenSSL caused issues with differences in the Cert formats.
- Simpler to just use IIS.
- MBAM has been installed on both servers.
- Configuration has been run on the DB server.
- Configuration will not complete on the Application Server.
- The problem seems to be with Reporting Services.
- Need to review the documentation again.
Resources
- Technet Forums
- YouTube Videos about MBAM 2.5
- Deploying Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 1:06:57
- Deploying Microsoft BitLocker Administration and Monitoring 2.5 1:05:35
- BitLocker Deployment Using MBAM Is a Snap! 1:09:59
- TWC | Microsoft BitLocker Administration and Monitoring 2.5 Extravaganza 1:14:11
- BitLocker Video Playlist - 10 Videos
- Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager) - Padma completed this step after I imported the certificates
Notes
- MBAM Monitoring Web Service no longer available
- https://technet.microsoft.com/en-us/library/dn645312.aspx
- The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.
- I wonder if this means that all the MBAM Client machines need access to the MBAM Database server. If so it will require a new Firewall Rule be implemented for the VRF that the server is in.