System Requirements

Your environment must meet the following requirements to successfully install and deploy SOTI MobiControl. Unless noted, these are the minimum requirements for a deployment of less than 1000 devices. Above 1000 devices, it is highly recommended that you consider upgrading the components for better performance.

For SOTI products that are past their End of Life (EOL), SOTI does not market, sell, deploy, or provide updates to those versions. See End of Life (EOL) to understand product upgrade needs.

Note: The deployment server and the management server support load balancing. However, the SOTI MobiControl console is not kept in global cache, therefore it is important to use sticky sessions.
Tip: If you do not want to run SOTI MobiControl server components using a Local System account, you can create a Service Account with the appropriate permissions.

General Requirements

Component Required Level
Operating System
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
    Note: TLS 1.3 is not supported with Windows Server 2022 and should be disabled.
Storage The application uses approximately 300 MB of storage space
Browsers
  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge
Other

Optional, depending on your requirements:

  • If managing Android or Apple devices: DNS (accessible externally)
  • If managing Apple devices: APNS certificate (with password and APNS topic string)
    Note: APNS requires one of the following TLS cipher suites to be enabled on the deployment server:
    • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • If the SOTI MobiControl console is configured to use directory service integrated security: LDAPS DNS name
Ports and IP Addresses See the default Network Ports and IP addresses that SOTI MobiControl uses to communicate.

Recommended Settings

The listed components should meet the recommended levels to run SOTI MobiControl.

Component Recommended Level
Memory (RAM)
  • 10 to 500 devices: 4 GB+
  • 500 to 1000 devices: 6 GB+
  • 1000+ devices: 8 GB+
Processor Speed
  • 10 to 1000 devices: 2 GHz dual core or faster
  • 1000+ devices: 3 GHz quad core or faster

These are the minimum requirements. If there is constant data collection and configurations, SOTI recommends upgrading to higher clock speeds.

Database Requirements

The SOTI MobiControl installer comes bundled with Microsoft SQL Server 2016 Express Edition, a lightweight version of SQL Server 2016. It is typically adequate for deployments of 10-1000 devices. For deployments of more than 1000 devices, consider using Microsoft SQL Server 2019 as it has many scalability and performance improvements.

You can install the database and deployment server on the same host server. However, for deployments of more than 500 devices, it is recommended to use a standalone database.

Component Required Level
Software
  • Microsoft SQL Server 2016 (Service Pack 2, Cumulative Update 12)
  • Microsoft SQL Server 2017 (Cumulative Update 8 and above)
  • Microsoft SQL Server 2019 (Cumulative Update 12 and above)
Operating System
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022

SOTI MobiControl requires SQL servers use a database collation that is case insensitive and accent sensitive. For example, SQL_Latin1_General_CP1_CI_AS is a collation that meets these criteria.

Note: Ensure the TCP/IP network protocol is enabled in your SQL Server network configuration.

Database Permissions

When installing SOTI MobiControl, you must be either a SysAdmin or a DbCreator with additional ALTER ANY LOGIN permissions. When upgrading SOTI MobiControl, you must also have ALTER DATABASE permissions.

When performing regular operations for SOTI MobiControl Main and Archive databases, the user must have the following permissions:

  • Db_datareader
  • Db_datawriter
  • Permission for execution of all procedures

Database Recommendations

The listed components should meet the recommended levels to install the database.

Component Recommended Level
Memory (RAM) 4 GB or more
Processor Speed 2 GHz Dual Core or faster
Storage Approximately 350 MB for installation
  • 10 to 500 devices: 2 GB for database growth
  • 500 to 1000 devices: 4 GB for database growth
  • 1000+ devices: at least 5 GB for database growth
Note: The database size is dependent on the amount of historical log information that you set SOTI MobiControl to retain, as well as the frequency with which package deployment is used.

Network Ports

SOTI MobiControl uses the following ports to communicate between components.

Tip: For an interactive guide to SOTI MobiControl network connections, see the SOTI MobiControl network configuration diagram.
Tip: For the list of hosts and ports required by SOTI MobiControl to ensure fully functional Android Enterprise devices, see Android Enterprise Network Requirements for SOTI MobiControl.

Deployment Server Connections

Component Name Protocol TCP Port(s) Direction
SOTI MobiControl Deployment Server
Note: For deployments with multiple Deployment servers, for caching purposes.
Binary 5495 Inbound
SOTI MobiControl Management Server Binary 5494/5495 Inbound
Amazon App Store HTTPS 443 Outbound
Apple Push Notification Service (APNS) HTTPS 443 Outbound
Apple ADE HTTPS 443 Outbound
Apple Store Licenses HTTPS 443 Outbound
Certification Authority - DCOM
Note: Must be on the same domain.
Binary Dynamic Outbound to the CA
Certification Authority - HTTP HTTPS 443 Outbound
Google Play HTTPS 443 Outbound
iTunes HTTPS 443 Outbound
LDAP LDAP/S 389/636 Outbound
Microsoft SQL Server (SOTI MobiControl Database) Binary 1433 Outbound from the management server and deployment server to the database
SOTI Cloud Link HTTPS 443 Inbound
SOTI MobiControl Device Agents Binary/HTTPS 5494, 443 Outbound from the device agents to the deployment server

