- 64 Bit CPU, 2.6 GHz Xeon or faster
- 4GB RAM
- 10GB of free disk space
- SCSI or SAS speed disks or equivalent SAS
- 1GB Network Interface Cards
- Windows Server 2008 R2, 2012 R2 , 2016 or 2019
- Windows Server 2008 R2 is supported until 09/2019
- The server must exist in the same LAN as the SQL Server. 10ms latency minimum is required to the SQL Server
- The same date and time as the Silverback SQL Database Server
- The server must be configured for US English language, date and time settings (How-To)
- Enabled TLS 1.1 and TLS 1.2 (How-To)
For both How-To's you need to be logged in.
Roles and Features
Silverback requires the following Roles and Features:
Try our PowerShell scripts for Roles and Features Installation: Knowledge Base
|Windows Server 2019||Windows Server 2016||Windows Server 2012 R2||Windows Server 2008 R2|
Web Server Role (IIS)
Access to Silverback for End Users, Help Desk and System Administrators is via a web-based console. Supported browsers are:
- Google Chrome (recommended)
- Mozilla Firefox
- Internet Explorer 11 and Edge
To provision a device, End Users must have access to the Silverback Self Service Portal. If a web proxy processes the user’s web traffic, then ensure the proxy server can serve the Self Service Portal. If this is not possible, proxy server exclusions must be set to allow direct access to the site.
Accounts & Groups
The following accounts are needed:
|Domain Account||Local Administrator||Install Silverback||mandatory|
Install Silverback Database with SQL Server Authentication
Upgrade Silverback Database with SQL Server Authentication
|Service Account||Read permission to Active Directory||LDAP Lookups||optional|
The following groups are purpose dependent:
|Global Security Group||Silverback Mobile Device Manager||
Install Silverback Database with Windows Authentication
Upgrade Silverback Database with Windows Authentication
For on-premise installations: SilverbackComputerAccount$
For cloud customers: CloudConnectorComputerAccount$
Domain local Security Group
with delegated Read permissions to Active Directory
|Silverback Enterprise Device Management||
Install Silverback Database with Windows Authentication
Update Silverback Database with Windows Authentication
|Silverback Mobile Device Manager Global Security Group|
10GB of space per 1000 devices – This will change depending on individual requirements for logging and data retention.
- SQL Server 2008 to 2019
- SQL Compatibility Level must be 100. This is set by the script on the Silverback database automatically.
- The server/instance collation must be either
- The Database Collation should be set to
- SQL Account with db_creator permissions to create the SQL Database
- SQL Account with db_owner permissions for database upgrades (optional)
Downgrade your permissions from db_creator to db_owner after initital Silverback installation
Silverback will create and configure its database during the Installation.
The following values can be specified.
- Data Server Address
- Failover Database Server Address
- Database Name
- Authentication Method
|Traffic source (from)||Destination (to)||Port Protocol|
|Devices (Internet)||Reverse Proxy||443/tcp|
|Reverse Proxy||Silverback Server||443/tcp|
|Silverback Server||SQL Server||1433/tcp|
|Silverback Server||Domain Controller||389,636/tcp|
|Silverback Server||Certificate Authority||
|Silverback Server||SMTP Server||25/tcp|
|Silverback Server (*for Exchange 2010 Protection)||Exchange Server||443/tcp|
|Silverback Server||gateway.push.apple.com||2195/tcp, 443/tcp|
|Silverback Server||mdmenrollment.apple.com||2195/tcp, 443/tcp|
|Silverback Server||vpp.itunes.apple.com||2195/tcp, 443/tcp|
|Silverback Server||Adressblock: 126.96.36.199/8 (internet)||2195/tcp, 443/tcp|
|Silverback Server||itunes.apple.com||80/tcp, 443/tcp|
|Google ASN IP Block - 15169||443/tcp|
|Silverback Server||Microsoft Push Network (*deprecated)||443/tcp|
|Silverback Server (*except Australia)||SMS (apiaerialink.net, rest.messagebird.com)||443/tcp|
|Silverback Server (Australia)||SMS (sms.silverbackmdm.com)||188.8.131.52|
|Internal Devices||Silverback Server||443/tcp|
|Devices (e.g Wi-Fi)||gateway.push.apple.com||5523/tcp|
|Devices (e.g Wi-Fi)||Adressblock: 184.108.40.206/8 (internet)||5223/tcp|
|Devices (e.g Wi-Fi) (until 11.04.2019)||android.googleapis.com/gcm/send||5228/tcp , 5229/tcp, 5230/tcp|
|Devices (e.g Wi-Fi) (from 11.04.2019)||fcm.googleapis.com/fcm/send||5228/tcp , 5229/tcp, 5230/tcp|
|Devices (e.g Wi-Fi) *Knox Only||gslb.secb2b.com||80/tcp, 443/tcp|
|Devices (e.g Wi-Fi) *Knox Only||eu-prod-klm.secb2b.com||80/tcp, 443/tcp|
Servers & Network
We recommend at least 100Mbps network connections, with latency under 10ms between all internal systems
Domain and Forest Level
- Silverback support the following Domain and Forest Level:
- Windows Server 2003
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012 R2
As Silverback requires devices to connect via DNS, appropriate DNS entries must be setup for your server.
- Internally and externally the DNS name should ideally be the same, so devices can resolve the server address inside your network and outside.
- For example: silverback.imagoverum.com
Android & Companion
For Android Based devices, a DNS SRV record lookup is performed to find the server based on the username entered in the client. If the user enters e.g. “firstname.lastname@example.org” , then a SRV service record lookup is performed against “imagoverum.com” for the _silverback SRV record.
The SRV record should be setup like this:
|Target or Service Hoster||e.g. silverback.imagoverum.com|
Silverback Web Site Certificate
The Silverback solution utilizes a device management protocol that requires an established trust relationship between the device and server. This allows the server to provision and manage your mobile fleet securely. The Silverback web service requires one (1) certificate signed by a Certificate Authority trusted by the devices. The certificate must also match the DNS Name outlined in Section DNS Setup. The Silverback Website Certificate is a core requirement for Silverback to function, please have the PFX/P12 Certificate Bundle available for installation.
A full list of iOS trusted Certificate Authorities is available at: http://support.apple.com/kb/HT5012.
Silverback is web based. Take it into consideration if there are any corporate web proxies in your network. If your end users are using a web proxy to browse the internet, then an appropriate configuration is needed to allow Silverback to function effectively:
- Ensure that each web browser (that has a proxy set) has an exclusion set for the Silverback server URL outlined in section DNS Setup.
- Configure each web proxy to allow traffic destined for the Silverback server to reach its destination unaltered.
- Ensure that any devices connected to Wi-Fi have access to the Apple push network, as outlined in Firewall Rules.
- Ensure that any Android devices enrolled in Silverback are able to access GCM, as outlined in Firewall Rules.
Silverback will notify administrators about key events in the system if configured to do so. The SMTP Server details are required for alerts. The SMTP Server must allow anonymous relay within the company domain.
Silverback is used to manage deployment of Exchange ActiveSync client configurations. Ensure your Exchange ActiveSync is currently configured and in a working state.
Exchange PowerShell Connectivity
Silverback can be configured to use Microsoft Exchange’s Device Quarantine Mode to block devices from syncing with the Exchange Server at a device level. For this to work, add the following extra Active Directory Permissions on the Silverback Enterprise Device Manager Group:
- Organization Management
- Server Management
- Exchange Recipient Management
- Server Management Groups
Refer to our Exchange PowerShell Integration Guide for additional information.