Planning to Deploy MBAM with Configuration Manager

To deploy MBAM with the Configuration Manager topology, a three-server architecture, which supports 200,000 clients, is recommended. Use a separate server to run Configuration Manager, and install the basic Administration and Monitoring features on two servers, as shown in the architecture image in Getting Started - Using MBAM with Configuration Manager.

Important Windows To Go is not supported when you install the integrated topology of MBAM with Configuration Manager 2007.

Deployment Prerequisites for Installing MBAM with Configuration Manager

Ensure that you have met the following prerequisites before you install MBAM with Configuration Manager:

Prerequisite Additional Information

Ensure that the Configuration Manager Server is a primary site in the Configuration Manager system.

N/A

Enable the Hardware Inventory Client Agent on the Configuration Manager Server.

For System Center 2012 Configuration Manager, see How to Configure Hardware Inventory in Configuration Manager.

Enable the Desired Configuration Management (DCM) agent or the compliance settings, depending on the version of Configuration Manager that you are using.

For System Center 2012 Configuration Manager, see Configuring Compliance Settings in Configuration Manager.

Define a reporting services point in Configuration Manager. Required for SQL Reporting Services.

For System Center 2012 Configuration Manager, see Prerequisites for Reporting in Configuration Manager.

Configuration Manager Supported Versions

MBAM supports the following versions of Configuration Manager:

Supported version Service pack System architecture

Microsoft System Center Configuration Manager 2007 R2

SP1 or later

64-bit

Note

Although Configuration Manager 2007 is 32 bit, you must install it and SQL Server on a 64-bit operating system in order to match the 64-bit MBAM software.

Microsoft System Center 2012 Configuration Manager

SP1

64-bit

For a list of supported configurations for the Configuration Manager Server, see the appropriate webpage for the version of Configuration Manager that you are using. MBAM has no additional system requirements for the Configuration Manager Server.

MBAM and SQL Server System Requirements

The supported configurations and system requirements for the MBAM servers and SQL Server for the Configuration Manager topology are the same as those for the Stand-alone topology. For the Stand-alone system requirements, see MBAM 2.0 Supported Configurations. For the MBAM Server and SQL Server processor, RAM, and disk space requirements for the Configuration Manager topology, see the following sections.

MBAM Server Processor, RAM, and Disk Space Requirements for MBAM

The following table lists the server processor, RAM, and disk space requirements for MBAM servers when you are using the Configuration Manager Integration topology.

Hardware Component Minimum Requirement Recommended Requirement

Processor

2.33 GHz

2.33 GHz or greater

RAM

4 GB

8 GB

Free disk space

1 GB

2 GB

SQL Server Processor, RAM, and Disk Space Requirements

The following table lists the server processor, RAM, and disk space requirements for the SQL Server computer when you are using the Configuration Manager Integration topology.

Hardware Component Minimum Requirement Recommended Requirement

Processor

2.33 GHz

2.33 GHz or greater

RAM

4 GB

8 GB

Free disk space

5 GB

5 GB or greater

Required permissions to install the MBAM Server

To install MBAM with Configuration Manager, you must have an administrative user in Configuration Manager who has a security role with the minimum permissions listed in the following table. The table also shows the rights that you must have, beyond basic computer administrator rights, to install the MBAM Server.

Permissions MBAM Server Feature

SQL instance Login Server Roles: - dbcreator- processadmin

- Recovery Database- Audit Database

SQL Server Reporting Services instance rights: - Create Folders- Publish Reports

- System Center Configuration Manager Integration

System Center 2012 Configuration Manager

Permissions Configuration Manager Server Feature

Configuration Manager site rights:- Read

System Center Configuration Manager integration

Configuration Manager collection rights: - Create- Delete- Read- Modify- Deploy Configuration Items

System Center Configuration Manager integration

Configuration Manager configuration item rights: - Create- Delete- Read

System Center Configuration Manager integration

Configuration Manager 2007

Permissions Configuration Manager Server Feature

Configuration Manager site rights:- Read

System Center Configuration Manager integration

Configuration Manager collection rights: - Create- Delete- Read- ReadResource

System Center Configuration Manager integration

Configuration Manager configuration item rights: - Create- Delete- Read- Distribute

System Center Configuration Manager integration

Order of Deployment of MBAM Features for the Configuration Manager Topology

When deploying MBAM on the Configuration Manager Server, you must complete the deployment tasks in the following order:

  1. Edit the configuration.mof file on the Configuration Manager Server.

  2. Create or edit the sms_def.mof file Configuration Manager Server.

  3. Install MBAM on the Configuration Manager Server.

  4. Install the Recovery Database and the Audit Database on the Database server.

  5. Install the MBAM features on the Administration and Monitoring Server.

Planning Checklist for Installing MBAM with Configuration Manager

This checklist outlines the recommended steps and a high-level list of items to consider when planning for a Microsoft BitLocker Administration and Monitoring deployment with Configuration Manager. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.

Task References Notes
Checklist box

Review the getting started information, which describes how Configuration Manager works with MBAM and shows the recommended high-level architecture.

Getting Started - Using MBAM with Configuration Manager

Checklist box

Review the planning information, which describes the deployment prerequisites, supported configurations, required permissions, and deployment order for each feature.

Planning to Deploy MBAM with Configuration Manager

Checklist box

Plan for and configure MBAM Group Policy requirements.

Planning for MBAM 2.0 Group Policy Requirements

Checklist box

Plan for and create necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements.

Planning for MBAM 2.0 Administrator Roles

Checklist box

Plan for deploying MBAM Client deployment.

Planning for MBAM 2.0 Client Deployment

Using MBAM with Configuration Manager