System Requirements

Your environment must meet the following requirements to successfully install and deploy SOTI MobiControl. Unless noted, these are the minimum requirements for a deployment of less than 1000 devices. Above 1000 devices, it is highly recommended that you consider upgrading the components for better performance.

For SOTI products that are past their End of Life (EOL), SOTI does not market, sell, deploy, or provide updates to those versions. See End of Life (EOL) to understand product upgrade needs.

Note: The deployment server and the management server support load balancing. However, the SOTI MobiControl console is not kept in global cache, therefore it is important to use sticky sessions.

Tip: If you do not want to run SOTI MobiControl server components using a Local System account, you can create a Service Account with the appropriate permissions.

General Requirements

The listed components must meet the minimum required levels to run SOTI MobiControl.


Component	Required Level
Operating System	Windows Server 2016 Windows Server 2019
Storage	The application uses approximately 300 MB of storage space
Browsers	Google Chrome Mozilla Firefox Microsoft Edge
Other	.NET Framework 4.8 and .NET Core 3.1 runtime libraries installed with all critical updates MSXML 6.0 - Required on the deployment server to activate SOTI MobiControl Oracle Java 8 (64 bit) You can use OpenJDK 11.0.2 as an alternative. For installation, follow the instructions: Installing OpenJDK for Use With SOTI MobiControl. Optional, depending on your requirements: If managing Android or Apple devices: DNS (accessible externally) If managing Apple devices: APNS certificate (with password and APNS topic string) Note: APNS requires one of the following TLS cipher suites to be enabled on the deployment server: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 If the SOTI MobiControl console is configured to use directory service integrated security: LDAPS DNS name
Ports and IP Addresses	See the default Network Ports and IP addresses that SOTI MobiControl uses to communicate.

Recommended Settings

The listed components should meet the recommended levels to run SOTI MobiControl.


Component	Recommended Level
Memory (RAM)	10 to 500 devices: 4 GB+ 500 to 1000 devices: 6 GB+ 1000+ devices: 8 GB+
Processor Speed	10 to 1000 devices: 2 GHz dual core or faster 1000+ devices: 3 GHz quad core or faster These are the minimum requirements. If there is constant data collection and configurations, SOTI recommends upgrading to higher clock speeds.

Database Requirements

The SOTI MobiControl installer comes bundled with Microsoft SQL Server 2016 Express Edition, a lightweight version of SQL Server 2016. It is typically adequate for deployments of 10-1000 devices. For deployments of more than 1000 devices, consider using Microsoft SQL Server 2016 or later as more robust versions have numerous scalability and performance improvements.

You can install the database and deployment server on the same host server. However, for deployments of more than 500 devices, it is recommended to use a standalone database.

Note: Ensure the TCP/IP network protocol is enabled in your SQL Server network configuration.

Database Permissions

When installing SOTI MobiControl, you must be either a SysAdmin or a DbCreator with additional ALTER ANY LOGIN permissions. When upgrading SOTI MobiControl, you must also have ALTER DATABASE permissions.

When performing regular operations for SOTI MobiControl Main and Archive databases, the user must have the following permissions:

Db_datareader
Db_datawriter
Permission for execution of all procedures

The listed components must meet the minimum required levels to install the database.


Component	Required Level
Software	Microsoft SQL Server 2016 (Service Pack 2, Cumulative Update 12) Microsoft SQL Server 2017 (Cumulative Update 8 and above)
Operating System	Windows Server 2012 R2 Windows Server 2016 Windows Server 2019

Database Recommendations

The listed components should meet the recommended levels to install the database.


Component	Recommended Level
Memory (RAM)	4 GB or more
Processor Speed	2 GHz Dual Core or faster
Storage	Approximately 350 MB for installation 10 to 500 devices: 2 GB for database growth 500 to 1000 devices: 4 GB for database growth 1000+ devices: at least 5 GB for database growth Note: The database size is dependent on the amount of historical log information that you set SOTI MobiControl to retain, as well as the frequency with which package deployment is used.

Network Ports

SOTI MobiControl uses the following ports to communicate between components.

Tip: For an interactive guide to SOTI MobiControl network connections, see the SOTI MobiControl network configuration diagram.

