A: The Microsoft BitLocker Administation and Monitoring (MBAM) solution has four separate server roles plus the Group Policy configurations. The server roles are
- Recovery and Hardware Database
- Compliance Status Database
- Compliance and Audit Reports
- Administration and Monitoring Server
Recommendations for how these roles are architected depend on the size of the organization. However, in most production environments, a three or five configuration should be used, as documented at Microsoft’s online help website. Although it’s supported to run all roles on a single server, this is generally recommended only in testing environments.