System Requirements

Your environment must meet the following requirements to successfully install and deploy SOTI MobiControl.Unless noted, these are the minimum requirements for a deployment of less than 1000 devices. Above 1000 devices, it is highly recommended that you consider upgrading the components for better performance.

Note: Both the deployment server and the management server support load balancing. However, the SOTI MobiControl console is not kept in global cache, therefore it is important to use sticky sessions.
Tip: If you do not want to run SOTI MobiControl server components using a Local System account, you can create a Service Account with the appropriate permissions.

General Requirements

The listed components must meet the minimum required levels to run SOTI MobiControl.

Component Required Level
Operating System
  • Windows Server 2016
  • Windows Server 2019
Storage The application uses approximately 300 MB of storage space
Browsers
  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge
Other
  • .NET Framework 4.8 and .NET Core 3.1 runtime libraries installed with all critical updates
  • MSXML 6.0 - Required on the deployment server to activate SOTI MobiControl
  • Oracle Java 8 (64 bit)

Optional, depending on your requirements:

  • If managing Android or Apple devices: DNS (accessible externally)
  • If managing Apple devices: APNS certificate (with password and APNS topic string)
    Note: APNS requires one of the following TLS cipher suites to be enabled on the deployment server:
    • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • If the SOTI MobiControl console is configured to use directory service integrated security: LDAPS DNS name
Ports and IP Addresses See the default Network Ports and IP addresses that SOTI MobiControl uses to communicate.

Recommended Settings

The listed components should meet the recommended levels to run SOTI MobiControl.

Component Recommended Level
Memory (RAM)
  • 10 to 500 devices: 4 GB+
  • 500 to 1000 devices: 6 GB+
  • 1000+ devices: 8 GB+
Processor Speed
  • 10 to 1000 devices: 2 GHz dual core or faster
  • 1000+ devices: 3 GHz quad core or faster

These are the minimum requirements. If there is constant data collection and configurations, SOTI recommends upgrading to higher clock speeds.

Database Requirements

The SOTI MobiControl installer comes bundled with Microsoft SQL Server 2016 Express Edition, a lightweight version of SQL Server 2016. It is typically adequate for deployments of 10-1000 devices. For deployments of more than 1000 devices, consider using Microsoft SQL Server 2016 or later as more robust versions have numerous scalability and performance improvements.

You can install the database and deployment server on the same host server. However, for deployments of more than 500 devices, it is recommended that you use a standalone database.

Note: Ensure the TCP/IP network protocol is enabled in your SQL Server network configuration.

Database Permissions

When installing SOTI MobiControl, you must be either a SysAdmin or a DbCreator with additional ALTER ANY LOGIN permissions. When upgrading SOTI MobiControl, you must also have ALTER DATABASE permissions.

When performing regular operations for SOTI MobiControl Main and Archive databases, the user must have the following permissions:

  • Db_datareader
  • Db_datawriter
  • Permission for execution of all procedures

The listed components must meet the minimum required levels to install the database.

Component Required Level
Software
  • Microsoft SQL Server 2016 (Service Pack 2, Cumulative Update 12)
  • Microsoft SQL Server 2017 (Cumulative Update 8 and above)
Operating System
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Database Recommendations

The listed components should meet the recommended levels to install the database.

Component Recommended Level
Memory (RAM) 4 GB or more
Processor Speed 2 GHz Dual Core or faster
Storage Approximately 350 MB for installation
  • 10 to 500 devices: 2 GB for database growth
  • 500 to 1000 devices: 4 GB for database growth
  • 1000+ devices: at least 5 GB for database growth
Note: The size of the database is dependent on the amount of historical log information that you set SOTI MobiControl to retain, as well as the frequency with which package deployment is used.

Network Ports

SOTI MobiControl uses the following ports to communicate between components.

Tip: For an interactive guide to SOTI MobiControl network connections, see the SOTI MobiControl network configuration diagram.

