« Back to myAirWatch

Remote Management Requirements

You must meet the listed requirements before using Remote Management v4.2.

General Requirements

For SaaS customers, the general requirements are the only requirements that must be met.

The Remote Management requires the following on the admin side.

Requirements Minimum
Supported Browsers Latest version of Google Chrome, Safari, Internet Explorer, or Edge.
AirWatch version

AirWatch v9.0.2+ with the AirWatch Rugged EMM Bundle.

Ensure that your version of AirWatch includes these features by contacting your account representative.

Active Directory Requirements

Remote Management requires specific Active Directory users and groups.

Requirement Description
AD Group

Create an Active Directory group.

Consider naming this group RMAdminGroup.

Portal Admin User

Create a user with the following settings.

  • First name: Portal.
  • Last name: Admin.
  • Full name: PortalAdmin.
  • User login name: PortalAdmin.
  • Create a password that the user cannot change and which does not expire.
  • Add this user to the RMAdminGroup.
T10 Interface User

The T10 Interface User is created by the installer.

Hardware Requirements

Hardware Minimum
Remote Management Server
CPUs 2.4 GHz Processors,
4 Logical Processors,
2 CPU 2 Core 2x2 or 4 Physical depending on machine type VM vs Physical.
Memory 16 GB
Hard Drive IOPS 15,000 SAS minimum
Hard Drive Space 100 GB for OS drive
Remote Management Database
Hard Drive Space

200 GB for databases
200 GB for backups and logs

Remote Device Maximum
Given a single server deployment with the above minimum specifications, the maximum number of concurrent remote device sessions is 250.

Software Requirements

Ensure that you meet the following on-premises installation requirements.

To ensure proper configuration of the roles and features, use the Remote Management installation PowerShell scripts. For more information, see Remote Management Server Installation PowerShell Scripts.

Requirements  
Remote Management Server
Operating System Microsoft Windows 2012 R2.
Software

Microsoft .NET Framework 4.6.2

Microsoft Report Viewer 2010 Redistributable Package.

All-in-one Server Roles
  • Active Directory Domain Services (AD DS).
  • Domain Name System (DNS).
  • Application Server.

  • Web Server IIS.

To ensure proper configuration of the roles and features, use the Remote Management installation PowerShell scripts. For more information, see Remote Management Server Installation PowerShell Scripts.

Features
  • .NET Framework 3.5 Features.
    • .NET Framework 3.5 (includes .NET 2.0 and 3.0).

    • HTTP Activation.

    • Non-HTTP Activation.

    • IIS Management Console.

  • .NET Framework 4.5 Features.
    • .NET Framework 4.5.
    • ASP .NET 4.5.
    • WCF Services.
      • HTTP Activation.

      • Message Queuing (MSMQ) Activation.

      • Named Pipe Activation.

      • TCP Activation.

      • TCP Port Sharing.

  • Message Queuing Services.
  • Windows Process Activation Service.
    • Process Model.
    • .NET Environment 3.5.
    • Configuration APIs.
Remote Management Database
Operating System
  • Microsoft Windows 2012 R2.
  • MS SQL Server 2012 Standard.
  • MS SQL Management Studio 2012.
  • Microsoft .Net Framework 4.6.2.
  • Microsoft SQL Server Management Objects (SMO) DLL.
Server Roles
  • Bulkadmin.
  • Dbcreator.
User Mapping
  • Dbowner.
  • Dbbackupoperator.
  • SQLAgent dependent.
  • serverGroup dependent.

Network Requirements

Source Component

Destination Component

Protocol

Port

AirWatch Console Remote Management Server TCP 443, 8446
End-User Devices Remote Management Server TCP 443, 8446
Console User Remote Management Server TCP 443, 8446
Remote Management Server Remote Management Database TCP 1433
Remote Management Server Active Directory TCP 389/53

Domain Name Service

The Remote Management server requires a forward lookup zone and three DNS records within the forward lookup zone. These records enable devices to communicate properly with the components within the Remote Management server. The forward lookup zone, the host record, and service records all must point to the Remote Management server.

Consider using the PowerShell Script for creating controlplane Forward Lookup Zone. For more information, see Remote Management Server Installation PowerShell Scripts.

Requirement Description
Forward Lookup Zone

Create a forward lookup zone that points to your Remote Management server.

The forward lookup zone must be named.

controlplane.aetherpal.internal
Host Record

Create a host record in your DNS that points to your Remote Management Server.

The host record must be named

admin. 
Service Coordinator Service Records

Create a service record for the Service Coordinator.

  • Record type: SRV.

  • Domain: Enter the forward lookup zone of your Remote Management server.

  • Service: _svc.

  • Protocol: _tcp.

  • Priority: 0.

  • Weight: 0.

  • Port number: 8870.

  • Host Offering this service: Enter your Remote Management server hostname.

Data Tier Proxy Service Record
  • Record type: SRV.

  • Domain: Enter the forward lookup zone of your Remote Management server.

  • Service: _dtp.

  • Protocol: _tcp.

  • Priority: 0.

  • Weight: 0.

  • Port number: 8865.

  • Host Offering this service: Enter your Remote Management server hostname.

Security Certificates Requirements

To deploy the Remote Management tool and make it work alongside AirWatch, you need multiple SSL certificates installed on the Remote Management server.

Site Certificate

The site certificate secures HTTPS binding for the management website for port 443 and allows a secure connection. This secure connection is between the admin and Web services. Also, the site certificate secures the connection to the Connection Proctor on port 8446. The customer provides the site certificate as a wildcard certificate. You must use a PFX file containing the public/private key and certificate chain during installation.

Enrollment Certificate

The enrollment certificate is an SSL certificate that enables remote management devices to enroll or register with the Remote Management server. The enrollment certificate also secures the connection to the server. AirWatch provides the certificate in a PFX file containing the private and public key and the certificate chain.

T10 Interface Certificate

The T10 interface certificate contains two major certificates that enable AirWatch to communicate with the T10 portal. These major certificates are the Root certificate and the AirWatch portal intermediate certificate in a p7b file. You must install these certificates on the Remote Management server in the appropriate certificate authorities.