Deployment Server Connections


Component Name	Protocol	TCP Port(s)	Direction
SOTI MobiControl Deployment Server Note: For deployments with multiple deployment servers, for caching purposes.	Binary	5495	Inbound
SOTI MobiControl Management Server	Binary	5494/5495	Inbound
Amazon App Store	HTTPS	443	Outbound
Apple Push Notification Service (APNS)	HTTPS	443	Outbound
Apple ADE	HTTPS	443	Outbound
Apple Store Licenses	HTTPS	443	Outbound
Certification Authority - DCOM Note: Must be on the same domain.	Binary	Dynamic	Outbound to the CA
Certification Authority - HTTP	HTTPS	443	Outbound
Google Play	HTTPS	443	Outbound
iTunes	HTTPS	443	Outbound
LDAP	LDAP/S	389/636	Outbound
Microsoft SQL Server (SOTI MobiControl Database)	Binary	1433	Outbound from the management server and deployment server to the database
SOTI Cloud Link Agent	HTTPS	443	Inbound
SOTI MobiControl Device Agents	Binary/HTTPS	5494, 443	Outbound from the device agents to the deployment server
SOTI MobiControl Search	HTTPS	9200	Outbound to the MS
Native MDM	HTTPS	443	Inbound
SOTI Services	HTTP/S	80*/443	Outbound
Remote Control	Binary	5494	Inbound
Windows Notification Service (WNS)	HTTP/S	80, 443	Outbound

*The port 80/HTTP requirement is for the skins URL http://www.soti.net/skins/. Only remote control skins image files are stored on this endpoint.

Management Server Connections


Component Name	Protocol	TCP Port(s)	Direction
SOTI MobiControl Deployment Server	Binary	5494/5495	Outbound
Amazon App Store	HTTPS	443	Outbound
Apple Push Notification Service (APNS)	HTTPS	443	Outbound
Apple DEP	HTTPS	443	Outbound
Apple App Store License	HTTPS	443	Outbound
Certification Authority - DCOM Note: Must be on the same domain.	Binary	Dynamic	Outbound
Certification Authority - HTTP	HTTPS	443	Outbound
Enterprise Resource Gateway (ERG)	HTTPS	443	Outbound
Google Play	HTTPS	443	Outbound
iTunes	HTTPS	443	Outbound
LDAP	LDAP/S	389/636	Outbound
Microsoft SQL Server (SOTI MobiControl Database)	Binary	1433	Outbound
SOTI Cloud Link Agent	HTTPS	443	Outbound
SOTI Services	HTTP/S	80*/443	Outbound
SOTI MobiControl Search	HTTPS	9200	Outbound to SOTI MobiControl Search
SOTI MobiControl Search	HTTPS	9300	Inbound from and Outbound to SOTI MobiControl Search (for multi-MS setups)
SOTI MobiControl Console	HTTPS	443	Inbound
SOTI Assist Server	HTTPS	443	Inbound

*The port 80/HTTP requirement is for the skins URL http://www.soti.net/skins/. Only remote control skins image files are stored on this endpoint.

Miscellaneous Connections


Component A	Component B	Protocol	TCP Port(s)
Enterprise Resource Gateway (ERG)	Exchange	Binary	443
Enterprise Resource Gateway (ERG)	SharePoint/WebDAV	HTTPS/WebDAV	443
SOTI Cloud Link Agent	Certification Authority - DCOM Note: Must be on the same domain.	Binary	Dynamic
SOTI Cloud Link Agent	Certification Authority - HTTP	HTTPS	443
SOTI Assist Server	Microsoft SQL Server (SOTI Assist Database)	Binary	1433
SOTI Assist Server	SOTI Assist UI	HTTPS	443
SOTI Assist UI	Remote Control	HTTPS (web sockets)	443
SOTI Hub	Enterprise Resource Gateway (ERG)	HTTPS	443
SOTI Surf	Enterprise Resource Gateway (ERG)	HTTPS	443
SOTI MobiControl Console	Remote Control	HTTPS (web sockets)	443

SOTI Services

The SOTI Services include the Activation Service, the Agent Builder Service, the Enrollment Service and the Location Service. These services help to ensure that your SOTI MobiControl deployment is provided with:

the latest certified version of device agents
fast and easy enrollment of devices
updates for licenses

All SOTI services are accessed using HTTPS on port 443. It is important to ensure that the following fully qualified domain names and/or IP addresses are whitelisted with your firewall, allowing unrestricted communication between your SOTI MobiControl deployment and the SOTI data center.


Service Name	Service URL
Activation Service	activate2.soti.net
Agent Builder Service	activate2.soti.net
Enrollment Service	mc-enroll.soti.net
Location Service	mobicontrolservices.soti.net
Skins Service	www.soti.net/skins

Note: To download or update Android device agents, the SOTI MobiControl management service requires access to the following URL endpoints activate2.soti.net and agentdservice.s3.amazonaws.com.

The SOTI Services are load-balanced across the following IP addresses:


IP Addresses
13.248.157.19
54.208.149.103
54.208.194.169
54.209.62.205
54.209.186.178
54.209.186.251
54.209.207.237
75.2.25.8
76.223.23.230
99.83.149.241