System Requirements
The following sections details the minimum system requirements for installing up to 1000 devices on SOTI MobiControl. For deployments of more than 1000 devices, consider upgrading the server components for better performance.
For SOTI products that are past End of Life (EOL), SOTI does not market, sell, deploy, or offer updates to those versions. See SOTI MobiControl Product Lifecycle for more details.
General Requirements
Component | Required Level |
---|---|
Operating System |
|
Storage | The application requires about 300 MB of storage space. |
Browsers |
|
Other |
Tip: The manual install of prerequisites is no longer
required as the SOTI MobiControl installer has
them embedded.
[Optional], depending on your requirements:
|
Ports and IP Addresses | See the default Network Ports and IP addresses that SOTI MobiControl uses to communicate. |
SOTI ONE Platform Integration
The following SOTI ONE platform products are compatible with SOTI MobiControl version 2024.0.
Component | Recommended Level |
---|---|
SOTI XSight | Version 4.3 and later |
SOTI Snap | Version 2024.0 and later |
SOTI Connect | For network inventory, version 2.5.1 and later |
SOTI Identity | Version 2024.1 and later |
Recommended Settings
Device Scale | Number of Management Servers | Management Server Specification | Number of Deployment Servers | Deployment Server Specifications | Number of SQL Servers | SQL Specification |
---|---|---|---|---|---|---|
1 - 1000 | 1 | 2vCPU - 8GB RAM (All -in one: MS, DS, and SQL installed) | 0 | Included in Management Server | 0 | Included in Management Server |
1000 - 10,000 | 1 | 4vCPU - 16GB RAM (All-in-one: MS, DS, and SQL installed) | 0 | Included in Management Server | 0 | Included in Management Server |
10,000 - 20,000 | 1 | 4vCPU - 16GB RAM | 1 | 4vCPU - 16 GB RAM | 1 | 4vCPU - 32GB RAMSSD Drives |
20,000 - 50,000 | 1 | 8vCPU - 32GB RAM | 2 | 4vCPU - 16 GB RAM | 1 | 4vCPU - 32GB RAMSSD Drives |
50,000 - 100,000 | 1 | 8vCPU - 32GB RAM | 4 | 4vCPU - 16GB RAM | 1 | 8vCPU - 64GB RAM |
Database Requirements
The SOTI MobiControl installer comes bundled with the Microsoft SQL Server Express Edition. It is typically adequate for deployments of 10 to 1000 devices. For deployments of more than 1000 devices, consider using Microsoft SQL Server Standard edition, as it has many scalability and performance improvements.
You can install the database and deployment server on the same host server. However, SOTI recommends using a standalone database to deploy more than 500 devices.
Component | Required Level |
---|---|
Software |
|
Operating System |
|
SOTI MobiControl requires SQL servers to use a database collation
that is case-insensitive and accent-sensitive. For example,
SQL_Latin1_General_CP1_CI_AS
is a collation that meets these
criteria.
Database Permissions
When installing SOTI MobiControl, you must be a SysAdmin or a DbCreator with additional ALTER ANY LOGIN permissions. When upgrading SOTI MobiControl, you must also have ALTER DATABASE permissions.
When performing regular operations for SOTI MobiControl Main and Archive databases, the user must have the following permissions:
Db_datareader
Db_datawriter
- Permission for execution of all procedures
Database Recommendations
The listed components must meet the recommended levels to install the database.
Component | Recommended Level |
---|---|
Storage |
Note: The database size depends on the amount
of historical log information that you set SOTI MobiControl to retain, and the frequency of
package deployment.
|
Network Ports
SOTI MobiControl uses the following ports to communicate between components.
Deployment Server Connections
Component Name | Protocol | TCP Port(s) | Direction |
---|---|---|---|
SOTI MobiControl Deployment Server Note: This is for configurations
with more than one Deployment server. Used for caching
purposes.
|
Binary | 5495 | Inbound |
SOTI MobiControl Management Server | Binary | 5494/5495 | Inbound |
Amazon App Store | HTTPS | 443 | Outbound |
Apple Push Notification Service (APNS) | HTTPS | 443 | Outbound |
Apple Automated Device Enrollment (ADE) | HTTPS | 443 | Outbound |
Apple Store Licenses | HTTPS | 443 | Outbound |
Certification Authority - DCOM Note: It must be on the same domain.