Deployment Server Connections

Component Name Protocol TCP Port(s) Direction
SOTI MobiControl Deployment Server
Note: For deployments with multiple deployment servers, for caching purposes.
Binary 5495 Inbound
SOTI MobiControl Management Server Binary 5494/5495 Inbound
Amazon App Store HTTPS 443 Outbound
Apple Push Notification Service (APNS) HTTPS 443 Outbound
Apple ADE HTTPS 443 Outbound
Apple Store Licenses HTTPS 443 Outbound
Certification Authority - DCOM
Note: Must be on the same domain.
Binary Dynamic Outbound to the CA
Certification Authority - HTTP HTTPS 443 Outbound
Google Play HTTPS 443 Outbound
iTunes HTTPS 443 Outbound
LDAP LDAP/S 389/636 Outbound
Microsoft SQL Server (SOTI MobiControl Database) Binary 1433 Outbound from the management server and deployment server to the database
SOTI Cloud Link Agent HTTPS 443 Inbound
SOTI MobiControl Device Agents Binary/HTTPS 5494, 443 Outbound from the device agents to the deployment server
SOTI MobiControl Search HTTPS 9200 Outbound to the MS
Native MDM HTTPS 443 Inbound
SOTI Services HTTP/S 80*/443 Outbound
Remote Control Binary 5494 Inbound
Windows Notification Service (WNS) HTTP/S 80, 443 Outbound
*The port 80/HTTP requirement is for the skins URL http://www.soti.net/skins/. Only remote control skins image files are stored on this endpoint.

Management Server Connections

Component Name Protocol TCP Port(s) Direction
SOTI MobiControl Deployment Server Binary 5494/5495 Outbound
Amazon App Store HTTPS 443 Outbound
Apple Push Notification Service (APNS) HTTPS 443 Outbound
Apple DEP HTTPS 443 Outbound
Apple App Store License HTTPS 443 Outbound
Certification Authority - DCOM
Note: Must be on the same domain.
Binary Dynamic Outbound
Certification Authority - HTTP HTTPS 443 Outbound
Enterprise Resource Gateway (ERG) HTTPS 443 Outbound
Google Play HTTPS 443 Outbound
iTunes HTTPS 443 Outbound
LDAP LDAP/S 389/636 Outbound
Microsoft SQL Server (SOTI MobiControl Database) Binary 1433 Outbound
SOTI Cloud Link Agent HTTPS 443 Outbound
SOTI Services HTTP/S 80*/443 Outbound
SOTI MobiControl Search HTTPS 9200 Outbound to SOTI MobiControl Search
SOTI MobiControl Search HTTPS 9300 Inbound from and Outbound to SOTI MobiControl Search (for multi-MS setups)
SOTI MobiControl Console HTTPS 443 Inbound
SOTI Assist Server HTTPS 443 Inbound
*The port 80/HTTP requirement is for the skins URL http://www.soti.net/skins/. Only remote control skins image files are stored on this endpoint.

Miscellaneous Connections

Component A Component B Protocol TCP Port(s)
Enterprise Resource Gateway (ERG) Exchange Binary 443
Enterprise Resource Gateway (ERG) SharePoint/WebDAV HTTPS/WebDAV 443
SOTI Cloud Link Agent Certification Authority - DCOM
Note: Must be on the same domain.
Binary Dynamic
SOTI Cloud Link Agent Certification Authority - HTTP HTTPS 443
SOTI Assist Server Microsoft SQL Server (SOTI Assist Database) Binary 1433
SOTI Assist Server SOTI Assist UI HTTPS 443
SOTI Assist UI Remote Control HTTPS (web sockets) 443
SOTI Hub Enterprise Resource Gateway (ERG) HTTPS 443
SOTI Surf Enterprise Resource Gateway (ERG) HTTPS 443
SOTI MobiControl Console Remote Control HTTPS (web sockets) 443

SOTI Services

The SOTI Services include the Activation Service, the Agent Builder Service, the Enrollment Service and the Location Service. These services help to ensure that your SOTI MobiControl deployment is provided with:
  • the latest certified version of device agents
  • fast and easy enrollment of devices
  • updates for licenses

All SOTI services are accessed using HTTPS on port 443. It is important to ensure that the following fully qualified domain names and/or IP addresses are whitelisted with your firewall, allowing unrestricted communication between your SOTI MobiControl deployment and the SOTI data center.

Service Name Service URL
Activation Service activate2.soti.net
Agent Builder Service activate2.soti.net
Enrollment Service mc-enroll.soti.net
Location Service mobicontrolservices.soti.net
Skins Service www.soti.net/skins
Note: To download or update Android device agents, the SOTI MobiControl management service requires access to the following URL endpoints activate2.soti.net and agentdservice.s3.amazonaws.com.

The SOTI Services are load-balanced across the following IP addresses:

IP Addresses
13.248.157.19
54.208.149.103
54.208.194.169
54.209.62.205
54.209.186.178
54.209.186.251
54.209.207.237
75.2.25.8
76.223.23.230
99.83.149.241