Sophos Mobile Control Installation prerequisites form

Similar documents
Sophos Mobile Control installation prerequisites form. Product version: 7

1 About this document System environment Communication between devices and push servers Technical support...

Sophos Mobile Control Installation guide

Sophos Mobile. server deployment guide. Product Version: 8.1

Sophos Mobile Control Technical guide

Sophos Mobile. server deployment guide. product version: 8.6

Sophos Mobile. server deployment guide. product version: 9

Sophos Mobile Control Super administrator guide. Product version: 3.5

Sophos Mobile Control User guide for Windows Mobile

Sophos Mobile Control startup guide. Product version: 7

Sophos Mobile in Central

Sophos Mobile super administrator guide. Product version: 7.1

Sophos Mobile. super administrator guide. Product Version: 8

Sophos Mobile Control SaaS startup guide. Product version: 6.1

Sophos Mobile in Central

Sophos Mobile. installation guide. Product Version: 8.5

Sophos Mobile as a Service

Sophos Mobile SaaS startup guide. Product version: 7.1

Sophos Mobile. startup guide. Product Version: 8.1

Sophos Mobile Control SaaS startup guide. Product version: 7

Sophos Mobile. super administrator guide. product version: 8.6

Sophos Mobile as a Service

Sophos Mobile. installation guide. Product Version: 8

Sophos Mobile. installation guide. product version: 9

Sophos Mobile. installation guide. product version: 8.6

Sophos Mobile. super administrator guide. product version: 9

Sophos Mobile. startup guide. Product Version: 8.5

Sophos Firewall Configuring SSL VPN for Remote Access

ISEC7 - B*Nator EMM Suite. Check Before Installation Guide

Setting up the Sophos Mobile Control External EAS Proxy

Pre-Installation ZENworks Mobile Management 2.7.x August 2013

Sophos Mobile user help. Product version: 7.1

Sophos Mobile Control Administrator guide. Product version: 5.1

Sophos Mobile. user help. product version: 8.6

Symantec Mobile Management 7.2 MR1 Release Notes


Vendor: Citrix. Exam Code: 1Y Exam Name: Designing, Deploying and Managing Citrix XenMobile Solutions. Version: Demo


1Y0-371 Q&As. Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions. Pass home 1Y0-371 Exam with 100% Guarantee

INSITES CONNECT ADMINISTRATION GUIDE. Version 1.4.3

QuickStart Guide for Managing Mobile Devices. Version

KACE GO Mobile App 5.0. Release Notes

Sophos Mobile in Central administrator help. Product version: 7.1


Product Guide. McAfee Enterprise Mobility Management (McAfee EMM ) 9.6

Sophos Endpoint Security and Control standalone startup guide

Configuration Guide. BlackBerry UEM. Version 12.9

Configuration Guide. BlackBerry UEM Cloud

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Sophos Mobile Control Network Access Control interface guide. Product version: 7

Parallels Mac Management for Microsoft SCCM. Deployment Guide and Pre-Install Checklist. v6.1

BlackBerry UEM Configuration Guide

Sophos Mobile in Central

Configuration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2

Sophos Mobile Control Network Access Control interface guide

KACE GO Mobile App 4.0. Release Notes

Checklist. Version 2.0 October 2015

Exam : ST Title : Symantec Mail Security 8300 Series (STS) Version : Demo

How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT

KACE GO Mobile App 3.1. Release Notes

Compliance Manager ZENworks Mobile Management 2.7.x August 2013

Sophos Endpoint Security and Control standalone startup guide

How to Configure Guest Access with the Ticketing System

Cisco ISE Ports Reference

ipad in Business Mobile Device Management

CUSTOMER SAP Afaria Overview

akkadian Global Directory 3.0 System Administration Guide

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Sophos Mobile. administrator help. product version: 9

Installation and Upgrade Guide

Getting Started Guide

QuickStart Guide for Mobile Device Management. Version 8.7

ZENworks 2017 Update 4 Troubleshooting Mobile Device Management

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

This guide provides information on...

