Message Level Encryption (MLE) allows your Clients to encrypt upstream data using a combination of an RSA public/private key-pair and an AES session key1.

When MLE is enabled, the BigFix Root server (or a decrypting Relay) needs to use the corresponding RSA private key to decrypt the AES session key, which is then used to decrypt the Client report1.

This decryption process consumes CPU resources on the BigFix Root server, and the amount of CPU usage depends on the number of encrypted reports received and the key length used1.

Therefore, the BigFix Root server requires additional CPU resources appropriate to the number of managed endpoints to process the encrypted reports1.

The other options are incorrect because:

A is not relevant to the question, as it assumes that there are top-level Relays in the deployment. The question states that there are no top-level Relays, so all Relays are downstream from the BigFix Root server. Moreover, the RAM requirement for Relays is not affected by MLE, as Relays do not perform any encryption or decryption by default1.

C is not necessary, as adding an additional NIC to the BigFix Root server does not affect the CPU load caused by the encrypted reports. The network bandwidth requirement for MLE is not significantly higher than for clear-text reports, as the encryption adds only a small overhead to the report size1.

D is not a valid setting for the BigFix Root server, as it only applies to Relays that are configured to decrypt and repackage encrypted reports before relaying them to theBigFix Root server2. This setting controls the maximum number of concurrent decryption threads on a Relay, and does not affect the BigFix Root server2. References:

1: Message Level Encryption (MLE) Overview

2: [Enabling encryption on Relays]