Microsoft BitLocker Administration and Monitoring (MBAM) Part 2 – Requirements

Welcome to part two of my multi-part blog regarding MBAM. Today I’ll discuss hardware and software requirements.

I’m going to start with the software requirements. If you can run the correct OS and SQL versions on your physical and/or virtual machines then you can run MBAM.

The minimum operating system for the servers is Windows Server 2008 SP2 (x86 and 64-bit) or higher. At the time of this blog Windows Server 2008 R2 64-bit is higher and currently supported. Keep in mind the other piece of software you need is Microsoft SQL Server 2008 R2 Enterprise, Datacenter, or Developer edition. Notice how I didn’t say Microsoft SQL Server 2008 R2 Standard. This is because the compliance/audit reports server and the recovery/hardware database servers needs Enterprise, Datacenter, or Developer. There is one database that will run on SQL 2008 R2 Standard and that’s the compliance status database server. Most organizations will combine the database servers so I recommend just using Microsoft SQL Server 2008 R2 Enterprise, Datacenter, or Developer. As for the clients they need to be Microsoft Windows 7 Enterprise or Ultimate with a Trusted Platform Module (TPM) v1.2 chip turned on and resettable from the OS.

The hardware requirements for MBAM are pretty low if you ask me. I mean it really doesn’t use much processing power, memory, or even disk space. According to the MBAM scalability and high-availability guide ( http://bit.ly/Ms9Ovy ) a single server(not supported in production but can be used for testing) that has two dual core XEON 2.4 GHz chips and 12GB of RAM will support an upper limit of about 21,000 clients. A two-computer installation or at times called a three-computer installation is supported by Microsoft in production (IIS on one box, SQL on another, and of course the DC is separate). Using the same configuration for the IIS server but upgrading the RAM to 16GB on the SQL server MBAM will support an upper limit client load of about 55,000 clients. If you want more than that look at the MBAM scalability and high-availability guide for more information.

As for the IO of the databases the MBAM scalability and high-availability guide says using the default timers the key and hardware database will be the component under the most strain. At around 100,000 clients that database sustains about 150 transactions a second. The compliance status database sustains about 10% of the key and hardware database but every six hours there is an update from the compliance status database to the reports database that produces a short spike of about 200 transactions a second. As for the size of the databases an environment with 10,000 clients would use about 250 MB so that should make your DBAs happy.

Since the server components are supported by Microsoft in a virtual environment it’s completely reasonable to have your entire MBAM environment on VMs. In fact Microsoft decided to virtualize their MBAM environment ( http://bit.ly/LA7Gop ).

The next part of this blog will be planning the server environment. Be on the lookout for that soon.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s