System Requirements
Your environment must meet the following requirements to successfully install and deploy SOTI MobiControl. Unless noted, these are the minimum requirements for a deployment of less than 1000 devices. Above 1000 devices, it is highly recommended that you consider upgrading the components for better performance.
For SOTI products that are past their End of Life (EOL), SOTI does not market, sell, deploy, or provide updates to those versions. See End of Life (EOL) to understand product upgrade needs.
General Requirements
Component | Required Level |
---|---|
Operating System |
|
Storage | The application uses approximately 300 MB of storage space |
Browsers |
|
Other |
Optional, depending on your requirements:
|
Ports and IP Addresses | See the default Network Ports and IP addresses that SOTI MobiControl uses to communicate. |
Recommended Settings
The listed components should meet the recommended levels to run SOTI MobiControl.
Component | Recommended Level |
---|---|
Memory (RAM) |
|
Processor Speed |
These are the minimum requirements. If there is constant data collection and configurations, SOTI recommends upgrading to higher clock speeds. |
Database Requirements
The SOTI MobiControl installer comes bundled with Microsoft SQL Server 2016 Express Edition, a lightweight version of SQL Server 2016. It is typically adequate for deployments of 10-1000 devices. For deployments of more than 1000 devices, consider using Microsoft SQL Server 2019 as it has many scalability and performance improvements.
You can install the database and deployment server on the same host server. However, for deployments of more than 500 devices, it is recommended to use a standalone database.
Component | Required Level |
---|---|
Software |
|
Operating System |
|
SOTI MobiControl requires SQL servers use a database collation that is case insensitive and accent sensitive. For example, SQL_Latin1_General_CP1_CI_AS is a collation that meets these criteria.
Database Permissions
When installing SOTI MobiControl, you must be either a SysAdmin or a DbCreator with additional ALTER ANY LOGIN permissions. When upgrading SOTI MobiControl, you must also have ALTER DATABASE permissions.
When performing regular operations for SOTI MobiControl Main and Archive databases, the user must have the following permissions:
- Db_datareader
- Db_datawriter
- Permission for execution of all procedures
Database Recommendations
The listed components should meet the recommended levels to install the database.
Component | Recommended Level |
---|---|
Memory (RAM) | 4 GB or more |
Processor Speed | 2 GHz Dual Core or faster |
Storage | Approximately 350 MB for installation
Note: The database size is dependent on the amount of historical log
information that you set SOTI MobiControl to
retain, as well as the frequency with which package deployment
is used.
|
Network Ports
SOTI MobiControl uses the following ports to communicate between components.
Deployment Server Connections
Component Name | Protocol | TCP Port(s) | Direction |
---|---|---|---|
SOTI MobiControl Deployment Server
Note: For deployments with multiple Deployment servers, for caching purposes.
|
Binary | 5495 | Inbound |
SOTI MobiControl Management Server | Binary | 5494/5495 | Inbound |
Amazon App Store | HTTPS | 443 | Outbound |
Apple Push Notification Service (APNS) | HTTPS | 443 | Outbound |
Apple ADE | HTTPS | 443 | Outbound |
Apple Store Licenses | HTTPS | 443 | Outbound |
Certification Authority - DCOM
Note: Must be on the same domain.
