Planning for MBAM 2.5 Server Deployment

This topic lists the features that you deploy for the MBAM Stand-alone and Configuration Manager topologies and lists the order in which you need to deploy them. There is a recommended configuration for each topology. However, you can configure MBAM server databases and features in different configurations and across multiple servers, depending on your scalability requirements.

Important planning considerations for both topologies

Considerations Details or purpose

Review the following before you start the deployment:

Each MBAM feature has specific prerequisites that must be met before you start the MBAM installation.

BitLocker recovery keys in MBAM expire after a single use.

A single use means that the recovery key has been retrieved through the Administration and Monitoring Website (also known as Help Desk), Self-Service Portal, or by using the Get-MbamBitLockerRecoveryKey Windows PowerShell cmdlet.

Keep track of the names of the computers on which you configure each feature. You will use this information throughout the configuration process.

You may want to use the MBAM 2.5 Deployment Checklist for this purpose.

Configure only the Group Policy settings in the MDOP MBAM (BitLocker Management) node. Do not change the Group Policy settings in the BitLocker Drive Encryption node.

If you change the Group Policy settings in the BitLocker Drive Encryption node, MBAM will not work.

Planning for MBAM Server deployment – Stand-alone topology

For the Stand-alone topology, a two-server configuration is recommended for production environments, although configurations of three to four servers can be used.

The Server infrastructure for the MBAM Stand-alone topology contains the following features, which must be configured in the order listed:

  1. Databases (Compliance and Audit Database and Recovery Database)

  2. Reports

  3. Web applications (and their corresponding web services)

    • Administration and Monitoring Website

    • Self-Service Portal

For a description of these features, see High-Level Architecture of MBAM 2.5 with Stand-alone Topology.

Planning for MBAM Server deployment – Configuration Manager topology

For the Configuration Manager Integration topology, a three-server configuration is recommended for production environments, although configurations of additional servers can be used.

The Server infrastructure for the MBAM Configuration Manager topology contains the following features, which must be configured or performed in the order listed:

  1. Databases (Compliance and Audit Database and Recovery Database)

  2. Reports

  3. Web applications (and their corresponding web services)

    • Administration and Monitoring Website

    • Self-Service Portal

  4. System Center Configuration Manager Integration

For a description of these features, see High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology.

Got a suggestion for MBAM?

Add or vote on suggestions here. For MBAM issues, use the MBAM TechNet Forum.

Planning to Deploy MBAM 2.5

Deploying the MBAM 2.5 Server Infrastructure