|
Binary | Dynamic | Outbound to the CA |
Certification Authority - HTTP | HTTPS | 443 | Outbound |
Google Play | HTTPS | 443 | Outbound |
iTunes | HTTPS | 443 | Outbound |
LDAP | LDAP/S | 389/636 | Outbound |
Microsoft SQL Server (SOTI MobiControl Database) | Binary | 1433 | Outbound from the management server and deployment server to the database |
SOTI Cloud Link | HTTPS | 443 | Inbound |
SOTI MobiControl Device Agents | Binary/HTTPS | 5494, 443 | Outbound from the device agent to the deployment server |
SOTI MobiControl Device Agents (additional ports for legacy Windows Mobile/CE devices) Note: Use these ports only when Using SHA-1 and SHA-2 Certificates on the Same Deployment Server
|
Binary/HTTPS | 5497/444 | Outbound from the device agent to the deployment server |
SOTI Search | HTTPS | 5500 | Outbound to the MS |
Native MDM | HTTPS | 443 | Inbound |
SOTI Services | HTTPS | 443 | Outbound |
Remote Control | Binary | 5494 | Inbound |
Windows Notification Service (WNS) | HTTP/HTTPS | 80, 443 | Outbound |
SOTI MobiControl Signal Service | HTTPS | 13131 | Outbound to the server hosting Signal Service. Inbound if this server is hosting Signal Service |
Management Server Connections
Component Name | Protocol | TCP Port(s) | Direction |
---|---|---|---|
SOTI MobiControl Deployment Server | Binary | 5494/5495 | Outbound |
SOTI Cloud Link | HTTPS | 443 | Outbound |
SOTI Identity | HTTPS | 443 |
Outbound and Inbound See Connecting On-Premises SOTI MobiControl with SOTI Identity in the SOTI Identity help for more information. |
SOTI Services | HTTPS | 443 | Outbound |
SOTI Services Skins | HTTPS | 443 | Outbound |
SOTI Search | Binary | 5500 | Outbound to SOTI Search |
SOTI MobiControl Console | HTTPS | 443 | Inbound |
SOTI XSight Server | HTTPS | 443 | Inbound |
SOTI MobiControl Signal Service | HTTPS | 13131 | Outbound to the server hosting Signal Service. Inbound if this server is hosting Signal Service |
Microsoft SQL Server (SOTI MobiControl Database) | Binary | 1433 | Outbound from the management server and deployment server to the database |
Component Name | Protocol | TCP Port(s) | Direction |
---|---|---|---|
Amazon App Store | HTTPS | 443 | Outbound |
Apple Push Notification Service (APNS)† | HTTPS | 443 | Outbound |
Apple Device Enrollment Program (DEP) | HTTPS | 443 | Outbound |
Apple App Store License | HTTPS | 443 | Outbound |
Bing Maps* | HTTPS | 443 | Outbound |
Certification Authority - DCOM | Binary | Dynamic | Outbound Note: It must be on the same domain. |
Certification Authority - HTTP | HTTPS | 443 | Outbound |
Enterprise Resource Gateway (ERG) | HTTPS | 443 | Outbound |
Google Play‡ | HTTPS | 443 | Outbound |
iTunes | HTTPS | 443 | Outbound |
LDAP | LDAP/S | 389/636 | Outbound |
Microsoft SQL Server (SOTI MobiControl Database) | Binary | 1433 | Outbound |
*Enable Ports TCP/443 Outbound for:
- bing.com
- platform.bing.com
- *.virtualearth.net
† For Apple APNS:
To use Apple Push Notification Service (APNS), your devices need a persistent connection to Apple's servers over Ethernet, cellular data (if capable), or Wi-Fi.
If you use a firewall or private Access Point Name for cellular data, your Apple devices must be able to connect to specific ports on specific hosts:
- Enable TCP port 5223 to communicate with APNS.
- Enable TCP port 443 or 2197 to send notifications to APNS.
The APNS servers use load balancing, so your devices do not always connect to the same public IP address for notifications. It is best to let your device access these ports on the entire 17.0.0.0/8 address block, which is reserved for Apple. If you can not allow access to the whole 17.0.0.0/8 address block, open access via the same ports to these network ranges on IPv4 or IPv6:
IPv4
- 17.249.0.0/16
- 17.252.0.0/16
- 17.57.144.0/22
- 17.188.128.0/18
- 17.188.20.0/23
IPv6
-
2620:149:a44::/48
-
2403:300:a42::/48
-
2403:300:a51::/48
-
2a01:b740:a42::/48
-
The Google Play Store requires access to SOTI Services IP Addresses.
Miscellaneous Connections
Component A | Component B | Protocol | TCP Port(s) |
---|---|---|---|
Enterprise Resource Gateway (ERG) | Exchange | Binary | 443 |
Enterprise Resource Gateway (ERG) | SharePoint/WebDAV | HTTPS/WebDAV | 443 |
SOTI Cloud Link | Certification Authority - DCOM Note: It must be on the same domain.
|
Binary | Dynamic |
SOTI Cloud Link | Certification Authority - HTTP | HTTPS | 443 |
SOTI XSight Server | Microsoft SQL Server (SOTI XSight Database) | Binary | 1433 |
SOTI XSight Server | SOTI XSight UI | HTTPS | 443 |
SOTI XSight UI | Remote Control | HTTPS (web sockets) | 443 |
SOTI Hub | Enterprise Resource Gateway (ERG) | HTTPS | 443 |
SOTI Surf | Enterprise Resource Gateway (ERG) | HTTPS | 443 |
SOTI MobiControl Console | Remote Control | HTTPS (web sockets) | 443 |
SOTI Search | Other SOTI Search Servers (Only for Multi SOTI Search Servers) | Binary | 5500 (Inbound and Outbound) |
SOTI Services
- the latest certified version of device agents
- fast and easy enrollment of devices
- updates for licenses
- enhanced feature integration with third-party services
Access both SOTI Services and SOTI Services Skins (for device skin-related image files) using HTTPS on port 443. Be sure to whitelist the following fully qualified domain names and/ or IP addresses with your firewall, allowing unrestricted communication between your SOTI MobiControl deployment and SOTI Services.