|
Binary | Dynamic | Outbound to the CA |
Certification Authority - HTTP | HTTPS | 443 | Outbound |
Google Play | HTTPS | 443 | Outbound |
iTunes | HTTPS | 443 | Outbound |
LDAP | LDAP/S | 389/636 | Outbound |
Microsoft SQL Server (SOTI MobiControl Database) | Binary | 1433 | Outbound from the management server and deployment server to the database |
SOTI Cloud Link | HTTPS | 443 | Inbound |
SOTI MobiControl Device Agents | Binary/HTTPS | 5494, 443 | Outbound from the device agents to the deployment server |
SOTI MobiControl Device Agents (additional ports for legacy Windows Mobile/CE devices) Note: These ports are required only when Using SHA-1 and SHA-2 Certificates on the Same Deployment Server
|
Binary/HTTPS | 5497/444 | Outbound from the device agents to the deployment server |
SOTI MobiControl Search | HTTPS | 9200 | Outbound to the MS |
Native MDM | HTTPS | 443 | Inbound |
SOTI Services | HTTP/S | 443 | Outbound |
Remote Control | Binary | 5494 | Inbound |
Windows Notification Service (WNS) | HTTP/S | 80, 443 | Outbound |
SOTI MobiControl Signal Service | HTTPS | 13131 | Outbound to the server hosting Signal Service. Inbound if this server is hosting Signal Service |
Management Server Connections
Component Name | Protocol | TCP Port(s) | Direction |
---|---|---|---|
SOTI MobiControl Deployment Server | Binary | 5494/5495 | Outbound |
SOTI Cloud Link | HTTPS | 443 | Outbound |
SOTI Identity | HTTPS | 443 |
Outbound and Inbound See Connecting On-Premises SOTI MobiControl with SOTI Identity in the SOTI Identity help for more information. |
SOTI Services | HTTP/S | 443 | Outbound |
SOTI Services Skins | HTTP/S | 80*, 443 | Outbound |
SOTI MobiControl Search | HTTPS | 9200 | Outbound to SOTI MobiControl Search |
SOTI MobiControl Search | HTTPS | 9300 | Inbound from and Outbound to SOTI MobiControl Search (for multi-MS setups) |
SOTI MobiControl Console | HTTPS | 443 | Inbound |
SOTI XSight Server | HTTPS | 443 | Inbound |
SOTI MobiControl Signal Service | HTTPS | 13131 | Outbound to the server hosting Signal Service. Inbound if this server is hosting Signal Service |
*The port 80/HTTP requirement is for the skins URL http://www.soti.net/skins/. This endpoint stores only image files related to device skins.
Component Name | Protocol | TCP Port(s) | Direction |
---|---|---|---|
Amazon App Store | HTTPS | 443 | Outbound |
Apple Push Notification Service (APNS)† | HTTPS | 443 | Outbound |
Apple DEP | HTTPS | 443 | Outbound |
Apple App Store License | HTTPS | 443 | Outbound |
Bing Maps* | HTTPS | 443 | Outbound |
Certification Authority - DCOM | Binary | Dynamic | Outbound Note: Must be on the same domain. |
Certification Authority - HTTP | HTTPS | 443 | Outbound |
Enterprise Resource Gateway (ERG) | HTTPS | 443 | Outbound |
Google Play‡ | HTTPS | 443 | Outbound |
iTunes | HTTPS | 443 | Outbound |
LDAP | LDAP/S | 389/636 | Outbound |
Microsoft SQL Server (SOTI MobiControl Database) | Binary | 1433 | Outbound |
*Enable Ports TCP/443 Outbound for:
- bing.com
- platform.bing.com
- *.virtualearch.net
- Enable ports TCP/2195, TCP/2196 Inbound/Outbound from 17.0.0.0/8
- gateway.push.apple.com
- Enable ports TCP/443 Outbound for:
- phobos.apple.com
- vpp.itunes.apple.com
- init.itunes.apple.com
-
The Google Play Store requires access to SOTI Services IP Addresses.
Miscellaneous Connections
Component A | Component B | Protocol | TCP Port(s) |
---|---|---|---|
Enterprise Resource Gateway (ERG) | Exchange | Binary | 443 |
Enterprise Resource Gateway (ERG) | SharePoint/WebDAV | HTTPS/WebDAV | 443 |
SOTI Cloud Link | Certification Authority - DCOM
Note: Must be on the same domain.
|
Binary | Dynamic |
SOTI Cloud Link | Certification Authority - HTTP | HTTPS | 443 |
SOTI XSight Server | Microsoft SQL Server (SOTI XSight Database) | Binary | 1433 |
SOTI XSight Server | SOTI XSight UI | HTTPS | 443 |
SOTI XSight UI | Remote Control | HTTPS (web sockets) | 443 |
SOTI Hub | Enterprise Resource Gateway (ERG) | HTTPS | 443 |
SOTI Surf | Enterprise Resource Gateway (ERG) | HTTPS | 443 |
SOTI MobiControl Console | Remote Control | HTTPS (web sockets) | 443 |
SOTI Services
- the latest certified version of device agents
- fast and easy enrollment of devices
- updates for licenses
- enhanced feature integration with third-party services
Access SOTI services using HTTPS on port 443 and, for skins, a separate endpoint for device skin related images files on HTTP Port 80. Be sure to whitelist the following fully qualified domain names and/or IP addresses with your firewall, allowing unrestricted communication between your SOTI MobiControl deployment and SOTI Services.