SOTI MobiControl Device Agents (additional ports for legacy Windows Mobile/CE devices)

Binary/HTTPS 5497/444 Outbound from the device agents to the deployment server
SOTI MobiControl Search HTTPS 9200 Outbound to the MS
Native MDM HTTPS 443 Inbound
SOTI Services HTTP/S 443 Outbound
Remote Control Binary 5494 Inbound
Windows Notification Service (WNS) HTTP/S 80, 443 Outbound
SOTI MobiControl Signal Service HTTPS 13131 Outbound to the server hosting Signal Service. Inbound if this server is hosting Signal Service

Management Server Connections

Table 1. SOTI Products
Component Name Protocol TCP Port(s) Direction
SOTI MobiControl Deployment Server Binary 5494/5495 Outbound
SOTI Cloud Link HTTPS 443 Outbound
SOTI Identity HTTPS 443

Outbound and Inbound

See Connecting On-Premises SOTI MobiControl with SOTI Identity in the SOTI Identity help for more information.

SOTI Services HTTP/S 443 Outbound
SOTI Services Skins HTTP/S 80*, 443 Outbound
SOTI MobiControl Search HTTPS 9200 Outbound to SOTI MobiControl Search
SOTI MobiControl Search HTTPS 9300 Inbound from and Outbound to SOTI MobiControl Search (for multi-MS setups)
SOTI MobiControl Console HTTPS 443 Inbound
SOTI XSight Server HTTPS 443 Inbound
SOTI MobiControl Signal Service HTTPS 13131 Outbound to the server hosting Signal Service. Inbound if this server is hosting Signal Service

*The port 80/HTTP requirement is for the skins URL http://www.soti.net/skins/. This endpoint stores only image files related to device skins.

Table 2. Third-Party Services
Component Name Protocol TCP Port(s) Direction
Amazon App Store HTTPS 443 Outbound
Apple Push Notification Service (APNS)† HTTPS 443 Outbound
Apple DEP HTTPS 443 Outbound
Apple App Store License HTTPS 443 Outbound
Bing Maps* HTTPS 443 Outbound
Certification Authority - DCOM Binary Dynamic Outbound
Note: Must be on the same domain.
Certification Authority - HTTP HTTPS 443 Outbound
Enterprise Resource Gateway (ERG) HTTPS 443 Outbound
Google Play‡ HTTPS 443 Outbound
iTunes HTTPS 443 Outbound
LDAP LDAP/S 389/636 Outbound
Microsoft SQL Server (SOTI MobiControl Database) Binary 1433 Outbound

*Enable Ports TCP/443 Outbound for:

  • bing.com
  • platform.bing.com
  • *.virtualearch.net
† For Apple APNS:
  • Enable ports TCP/2195, TCP/2196 Inbound/Outbound from 17.0.0.0/8
    • gateway.push.apple.com
  • Enable ports TCP/443 Outbound for:
    • phobos.apple.com
    • vpp.itunes.apple.com
    • init.itunes.apple.com
‡ Google Play Store:
  • The Google Play Store requires access to SOTI Services IP Addresses.

Miscellaneous Connections

Component A Component B Protocol TCP Port(s)
Enterprise Resource Gateway (ERG) Exchange Binary 443
Enterprise Resource Gateway (ERG) SharePoint/WebDAV HTTPS/WebDAV 443
SOTI Cloud Link Certification Authority - DCOM
Note: Must be on the same domain.
Binary Dynamic
SOTI Cloud Link Certification Authority - HTTP HTTPS 443
SOTI XSight Server Microsoft SQL Server (SOTI XSight Database) Binary 1433
SOTI XSight Server SOTI XSight UI HTTPS 443
SOTI XSight UI Remote Control HTTPS (web sockets) 443
SOTI Hub Enterprise Resource Gateway (ERG) HTTPS 443
SOTI Surf Enterprise Resource Gateway (ERG) HTTPS 443
SOTI MobiControl Console Remote Control HTTPS (web sockets) 443

SOTI Services

SOTI Services includes Activation, Agent Builder, Enrollment, Location, Google Play, Microsoft 365 Integration, Messaging, Antivirus Definitions and SOTI Surf services. These services ensure that your SOTI MobiControl deployment has:
  • the latest certified version of device agents
  • fast and easy enrollment of devices
  • updates for licenses
  • enhanced feature integration with third-party services

Access SOTI services using HTTPS on port 443 and, for skins, a separate endpoint for device skin related images files on HTTP Port 80. Be sure to whitelist the following fully qualified domain names and/or IP addresses with your firewall, allowing unrestricted communication between your SOTI MobiControl deployment and SOTI Services.

