Planning to Deploy MBAM with Configuration Manager
To deploy MBAM with the Configuration Manager topology, a three-server architecture, which supports 200,000 clients, is recommended. Use a separate server to run Configuration Manager, and install the basic Administration and Monitoring features on two servers, as shown in the architecture image in Getting Started - Using MBAM with Configuration Manager.
Important Windows To Go is not supported when you install the integrated topology of MBAM with Configuration Manager 2007.
Deployment Prerequisites for Installing MBAM with Configuration Manager
Ensure that you have met the following prerequisites before you install MBAM with Configuration Manager:
| Prerequisite | Additional Information |
|---|---|
Ensure that the Configuration Manager Server is a primary site in the Configuration Manager system. |
N/A |
Enable the Hardware Inventory Client Agent on the Configuration Manager Server. |
For System Center 2012 Configuration Manager, see How to Configure Hardware Inventory in Configuration Manager. |
Enable the Desired Configuration Management (DCM) agent or the compliance settings, depending on the version of Configuration Manager that you are using. |
For System Center 2012 Configuration Manager, see Configuring Compliance Settings in Configuration Manager. |
Define a reporting services point in Configuration Manager. Required for SQL Reporting Services. |
For System Center 2012 Configuration Manager, see Prerequisites for Reporting in Configuration Manager. |
Configuration Manager Supported Versions
MBAM supports the following versions of Configuration Manager:
| Supported version | Service pack | System architecture |
|---|---|---|
Microsoft System Center Configuration Manager 2007 R2 |
SP1 or later |
64-bit
Note
Although Configuration Manager 2007 is 32 bit, you must install it and SQL Server on a 64-bit operating system in order to match the 64-bit MBAM software. |
Microsoft System Center 2012 Configuration Manager |
SP1 |
64-bit |
For a list of supported configurations for the Configuration Manager Server, see the appropriate webpage for the version of Configuration Manager that you are using. MBAM has no additional system requirements for the Configuration Manager Server.
MBAM and SQL Server System Requirements
The supported configurations and system requirements for the MBAM servers and SQL Server for the Configuration Manager topology are the same as those for the Stand-alone topology. For the Stand-alone system requirements, see MBAM 2.0 Supported Configurations. For the MBAM Server and SQL Server processor, RAM, and disk space requirements for the Configuration Manager topology, see the following sections.
MBAM Server Processor, RAM, and Disk Space Requirements for MBAM
The following table lists the server processor, RAM, and disk space requirements for MBAM servers when you are using the Configuration Manager Integration topology.
| Hardware Component | Minimum Requirement | Recommended Requirement |
|---|---|---|
Processor |
2.33 GHz |
2.33 GHz or greater |
RAM |
4 GB |
8 GB |
Free disk space |
1 GB |
2 GB |
SQL Server Processor, RAM, and Disk Space Requirements
The following table lists the server processor, RAM, and disk space requirements for the SQL Server computer when you are using the Configuration Manager Integration topology.
| Hardware Component | Minimum Requirement | Recommended Requirement |
|---|---|---|
Processor |
2.33 GHz |
2.33 GHz or greater |
RAM |
4 GB |
8 GB |
Free disk space |
5 GB |
5 GB or greater |
Required permissions to install the MBAM Server
To install MBAM with Configuration Manager, you must have an administrative user in Configuration Manager who has a security role with the minimum permissions listed in the following table. The table also shows the rights that you must have, beyond basic computer administrator rights, to install the MBAM Server.
| Permissions | MBAM Server Feature |
|---|---|
SQL instance Login Server Roles: - dbcreator- processadmin |
- Recovery Database- Audit Database |
SQL Server Reporting Services instance rights: - Create Folders- Publish Reports |
- System Center Configuration Manager Integration |
System Center 2012 Configuration Manager
| Permissions | Configuration Manager Server Feature |
|---|---|
Configuration Manager site rights:- Read |
System Center Configuration Manager integration |
Configuration Manager collection rights: - Create- Delete- Read- Modify- Deploy Configuration Items |
System Center Configuration Manager integration |
Configuration Manager configuration item rights: - Create- Delete- Read |
System Center Configuration Manager integration |
Configuration Manager 2007
| Permissions | Configuration Manager Server Feature |
|---|---|
Configuration Manager site rights:- Read |
System Center Configuration Manager integration |
Configuration Manager collection rights: - Create- Delete- Read- ReadResource |
System Center Configuration Manager integration |
Configuration Manager configuration item rights: - Create- Delete- Read- Distribute |
System Center Configuration Manager integration |
Order of Deployment of MBAM Features for the Configuration Manager Topology
When deploying MBAM on the Configuration Manager Server, you must complete the deployment tasks in the following order:
Edit the configuration.mof file on the Configuration Manager Server.
Create or edit the sms_def.mof file Configuration Manager Server.
Install MBAM on the Configuration Manager Server.
Install the Recovery Database and the Audit Database on the Database server.
Install the MBAM features on the Administration and Monitoring Server.
Planning Checklist for Installing MBAM with Configuration Manager
This checklist outlines the recommended steps and a high-level list of items to consider when planning for a Microsoft BitLocker Administration and Monitoring deployment with Configuration Manager. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
| Task | References | Notes | |
|---|---|---|---|
 |
Review the getting started information, which describes how Configuration Manager works with MBAM and shows the recommended high-level architecture. |
||
|
Review the planning information, which describes the deployment prerequisites, supported configurations, required permissions, and deployment order for each feature. |
Planning to Deploy MBAM with Configuration Manager |
|
|
Plan for and configure MBAM Group Policy requirements. |
||
|
Plan for and create necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements. |
||
|
Plan for deploying MBAM Client deployment. |