Service Name | Endpoint |
---|---|
Activation Service | activate2.soti.net / services.soti.net |
Agent Builder Service | activate2.soti.net |
BitDefender Antivirus | mobicontrolservices.soti.net |
Enrollment | mcenroll.soti.net / mc-enroll.soti.net / activate2.soti.net |
Google Play Services | activate2.soti.net |
Location Services | activate2.soti.net / services.soti.net |
Microsoft 365 Services | mobicontrolservices.soti.net |
Messaging | activate2.soti.net |
Notifications | notificationservice.soti.net |
Skins Service | skinsapi.soti.net / www.soti.net |
SOTI Surf | mobicontrolservices.soti.net |
Services are load-balanced across the following IP addresses. It is strongly advised to whitelist all IP addresses in case of a failover event as to not prevent communication:
ID Based Enrollment: |
54.209.186.178 54.208.149.103 |
Primary Communications: |
76.223.23.230 13.248.157.19 |
Skins Endpoint: |
99.83.149.241 75.2.25.8 |
Failover: |
Note: The following IP addresses will not respond unless
there is a failover event.
|
54.208.194.169 54.209.62.205 54.209.186.251 54.209.207.237 |
Supported Devices
SOTI MobiControl supports a wide range of products, including Android, Apple, Linux, Windows, and wireless printer devices. For simplicity, SOTI MobiControl groups related device types under Platform tabs. Refer to the table below for a full list of supported operating systems and their associated platforms.
This platform tab | Manages these device types |
---|---|
Android Plus | Devices running
|
Apple | Devices running
|
Linux | Devices with x86 (32 bit), x64 (64 bit), or ARM (32 bit and 64 bit) processors or Zebra FX7500/FX9600 (RFID readers) |
Printers | Zebra wireless printers |
Windows Desktop Classic | Desktop devices running Windows |
Windows Mobile/CE | Devices running:
|
Windows Modern | Devices running Windows 10 or later or Windows Phone 8 and later
|
Supported TLS Versions
Secure communication depends on the Transport Layer Security (TLS) version supported by both the SOTI MobiControl deployment server and the device platform.
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
The TLS version supported by each device platform is provided in the following table.
Device Platform | TLS Versions |
---|---|
Windows CE | TLS 1.0/1.1/1.2 |
Android 4.2 | TLS 1.0 |
Android 4.3 – 9.0 | TLS 1.0/1.1/1.2 |
Android 10–12 | TLS 1.0/1.1/1.2/1.3 |
iOS 5 – 12 | TLS 1.0/1.1/1.2 |
Windows Phone 8.0 | TLS 1.0 |
Windows Phone 8.1 | TLS 1.0/1.1/1.2 |
Windows 10 Mobile 1511 – 1709 | TLS 1.0/1.1/1.2 |
Certified Device Support
SOTI provides technical and development support for devices that have been tested and certified. Device certification ensures compatibility with all applicable SOTI ONE products and features.
Below is an overview of the certification process:
- A SOTI partner submits a request for device certification, including the make and model number.
- SOTI evaluates the certification request based on set criteria, then works with the partner to ensure all business and technical requirements are met to move forward.
- SOTI applies more than 400 rigorous tests to the device.
- SOTI fully certifies the device if it meets the standards of performance and functionality for the SOTI ONE Platform. The device may alternatively earn a passing status with known limitations.
If the device certification fails, SOTI will work with the device manufacturer to best resolve the issues.
-
Technical support for troubleshooting SOTI-related device features across all SOTI products.
-
Best development efforts with SOTI and its partnership network.
-
Ongoing device application support to ensure SOTI features are updated with periodic SOTI agent and plugin releases.
-
Device-specific feature requests are considered for implementation in supporting the customer's operational needs.
Please click https://docs.soti.net/mobicontrolagentdownloads to see a list of available certified Android devices and SOTI Agent APKs.
If you do not find the device you are looking for, please contact your SOTI Account Manager or contact us at https://soti.net/about/contact-us/.