Prophet 21 Middleware Installation Guide. version 12.16

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.72

Server Installation ZENworks Mobile Management 2.6.x January 2013

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Nubo on premise POC requirements for VMWare ESXi

Building a BYOD Program Using Jamf Pro. Technical Paper Jamf Pro or Later 2 February 2018

INSTALLATION AND SETUP VMware Workspace ONE

How to install DBXL in a load balanced

Sophos Mobile. Network Access Control interface guide. Product Version: 8.1

TRAINING GUIDE. Tablet: Cradle to Mobile Configuration and Setup

Sophos Mobile administrator help. Product version: 7.1

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.9

Administering Jive Mobile Apps

Sophos Central Self Service Portal help

Cisco ISE Ports Reference

Installation Guide - Linux. On-Premises

Sophos Virtual Appliance. setup guide

Compliance Manager ZENworks Mobile Management 3.0.x January 2015

Sophos Mobile. administrator help. product version: 9

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

PrinterOn Server Install Guide

Installation Guide. McAfee Enterprise Mobility Management 10.1


Transcription:

Sophos Mobile Control Installation prerequisites form Product version: 5.1 Document date: July 2015

Contents 1 About this document... 3 2 System environment... 3 3 Communication between devices and push servers... 11 4 Technical support... 12 5 Legal notices... 13.utimaco.com

Installation prerequisites form 1 About this document This document provides a check list for installation requirements for Sophos Mobile Control. All required information has to be provided to ensure that the Sophos Mobile Control server runs properly on your network configuration. Note: In this document, SMC is used as an abbreviation for Sophos Mobile Control. 2 System environment 2.1 Mobile devices Please specify which device type(s) you plan to use with Sophos Mobile Control. Apple iphone with ios 4 (or higher, Apple ID required) Apple ipad or ipod Touch with ios 4 (or higher, Apple ID required) Android 2.3 (or higher) Android 4.0 (or higher) Windows Phone 8 Windows Phone 8.1 2.2 Server SSL Certificate Please specify if you want to use an officially signed or a self-signed certificate for the Sophos Mobile Control web interface. Android software packages like the SMC MDM client can only be downloaded from https servers with an officially signed certificate. Use self-signed certificate (Android software installation not possible) Use existing official certificate signed by, for example, VeriSign or GoDaddy (Android software installation possible) Note: The certificate should be provided in a PKCS#12 file including all certificates in the certificate path. Note: For self-signed certificates and Windows Phone 8 or higher devices, the SSL certificate needs to be installed on the devices before devices can be managed. 3 3

Sophos Mobile Control 2.3 Operating system for SMC server Please specify which server operation system you want to use. Windows Server 2008 (64 bit) Windows Server 2008 R2 (64 bit) Windows Server 2012 (64 bit) Windows Server 2012 R2 (64 bit) 2.4 Other Please make sure that the following applies: No IIS installed and no other application using ports 80, 443. 2.5 Database Please specify which database management system you want to use. Shipped with SMC installer Microsoft SQL Server 2014 Express (64 bit) or Existing database Microsoft SQL Server 2008 (32 bit, 64 bit) Microsoft SQL Server 2008 R2 (64 bit) Microsoft SQL Server 2012 (64 bit) Microsoft SQL Server 2014 (64 bit) Microsoft SQL Server 2014 Express (64 bit) MySQL 5.6 4

Installation prerequisites form Microsoft SQL Server must have Windows authentication or SQL server authentication. If you use Microsoft SQL Server Express, please make sure that the management tools are also installed. Use existing database server Existing SQL account with sysadmin role (no AD credentials) Have access to SQL management tools (separate install for Express) TCP IP enabled SQL browser service is enabled (Useful only, if an external database is used.) Language for used SQL login is English 2.6 LDAP configuration If SMC is to be used with the Self Service Portal enabled, create an LDAP group containing all users who should get access to the Self Service Portal. You can use * to grant access to all authenticated users. LDAP group name 5 5

Sophos Mobile Control 2.7 Network details Please provide the information required for pre-configuring your Sophos Mobile Control server installation. External IP address of the SMC server Internal IP address of the SMC server (if different from external) DNS name of the SMC server (for example mobilecontrol.corporate.com) Please make sure that this can be resolved over the internet. IP address or hostname and port of the database server (for example 127.0.0.1:1433 for MS SQL Server or 127.0.0.1:3306 for MySQL) Use SSL to connect to MS SQL Server IP address or hostname of the corporate SMTP server User name and password for authentication with SMTP are known (if required). Optional EAS Proxy: URL of Exchange ActiveSync Server (for example exchange.corporate.com) Note: If your current exchange denies IOS, Windows Phone or Android devices, this will need to be modified for EAS to work.) Use SSL to connect to Exchange ActiveSync server Optional LDAP support: Corporate LDAP Server for personalized profiles (for example ldap.corporate.com:389) Use SSL to connect to LDAP server (for example ldap.coporate.com:636) User name and password for authentication with LDAP are known. 6

Installation prerequisites form Optional SCEP support: URL of Certification Authority with SCEP support for iphones (for example http://ca.corporate.com/certsrv/mscep/mscep.dll) 2.8 Firewall The following ports of the Sophos Mobile Control server have to be reachable from the internet. 2.8.1 Allow traffic from corporate LAN and the internet 80 HTTP Forwards to HTTPS-Port 443 HTTPS Access to web interface / synchronization data (in\out bound) 2.8.2 Allow traffic from SMC server to database host Note: If no local database installation is used. 1433 MS SQL Server Database access 3306 MySQL Server Database access 7 7

