none
MBAM setup

    Question

  • Hi I am looking at setting up MBAM and have read the documentation but still have a few questions.  Approx client numbers 3000.  I want to be able to access the recovery keys and get compliance reports.

    1) Can I setup the MBAM databases on an existing SQL server which already hosts databases ?

    2) Can I setup the different databases on the MBAM server (I have read this should only be done for testing) and if so what is the best way to ensure that if the server is lost, we can get the recovery keys ?

    3) If I set up the MBAM server and host the databases on a sql server and the MBAM server goes down, then what is the best way to recover keys ? (Would I just run a SQL query until the MBAM server was rebuilt) ?

    4) Is there any use in having an MBAM server without setting up the databases and having AD store the recovery keys ?

    Thanks

    Sunday, July 21, 2013 8:47 PM

Answers

  • 1) Can I setup the MBAM databases on an existing SQL server which already hosts databases ?

     Yes you can install MBAM DB features on an existing SQL. The installation of the MBAM DB features creates two separate databases "MBAM Recovery and Hardware" and "MBAM Compliance Status" which is dedicated to MBAM only. Make sure the Reporting Service is configured on the SQL box.

    2) Can I setup the different databases on the MBAM server (I have read this should only be done for testing) and if so what is the best way to ensure that if the server is lost, we can get the recovery keys ?

     Although MBAM is not supported on cluster, but with some modifications MBAM can be installed on a clustered SQL. So if in case one node will be down, data will be accessible from the other node of SQL.
    NOTE:- Microsoft does not recommend to install MBAM on clustered SQL. If you are installing it, you have to cover up all of the risks by your own. You will not be able to apply the updates released by Microsoft in future.

    3) If I set up the MBAM server and host the databases on a sql server and the MBAM server goes down, then what is the best way to recover keys ? (Would I just run a SQL query until the MBAM server was rebuilt) ?

    If you are using the MBAM 2.0, you can access the recovery keys from the Self-Service Portal.

    4) Is there any use in having an MBAM server without setting up the databases and having AD store the recovery keys ?

    MBAM DBs not only stores the recovery keys and TPM ownership information which you can retrieve from the AD. But it also store the information related to the Compliance Reporting. MBAM will be of no use if there is no database part. You will not be able to install the "Administration and monitoring" and "Self-Service Server" features of MBAM if the MBAM DB features will not be installed. As a pre-requisite it demands for the MBAM DBs.


    Gaurav Ranjan

    • Marked as answer by OhhAhh Wednesday, July 24, 2013 8:58 PM
    Tuesday, July 23, 2013 7:15 AM

All replies

  • 1) Can I setup the MBAM databases on an existing SQL server which already hosts databases ?

     Yes you can install MBAM DB features on an existing SQL. The installation of the MBAM DB features creates two separate databases "MBAM Recovery and Hardware" and "MBAM Compliance Status" which is dedicated to MBAM only. Make sure the Reporting Service is configured on the SQL box.

    2) Can I setup the different databases on the MBAM server (I have read this should only be done for testing) and if so what is the best way to ensure that if the server is lost, we can get the recovery keys ?

     Although MBAM is not supported on cluster, but with some modifications MBAM can be installed on a clustered SQL. So if in case one node will be down, data will be accessible from the other node of SQL.
    NOTE:- Microsoft does not recommend to install MBAM on clustered SQL. If you are installing it, you have to cover up all of the risks by your own. You will not be able to apply the updates released by Microsoft in future.

    3) If I set up the MBAM server and host the databases on a sql server and the MBAM server goes down, then what is the best way to recover keys ? (Would I just run a SQL query until the MBAM server was rebuilt) ?

    If you are using the MBAM 2.0, you can access the recovery keys from the Self-Service Portal.

    4) Is there any use in having an MBAM server without setting up the databases and having AD store the recovery keys ?

    MBAM DBs not only stores the recovery keys and TPM ownership information which you can retrieve from the AD. But it also store the information related to the Compliance Reporting. MBAM will be of no use if there is no database part. You will not be able to install the "Administration and monitoring" and "Self-Service Server" features of MBAM if the MBAM DB features will not be installed. As a pre-requisite it demands for the MBAM DBs.


    Gaurav Ranjan

    • Marked as answer by OhhAhh Wednesday, July 24, 2013 8:58 PM
    Tuesday, July 23, 2013 7:15 AM
  • Thanks

    This was very useful info.

    Wednesday, July 24, 2013 8:58 PM