Skip to main content
Matrix42 Self-Service Help Center

Installation Guide I: System Requirements

Silverback Server

Hardware 

  • 64 Bit CPU, 2.6 GHz Xeon or faster
  • 4GB RAM
  • 10GB of free disk space
  • SCSI or SAS speed disks or equivalent SAS
  • 1GB Network Interface Cards

Operating System

  • Windows Server 2012 R2 or 2016

Windows Server 2008 onwards is supported, but it is recommended to use minimum 2012 R2.

  • The server must exist in the same LAN as the SQL Server. 10ms latency minimum is required to the SQL Server
  • The same date and time as the Silverback SQL Database Server
  • The server must be configured for US English language, date and time settings (How-To) 
  • Enabled TLS 1.1 and TLS 1.2 (How-To

For both  How-To's you need to be logged in.

Roles and Features

Silverback requires the following Roles and Features:

  Windows Server 2016 Windows Server 2012 R2 Windows Server 2008 R2
Server Roles
  • Web Server (IIS)
    • Common HTTP Features
      • Default Document
      • Directory Browsing
      • HTTP Errors
      • Static Content
      • HTTP Redirection
    • Health and Diagnostics
      • HTTP Logging
    • Performance
      • Static Content Compression
    • Security
      • Request Filtering
    • Application Development
      • .NET Extensibility 3.5
      • .NET Extensibility 4.6
      • ASP.NET 4.6
      • ISAPI Extensions
      • ISAPI Filters
      • WebSocket Protocol
    • Management Tools
      • IIS Management Console
  • Web Server (IIS)
    • Common HTTP Features
      • Default Document
      • Directory Browsing
      • HTTP Errors
      • Static Content
      • HTTP Redirection
    • Health and Diagnostics
      • HTTP Logging
    • Performance
      • Static Content Compression
    • Security
      • Request Filtering
    • Application Development
      • .NET Extensibility 3.5
      • .NET Extensibility 4.5
      • ASP.NET 3.5
      • ASP.NET 4.5
      • ISAPI Extensions
      • ISAPI FIlters
      • WebSocket Protocol
    • Management Tools
      • IIS Management Console
  • Web Server (IIS)
    • Common HTTP Features
      • Static Content
      • Default Document
      • Directory Browsing
      • HTTP Errors
      • HTTP Redirection
    • Application Development
      • ASP.NET 
      • .NET Extensibility
      • ISAPI Extensions
      • ISAPI FIlters
    • Health and Diagnostics
      • HTTP Logging
    • Security
      • Request Filtering
    • Performance
      • Static Content Compression
    • Management Tools
      • IIS Management Console
Features
  • .NET Framework 3.5 Features
    • NET Framework 3.5 (includes .Net 2.0 and 3.0)
  • .NET Framework 4.6
    • ASP.NET 4.6
  • .NET Framework 3.5 Features
    • NET Framework 3.5 (includes .Net 2.0 and 3.0)
  • .NET Framework 4.5 Features
    • .Net Framework 4.5
    • ASP.NET 4.5 
  • Windows PowerShell 5.0  (Download)
  • .NET Framework 3.5.1 Features
    • .NET Framework 3.5.1
  • .NET Framework 4.5.2 (Download)
  • Windows PowerShell 5.0  (Download)

Additional Software

  • Silverlight: Download
  • Microsoft Access Database Engine 2010: Download (AccessDatabaseEngine_X64.exe)

Browsers

Access to Silverback for End Users, Help Desk and System Administrators is via a web-based console. Supported browsers are:

  • Google Chrome (recommended)
  • Mozilla Firefox
  • Safari
  • Internet Explorer 11 and Edge

To provision a device, End Users must have access to the Silverback Self Service Portal. If a web proxy processes the user’s web traffic, then we need to make sure the proxy server can serve the Silverback SSP web site. If this is not possible, proxy server exclusions must be set to allow direct access to the site.

 

Accounts & Groups

Accounts

The following accounts are needed:

Type Rights Purpose Required
Domain Account Local Administrator  Install Silverback mandatory
SQL Account

db_creator Role

db_owner Role

Install Silverback Database with SQL Server Authentication

Upgrade Silverback Database with SQL Server Authentication

mandatory
Service Account Read permission to Active Directory LDAP Lookups optional

Groups 

The following groups are purpose dependent: 

Type Name Purpose Included
Global Security Group Silverback Mobile Device Manager

Install Silverback Database with Windows Authentication 

Upgrade Silverback Database with Windows Authentication

Certificate Distribution

 

SilverbackComputerAccount$

Universal Security Group

with delegated Read permissions to Active Directory

Silverback Enterprise Device Management

Install Silverback Database with Windows Authentication 

Update Silverback Database with Windows Authentication

Certificate Distribution

Silverback Mobile Device Manager Global Securty Group

SQL Server

Hardware

10GB of space per 1000 devices – This will change depending on individual requirements for logging and data retention.

Software

  • SQL Server 2008 to 2016
  • SQL Compatibility Level must be 100 (this is SQL 2008 and 2008 R2) this is set by the script on the Silverback database automatically.
  • The server/instance collation must be either:
    •  SQL_Latin_General_CP1_CI_AS
    •  SQL_Latin1_General_CP1_CI_AS

Permissions

  • SQL Account with db_creator permissions  to create the SQL Database 
  • SQL Account with db_owner permissions for database upgrades (optional)

Database

Silverback will create and configure its database automatically after the installer has run.  The following values can be specified.

  • Data Server Address
  • Failover Database Server Address
  • Database Name
  • Authentication Method 
  • Username
  • Password

A second method is to create the Database manually with the following settings: (optional)

  • Initial size of the database DATA file should be set to 500MB, in order to minimize database resizing load on the database,
  • Auto growth value to 100MB. 
  • Database LOG file to 100MB, growing by 10%.
  • Approximately 10 GB of storage should be allocated for the database and transaction logs.
  • This is dependent upon usage, number of users and verbosity of logging.

This is a guideline for a standard deployment and may charge according to usage patterns. Please monitor and review the available space and allow database growth to increase space as required

Firewall Rules

Traffic source (from) Destination (to) Port Protocol
Devices (Internet) Reverse Proxy 443/tcp
Reverse Proxy Silverback  Server 443/tcp
Silverback Server SQL Server 1433/tcp
Silverback Server Domain Controller 389,636/tcp
Silverback Server Certificate Authority  
Silverback Server SMTP Server 25/tcp
Silverback Server (*for Exchange 2010 Protection) Exchange Server  443/tcp
Silverback Server gateway.push.apple.com 2195/tcp,  443/tcp
Silverback Server mdmenrollment.apple.com 2195/tcp,  443/tcp
Silverback Server vpp.itunes.apple.com  2195/tcp,  443/tcp
Silverback Server Adressblock: 17.0.0.0/8 (internet) 2195/tcp,  443/tcp
Silverback Server itunes.apple.com 80/tcp, 443/tcp
Silverback Server  android.googleapis.com/gcm/send 443/tcp 
  Google ASN IP Block - 15169 443/tcp 
Silverback Server Microsoft Push Network (*deprecated) 443/tcp
Silverback Server (*except Australia) SMS (apiaerialink.net, rest.messagebird.com) 443/tcp
Silverback Server (Australia) SMS (sms.silverbackmdm.com) 59.154.43.98
Internal Devices  Silverback Server 443/tcp
Devices (e.g Wi-Fi) gateway.push.apple.com 5523/tcp
Devices (e.g Wi-Fi)  Adressblock: 17.0.0.0/8 (internet) 5223/tcp
Devices (e.g Wi-Fi)  android.googleapis.com/gcm/send 5228/tcp , 5229/tcp, 5230/tcp 
Devices (e.g Wi-Fi) *Knox Only gslb.secb2b.com  80/tcp, 443/tcp
Devices (e.g Wi-Fi) *Knox Only eu-prod-klm.secb2b.com 80/tcp, 443/tcp

Servers & Network

Bandwidth

The solution requires LAN speed; therefore, we recommend at least 100Mbps network connections, with latency under 10ms between all internal systems

Domain and Forest Level

Silverback supports Windows Server 2003 and Windows Server 2008 Active Directory domain and forest functional levels. Silverback supports installation in Active Directory domains at the “Windows Server 2003”, “Windows Server 2008” and “Windows Server 2008 R2” domain and forest functional levels.

DNS

As Silverback requires devices to connect via DNS, The appropriate DNS entries must be setup for your server. Internally and externally the DNS name should ideally be the same, so devices can resolve the server address inside your network and outside.  For example: silverback.yourdomainname.com.

For Android Based devices, a DNS SRV record lookup is performed to find the server based on the username entered in the client. If the user enters “user@company.com” , then a SRV service record lookup is performed against “company.com” for the _silverback SRV record.

  • The SRV record should be setup like this:
  • Service:            _silverback
  • Protocol:           _tcp
  • Priority:           0
  • Weight:             0
  • Port Number:             443
  • Host offering this service:     <Silverback Server FQDN>

SSL

Silverback Web Site Certificate

The Silverback solution utilizes a device management protocol that requires an established trust relationship between the device and server. This allows the server to provision and manage your mobile fleet securely.The Silverback web service requires one (1) certificate signed by a Certificate Authority trusted by the devices. The certificate must also match the DNS Name outlined in Section DNS Setup. The Silverback Website Certificate is a core requirement for Silverback to function, please have the PFX/P12 Certificate Bundle available for installation.

A full list of iOS trusted Certificate Authorities is available at: http://support.apple.com/kb/HT5012.

Web Proxy

The Silverback MDM solution is web based and this must be taken into consideration if there are any corporate web proxies on the network. If your workforce uses a web proxy to browse the internet then they need to be configured to allow the Silverback solution to function effectively:

Ensure that each web browser (that has a proxy set) has an exclusion set for the Silverback server URL outlined in section DNS Setup.

  • Configure each web proxy to allow traffic destined for the Silverback server to reach its destination unaltered.
  • Ensure that any devices connected to Wi-Fi have access to the Apple push network via this proxy, as outlined in Firewall Rules.
  • Ensure that any Android devices enrolled in Silverback are able to access GCM via this proxy, as outlined in Firewall Rules.

SMTP

Silverback will notify administrators about key events in the system if configured to do so. The SMTP Server details are required for alerts. The SMTP Server must allow anonymous relay within the company domain.

Exchange

Silverback is used to manage deployment of Exchange ActiveSync client configurations. This guide assumes Exchange ActiveSync is currently configured and is in a working state. The network requirements specified in this document assume this configuration is working correctly and any Exchange ActiveSync network requirements are not included.

Exchange PowerShell Connectivity

*for Exchange 2010 Protection

Silverback can be configured to use Microsoft Exchange’s Device Quarantine Mode to block devices from syncing with the Exchange Server at a device level. For this to work, you must configure the following extra Active Directory Permissions on the Silverback Enterprise Device Manager group:

  • Organization Management
  • Server Management
  • Exchange Recipient Management
  • Server Management Groups
  • Was this article helpful?