High-Level Architecture of MBAM 2.5 with Stand-alone Topology
Tuotteet: Microsoft BitLocker Administration and Monitoring 2.5
This topic describes the recommended architecture for deploying Microsoft BitLocker Administration and Monitoring (MBAM) with the Configuration Manager Stand-alone topology. In this topology, MBAM is deployed as a stand-alone product. You can alternatively deploy MBAM with the Configuration Manager Integration topology, which integrates MBAM with Configuration Manager. For more information, see High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology.
For a list of the supported versions of the software mentioned in this topic, see MBAM 2.5 Supported Configurations.
Huomautus
Use a single-server architecture in test environments only.
Recommended number of servers and supported number of clients
The recommended number of servers and supported number of clients in a production environment is as follows:
| Recommended architecture in a production environment | Details |
|---|---|
Number of servers and other computers |
Two servers One workstation |
Number of client computers supported |
500,000 |
Recommended MBAM high-level architecture with the Stand-alone topology
The following diagram and table describe the recommended high-level, two-server architecture for MBAM with the Stand-alone topology. MBAM multi-forest deployments require a one-way or two-way trust. One-way trusts require that the server domain trusts the client domain.
| Server | Features to configure on this server | Description |
|---|---|---|
|
Database server
|
Compliance and Audit Database |
This feature is configured on a server running Windows Server and supported SQL Server instance. The Compliance and Audit Database stores compliance data, which is used primarily for reports that SQL Server Reporting Services hosts. |
|
Recovery Database |
This feature is configured on a server running Windows Server and supported SQL Server instance. The Recovery Database stores recovery data that is collected from MBAM client computers. |
|
|
Reports |
This feature is configured on a server running Windows Server and supported SQL Server instance. The Reports provide recovery audit and compliance status data about the client computers in your enterprise. You can access the reports from the Administration and Monitoring Website or directly from SQL Server Reporting Services. |
|
|
Administration and Monitoring Server
|
Administration and Monitoring Website |
This feature is configured on a computer running Windows Server. The Administration and Monitoring Website is used to:
|
|
Self-Service Portal |
This feature is configured on a computer running Windows Server. The Self-Service Portal is a website that enables end users on client computers to independently log on to a website to get a recovery key if they lose or forget their BitLocker password. |
|
|
Monitoring web services for this website |
This feature is configured on a computer running Windows Server. The monitoring web services are used by the MBAM Client and the websites to communicate to the database. |
|
|
Management workstation |
MBAM Group Policy Templates |
|
|
MBAM Client and Configuration Manager client computer |
MBAM Client software |
The MBAM Client:
|
Got a suggestion for MBAM?
Add or vote on suggestions here. For MBAM issues, use the MBAM TechNet Forum.
Katso myös:
High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology
Illustrated Features of an MBAM 2.5 Deployment