- 64 Bit CPU, 2.6 GHz Xeon or faster
- 4GB RAM
- 10GB of free disk space
- SCSI or SAS speed disks or equivalent SAS
- 1GB Network Interface Cards
- Windows Server 2012 R2 or 2016
Windows Server 2008 onwards is supported, but it is recommended to use minimum 2012 R2.
- The server must exist in the same LAN as the SQL Server. 10ms latency minimum is required to the SQL Server
- The same date and time as the Silverback SQL Database Server
- The server must be configured for US English language, date and time settings (How-To)
- Enabled TLS 1.1 and TLS 1.2 (How-To)
For both How-To's you need to be logged in.
Roles and Features
Silverback requires the following Roles and Features:
|Windows Server 2016||Windows Server 2012 R2||Windows Server 2008 R2|
Access to Silverback for End Users, Help Desk and System Administrators is via a web-based console. Supported browsers are:
- Google Chrome (recommended)
- Mozilla Firefox
- Internet Explorer 11 and Edge
To provision a device, End Users must have access to the Silverback Self Service Portal. If a web proxy processes the user’s web traffic, then we need to make sure the proxy server can serve the Silverback SSP web site. If this is not possible, proxy server exclusions must be set to allow direct access to the site.
Accounts & Groups
The following accounts are needed:
|Domain Account||Local Administrator||Install Silverback||mandatory|
Install Silverback Database with SQL Server Authentication
Upgrade Silverback Database with SQL Server Authentication
|Service Account||Read permission to Active Directory||LDAP Lookups||optional|
The following groups are purpose dependent:
|Global Security Group||Silverback Mobile Device Manager||
Install Silverback Database with Windows Authentication
Upgrade Silverback Database with Windows Authentication
Universal Security Group
with delegated Read permissions to Active Directory
|Silverback Enterprise Device Management||
Install Silverback Database with Windows Authentication
Update Silverback Database with Windows Authentication
|Silverback Mobile Device Manager Global Securty Group|
10GB of space per 1000 devices – This will change depending on individual requirements for logging and data retention.
- SQL Server 2008 to 2016
- SQL Compatibility Level must be 100 (this is SQL 2008 and 2008 R2) this is set by the script on the Silverback database automatically.
- The server/instance collation must be either:
- SQL Account with db_creator permissions to create the SQL Database
- SQL Account with db_owner permissions for database upgrades (optional)
Silverback will create and configure its database automatically after the installer has run. The following values can be specified.
- Data Server Address
- Failover Database Server Address
- Database Name
- Authentication Method
A second method is to create the Database manually with the following settings: (optional)
- Initial size of the database DATA file should be set to 500MB, in order to minimize database resizing load on the database,
- Auto growth value to 100MB.
- Database LOG file to 100MB, growing by 10%.
- Approximately 10 GB of storage should be allocated for the database and transaction logs.
- This is dependent upon usage, number of users and verbosity of logging.
This is a guideline for a standard deployment and may charge according to usage patterns. Please monitor and review the available space and allow database growth to increase space as required
|Traffic source (from)||Destination (to)||Port Protocol|
|Devices (Internet)||Reverse Proxy||443/tcp|
|Reverse Proxy||Silverback Server||443/tcp|
|Silverback Server||SQL Server||1433/tcp|
|Silverback Server||Domain Controller||389,636/tcp|
|Silverback Server||Certificate Authority|
|Silverback Server||SMTP Server||25/tcp|
|Silverback Server (*for Exchange 2010 Protection)||Exchange Server||443/tcp|
|Silverback Server||gateway.push.apple.com||2195/tcp, 443/tcp|
|Silverback Server||mdmenrollment.apple.com||2195/tcp, 443/tcp|
|Silverback Server||vpp.itunes.apple.com||2195/tcp, 443/tcp|
|Silverback Server||Adressblock: 188.8.131.52/8 (internet)||2195/tcp, 443/tcp|
|Silverback Server||itunes.apple.com||80/tcp, 443/tcp|
|Google ASN IP Block - 15169||443/tcp|
|Silverback Server||Microsoft Push Network (*deprecated)||443/tcp|
|Silverback Server (*except Australia)||SMS (apiaerialink.net, rest.messagebird.com)||443/tcp|
|Silverback Server (Australia)||SMS (sms.silverbackmdm.com)||184.108.40.206|
|Internal Devices||Silverback Server||443/tcp|
|Devices (e.g Wi-Fi)||gateway.push.apple.com||5523/tcp|
|Devices (e.g Wi-Fi)||Adressblock: 220.127.116.11/8 (internet)||5223/tcp|
|Devices (e.g Wi-Fi)||android.googleapis.com/gcm/send||5228/tcp , 5229/tcp, 5230/tcp|
|Devices (e.g Wi-Fi) *Knox Only||gslb.secb2b.com||80/tcp, 443/tcp|
|Devices (e.g Wi-Fi) *Knox Only||eu-prod-klm.secb2b.com||80/tcp, 443/tcp|
Servers & Network
The solution requires LAN speed; therefore, we recommend at least 100Mbps network connections, with latency under 10ms between all internal systems
Domain and Forest Level
Silverback supports Windows Server 2003 and Windows Server 2008 Active Directory domain and forest functional levels. Silverback supports installation in Active Directory domains at the “Windows Server 2003”, “Windows Server 2008” and “Windows Server 2008 R2” domain and forest functional levels.
As Silverback requires devices to connect via DNS, The appropriate DNS entries must be setup for your server. Internally and externally the DNS name should ideally be the same, so devices can resolve the server address inside your network and outside. For example: silverback.yourdomainname.com.
For Android Based devices, a DNS SRV record lookup is performed to find the server based on the username entered in the client. If the user enters “email@example.com” , then a SRV service record lookup is performed against “company.com” for the _silverback SRV record.
- The SRV record should be setup like this:
- Service: _silverback
- Protocol: _tcp
- Priority: 0
- Weight: 0
- Port Number: 443
- Host offering this service: <Silverback Server FQDN>
Silverback Web Site Certificate
The Silverback solution utilizes a device management protocol that requires an established trust relationship between the device and server. This allows the server to provision and manage your mobile fleet securely.The Silverback web service requires one (1) certificate signed by a Certificate Authority trusted by the devices. The certificate must also match the DNS Name outlined in Section DNS Setup. The Silverback Website Certificate is a core requirement for Silverback to function, please have the PFX/P12 Certificate Bundle available for installation.
A full list of iOS trusted Certificate Authorities is available at: http://support.apple.com/kb/HT5012.
The Silverback MDM solution is web based and this must be taken into consideration if there are any corporate web proxies on the network. If your workforce uses a web proxy to browse the internet then they need to be configured to allow the Silverback solution to function effectively:
Ensure that each web browser (that has a proxy set) has an exclusion set for the Silverback server URL outlined in section DNS Setup.
- Configure each web proxy to allow traffic destined for the Silverback server to reach its destination unaltered.
- Ensure that any devices connected to Wi-Fi have access to the Apple push network via this proxy, as outlined in Firewall Rules.
- Ensure that any Android devices enrolled in Silverback are able to access GCM via this proxy, as outlined in Firewall Rules.
Silverback will notify administrators about key events in the system if configured to do so. The SMTP Server details are required for alerts. The SMTP Server must allow anonymous relay within the company domain.
Silverback is used to manage deployment of Exchange ActiveSync client configurations. This guide assumes Exchange ActiveSync is currently configured and is in a working state. The network requirements specified in this document assume this configuration is working correctly and any Exchange ActiveSync network requirements are not included.
Exchange PowerShell Connectivity
*for Exchange 2010 Protection
Silverback can be configured to use Microsoft Exchange’s Device Quarantine Mode to block devices from syncing with the Exchange Server at a device level. For this to work, you must configure the following extra Active Directory Permissions on the Silverback Enterprise Device Manager group:
- Organization Management
- Server Management
- Exchange Recipient Management
- Server Management Groups