Service Name | Endpoint |
---|---|
Activation Service | activate2.soti.net / services.soti.net |
Agent Builder Service | activate2.soti.net |
BitDefender Antivirus | mobicontrolservices.soti.net |
Enrollment | mcenroll.soti.net / mc-enroll.soti.net / activate2.soti.net / mobicontrolservices.soti.net |
Google Play Services | activate2.soti.net |
Location Services | activate2.soti.net / services.soti.net |
Microsoft 365 Services | mobicontrolservices.soti.net |
Messaging | activate2.soti.net |
Notifications | notificationservice.soti.net |
Skins Service | skinsapi.soti.net / www.soti.net |
SOTI Surf | mobicontrolservices.soti.net |
Send Debug Report Logs | sftp.soti.net (port 22) Important: You must also
whitelist https://services.soti.net/sftp/metadata.json |
SOTI Services are load-balanced across the following IP addresses. It is strongly advised to whitelist all IP addresses in case of a failover event so as not to prevent communication:
ID Based Enrollment: |
54.209.186.178 54.208.149.103 |
Primary Communications: |
76.223.23.230 13.248.157.19 |
Skins Endpoint: |
99.83.149.241 75.2.25.8 |
Failover: |
Attention: The following IP addresses do not respond unless there is a failover
event.
54.208.194.169 54.209.62.205 54.209.186.251 54.209.207.237 |
us-east-1.
.Supported Devices
SOTI MobiControl supports various products, including Android, Apple, Linux, and Windows.
The following table offers a complete list of supported operating systems and their associated platforms.
- Windows CE .NET 3.0
- Windows CE .NET 4.1
- Windows CE .NET 4.2
- Windows Pocket PC 2002
- Windows Pocket PC 2003
- Windows 2000
- Windows Mobile 2003
- Windows Server 2003
- Windows Server 2008
- Windows XP
- Windows Vista
Platform | Description |
---|---|
Android Plus | For SOTI MobiControl Device Agent 2024.0 and later, devices
running:
Note: If you use SOTI MobiControl Device Agent 15.4.6 (Android
Enterprise) or SOTI MobiControl Device Agent
15.4.5 (Classic) or earlier, then you can use the following:
Note: For more information
about Android Enterprise/Classic, see Android Enterprise and
Android Classic for
SOTI MobiControl Device Agent 2024.0.0
(October 19, 2023) in the Release Notes. You cannot enroll
devices for SOTI MobiControl Device Agent
15.4.0 or later versions for:
|
Apple | Devices running:
|
Linux | Devices with x86 (32-bit), x64 (64-bit), or ARM (32-bit and 64-bit) processors or Zebra FX7500/FX9600 (RFID readers) |
Windows Desktop Classic | Desktop devices running Windows |
Windows Mobile/CE | Devices running:
|
Windows Modern | Devices running:
|
Supported TLS Versions
Secure communication depends on the Transport Layer Security (TLS) version supported by the SOTI MobiControl deployment server and the device platform.
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
The following table lists the TLS version supported by each device platform.
Device Platform | TLS Versions |
---|---|
Windows CE | TLS 1.0/1.1/1.2 |
Android 4.2 | TLS 1.0 |
Android 4.3 to 9.0 | TLS 1.0/1.1/1.2 |
Android 10 to12 | TLS 1.0/1.1/1.2/1.3 |
iOS 5 to 12 | TLS 1.0/1.1/1.2 |
macOS 10.15.x to 13.x | TLS 1.0/1.1/1.2 |
Windows 10 Mobile 1511 to 1709 | TLS 1.0/1.1/1.2 |
Certified Device Support
SOTI provides technical and development support for devices that have been tested and certified. Device certification ensures compatibility with all applicable SOTI ONE products and features.
Below is an overview of the certification process:
- A SOTI partner submits a request for device certification, including the make and model number.
- SOTI evaluates the certification request based on set criteria, then works with the partner to ensure all business and technical requirements are met to move forward.
- SOTI applies more than 400 rigorous tests to the device.
- SOTI fully certifies the device if it meets the standards of performance and functionality for the SOTI ONE Platform. The device may alternatively earn a passing status with known limitations.
If the device certification fails, SOTI will work with the device manufacturer to best resolve the issues.
-
Technical support for troubleshooting SOTI-related device features across all SOTI products.
-
Best development efforts with SOTI and its partnership network.
-
Ongoing device application support to ensure SOTI features are updated with periodic SOTI agent and plugin releases.
-
Device-specific feature requests are considered for implementation in supporting the customer's operational needs.
Please click https://docs.soti.net/mobicontrolagentdownloads to see a list of available certified Android devices and SOTI Agent APKs.
If you do not find the device you are looking for, please contact your SOTI Account Manager or contact us at https://soti.net/about/contact-us/.