Planning the Server Infrastructure for MBAM

  • Article

Applies To: Microsoft BitLocker Administration and Monitoring

The Microsoft BitLocker Administration and Monitoring (MBAM) server infrastructure depends on a set of server features that can be installed upon one or more server computers consistent with the requirements of the enterprise.

Planning for MBAM Server Deployment

The following Microsoft BitLocker Administration and Monitoring features represent the server infrastructure features for an MBAM server deployment:

  • Recovery and Hardware Database

  • Compliance Status Database

  • Compliance and Audit Reports

  • Administration and Monitoring Server

These features can be installed on a single server or distributed across multiple servers.

In addition to the server related Microsoft BitLocker Administration and Monitoring features, the server setup application includes a MBAM Group Policy template feature. This feature can be installed on any client able to run the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM).

Microsoft BitLocker Administration and Monitoring server components can be installed in different configurations, by using from one to five servers. Generally, we recommend that you use a three- or five-server configuration for production environments, though two or four servers can be used also.

  • Single computer configuration

    All Microsoft BitLocker Administration and Monitoring features are installed on a single server. This configuration is supported, but only recommended for testing.

  • Three-computer configuration

    Server features are installed in the following configuration

    • Recovery and Hardware Database, Compliance Status Database, and Compliance and Audit Reports features are installed on a server.

    • Administration and Monitoring Server feature is installed on a server.

    • Group Policy template is installed on a server or client computer.

  • Five-computer configuration

    Each server feature is installed on dedicated computers:

    • Recovery and Hardware Database

    • Compliance Status Database

    • Compliance and Audit Reports

    • Administration and Monitoring Server

    • Group Policy Template is installed on a server or client computer

Note

A three or five computer configuration is recommended for production environments.

Order of Deployment of BitLocker Administration and Monitoring Server Features

  1. Recovery and Hardware Database

  2. Compliance Status Database

  3. Compliance Audit and Reports

  4. Administration and Monitoring Server

  5. Policy Template

Note

Keep track of the names of the servers each feature is installed on. This information will be used throughout the installation process.

Each Microsoft BitLocker Administration and Monitoring feature has specific prerequisites. For a full list of server component prerequisites, see MBAM Supported Configurations.

See Also

Tasks

Deploying MBAM on a Single Server
Deploying MBAM on Distributed Servers

Other Resources

Planning for MBAM