Note: To download or update Android device agents, the SOTI MobiControl management service requires access to the following URL endpoints: activate2.soti.net and agentdservice.s3.amazonaws.com.
Service Name Endpoint
Activation Service activate2.soti.net / services.soti.net
Agent Builder Service activate2.soti.net
BitDefender Antivirus mobicontrolservices.soti.net
Enrollment mcenroll.soti.net / mc-enroll.soti.net / activate2.soti.net
Google Play Services activate2.soti.net
Location Services activate2.soti.net / services.soti.net
Microsoft 365 Services mobicontrolservices.soti.net
Messaging activate2.soti.net
Notifications notificationservice.soti.net
Skins Service skinsapi.soti.net / www.soti.net
SOTI Surf mobicontrolservices.soti.net

Services are load-balanced across the following IP addresses. It is strongly advised to whitelist all IP addresses in case of a failover event as to not prevent communication:

ID Based Enrollment:

54.209.186.178

54.208.149.103

Primary Communications:

76.223.23.230

13.248.157.19

Skins Endpoint:

99.83.149.241

75.2.25.8

Failover:

Note: The following IP addresses will not respond unless there is a failover event.

54.208.194.169

54.209.62.205

54.209.186.251

54.209.207.237

Note: For agentdservice.s3.amazonaws.com endpoint, you’ll need to whitelist Amazon’s S3 Service. A list of their IP addresses is here (https://ip-ranges.amazonaws.com/ip-ranges.json) using the filter of service: S3 and Region: us-east-1.

Supported Devices

SOTI MobiControl supports a wide range of products, including Android, Apple, Linux, Windows, and wireless printer devices. For simplicity, SOTI MobiControl groups related device types under Platform tabs. Refer to the table below for a full list of supported operating systems and their associated platforms.

Note: Some devices require the installation of a SOTI MobiControl device agent for management purposes. The device agent uses approximately 10 MB of device storage.
This platform tab Manages these device types
Android Plus Devices running
  • Android Classic - Devices running Android 4.2 to 12
  • Android Enterprise - Devices running Android 5 to 13
Apple Devices running
  • iOS 8.0 or later including iPhone, iPad and iPod Touch devices
  • macOS 10.12 or later
Linux Devices with x86 (32 bit), x64 (64 bit), or ARM (32 bit and 64 bit) processors or Zebra FX7500/FX9600 (RFID readers)
Printers Zebra wireless printers
Windows Desktop Classic Desktop devices running Windows
Windows Mobile/CE Devices running:
  • Windows CE .NET 4.2 or later
  • Windows Mobile 5.0 or later
  • Windows Pocket PC 2002 or 2003
Windows Modern Devices running Windows 10 or later or Windows Phone 8 and later
  • Includes HoloLens devices

Supported TLS Versions

Secure communication depends on the Transport Layer Security (TLS) version supported by both the SOTI MobiControl deployment server and the device platform.

Note: Unless necessitated by the limitations of older mobile devices, use of pre-1.2 TLS versions is not recommended.
The SOTI MobiControl deployment server supports the following TLS 1.2 cipher suites:
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

The TLS version supported by each device platform is provided in the following table.

Device Platform TLS Versions
Windows CE TLS 1.0/1.1/1.2
Android 4.2 TLS 1.0
Android 4.3 – 9.0 TLS 1.0/1.1/1.2
Android 10–12 TLS 1.0/1.1/1.2/1.3
iOS 5 – 12 TLS 1.0/1.1/1.2
Windows Phone 8.0 TLS 1.0
Windows Phone 8.1 TLS 1.0/1.1/1.2
Windows 10 Mobile 1511 – 1709 TLS 1.0/1.1/1.2

Certified Device Support

SOTI provides technical and development support for devices that have been tested and certified. Device certification ensures compatibility with all applicable SOTI ONE products and features.

Note: Uncertified devices receive best-effort support because SOTI cannot give assurance that they will function as intended.

Below is an overview of the certification process:

  1. A SOTI partner submits a request for device certification, including the make and model number.
  2. SOTI evaluates the certification request based on set criteria, then works with the partner to ensure all business and technical requirements are met to move forward.
  3. SOTI applies more than 400 rigorous tests to the device.
  4. SOTI fully certifies the device if it meets the standards of performance and functionality for the SOTI ONE Platform. The device may alternatively earn a passing status with known limitations.

If the device certification fails, SOTI will work with the device manufacturer to best resolve the issues.

Upon device certification, the customer receives the following support:
  • Technical support for troubleshooting SOTI-related device features across all SOTI products.

  • Best development efforts with SOTI and its partnership network.

  • Ongoing device application support to ensure SOTI features are updated with periodic SOTI agent and plugin releases.

  • Device-specific feature requests are considered for implementation in supporting the customer's operational needs.

Please click https://docs.soti.net/mobicontrolagentdownloads to see a list of available certified Android devices and SOTI Agent APKs.

If you do not find the device you are looking for, please contact your SOTI Account Manager or contact us at https://soti.net/about/contact-us/.