Sophos Mobile Control 2.8.3 Allow traffic from SMC server to SMTP host 25 465 587 SMTP or SMPTS or SMTP/TLS Send error reports by e-mail, roll-out of devices, distribution of passwords and notification of administrators in case of compliance violations and notification by email on expiry of APNS certificates. 2.8.4 Allow traffic from SMC server to Sophos Service Center The Sophos Service Center is used for ios and Windows Phone 8 push messages (MPNS) for the SMC apps, for example for compliance violation notifications. Knowledge Base Article #120875 explains in which cases which data is sent via Sophos servers. 443 TCP SSL secured connection to IP address 85.22.154.49 (services.sophosmc.com) 2.8.5 Optional: Allow traffic from SMC server to Exchange and LDAP 80 or 443 HTTP/S CA server with SCEP 389 or 636 LDAP/S LDAP connection (plain or SSL-protected) 2.8.6 Optional: Allow traffic from SMC server to SCEP server 80 or 443 HTTP/S CA server with SCEP 8

Installation prerequisites form 2.8.7 Optional: Allow traffic from SMC server to Apple Volume Purchasing Program (VPP) 443 HTTPS Apple VPP server IP address: 17.0.0.0/8 2.8.8 For ios devices: Allow traffic from SMC server to APNS ios devices receive notifications over the Apple Push Notification service (APNS). You need to create your own APNs certificate to use with Sophos Mobile Control for the connection to Apple: http://www.apple.com/iphone/business/integration/mdm/ 2195 TCP/SSL gateway.push.apple.com (IP addresses: 17.*.*.*) 2.8.9 For Android devices: Allow traffic from SMC server to GCM To trigger Android devices silently, Google offers Google Cloud Messaging (GCM). 443 HTTPS android.googleapis.com 2.8.10 For Windows Phone 8.1 devices: Allow traffic from SMC server to WNS To trigger Windows Phone 8.1 devices silently, Microsoft offers the Windows Push Notification Service (WNS). 443 HTTPS login.live.com and db3.notifywindows.com 9 9

Sophos Mobile Control 2.9 Prerequisites for external EAS Proxy Sophos Mobile Control offers a separate installer for configuring an external EAS Proxy (for example for load balancing). For the external EAS Proxy, several aspects have to be considered. Depending on usage scenario, the EAS Proxy cannot be addressed directly. With several customers (tenants) for example, a Reverse Proxy has to be used that directs the incoming traffic for each customer to a separate port (for example 8080, 8081 and so on). The EAS redirects the ActiveSync traffic to the configured Exchange Server. Before you configure an external EAS Proxy, fill out the following checklist: Which ports should the EAS Proxy use? Is a Reverse Proxy or something similar already available? Has redirection to the relevant ports been configured at the Reverse Proxy? External/internal IP/DNS name of the Reverse Proxy Where is the EAS Proxy to be installed (same machine as the SMC server or separate maschine)? IP address for the EAS Proxy (if installed on a separate machine) IP or DNS names of the Exchange Servers Is ActiveSync activated at the Exchange Server? Open Firewall from Reverse Proxy to EAS Proxy? Open Firewall from EAS Proxy to https port on SMC host? Open Firewall from EAS Proxy to http or https port on Exchange Servers? 10

Installation prerequisites form 3 Communication between devices and push servers 3.1.1 For ios devices: Allow traffic from device to Apple push server For communication between ios devices and the Apple Push server within a corporate WLAN, Port 5223 has to be open. 3.1.2 For Android devices: Allow traffic from device to Google Cloud Messaging Server For communication between the Android device and the Google Cloud Messaging Server, connectivity with GCM has to be allowed. The following ports need to be open: 5228, 5229 and 5230. GCM typically only uses 5228, but sometimes 5229 and 5230 are used. GCM does not provide specific IPs, but changes them frequently. 11 11

Sophos Mobile Control 4 Technical support You can find technical support for Sophos products in any of these ways: Visit the SophosTalk forum at http://community.sophos.com/ and search for other users who are experiencing the same problem. Visit the Sophos support knowledgebase at http://www.sophos.com/support/. Download the product documentation at http://www.sophos.com/support/docs/. Send an email to support@sophos.com including your Sophos software version number(s), operating system(s) and patch level(s), and the text of any error messages. 12

Installation prerequisites form 5 Legal notices Copyright 2011-2015 Sophos Ltd. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner. Sophos is a registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. 13 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback