Difference between revisions of "MBAM Architecture"

From RiceFamily Wiki
Jump to: navigation, search
(Resources)
(Resources)
 
(2 intermediate revisions by the same user not shown)
Line 26: Line 26:
 
** [https://www.youtube.com/watch?v=sNEm_OsQH4I TWC | Microsoft BitLocker Administration and Monitoring 2.5 Extravaganza] 1:14:11
 
** [https://www.youtube.com/watch?v=sNEm_OsQH4I TWC | Microsoft BitLocker Administration and Monitoring 2.5 Extravaganza] 1:14:11
 
** [https://www.youtube.com/watch?v=xGyVlVbarMA&list=PLNexv9-FdEWzfOobxDgNuRKxrb-ByPTue BitLocker Video Playlist] - 10 Videos
 
** [https://www.youtube.com/watch?v=xGyVlVbarMA&list=PLNexv9-FdEWzfOobxDgNuRKxrb-ByPTue BitLocker Video Playlist] - 10 Videos
* [https://technet.microsoft.com/en-us/library/ms191192.aspx Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager)] - Padma completed this step after I imported the certificates
+
* [https://technet.microsoft.com/en-us/library/ms191192.aspx Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager)] - The DB Group completed this step after I imported the certificates
 +
 
 +
= Upgrade =
 +
* [https://learn.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/how-to-move-the-mbam-25-databases#how-to-move-the-recovery-database How to move the Recovery Database]
 +
 
 +
= Processes =
 +
* [https://technet.microsoft.com/en-us/library/dn645343.aspx Configuring the MBAM 2.5 Server Features]
  
 
= Notes =
 
= Notes =

Latest revision as of 12:44, 24 October 2023

Overview

We are going to be setting up a "Stand-Alone" MBAM environment and using BigFix in place of Microsoft's SCCM to deploy the clients and gather status from endpoints.

Architecture

  • 2 Servers.
    • One Server will act as the DB server.
    • The second Server will act as the Application Server.
  • The servers have been requested.
    • SQL Server 2014 has been installed
    • SSL Certificates have been requested, received and installed on both servers.
      • Needed to generate the CSR for the DB server from IIS itself.
      • Using OpenSSL caused issues with differences in the Cert formats.
      • Simpler to just use IIS.
    • MBAM has been installed on both servers.
    • Configuration has been run on the DB server.
    • Configuration will not complete on the Application Server.
      • The problem seems to be with Reporting Services.
      • Need to review the documentation again.

Resources

Upgrade

Processes

Notes

MBAM Monitoring Web Service no longer available
https://technet.microsoft.com/en-us/library/dn645312.aspx
The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.
I wonder if this means that all the MBAM Client machines need access to the MBAM Database server. If so it will require a new Firewall Rule be implemented for the VRF that the server is in.