Skip to main content
Matrix42 Self-Service Help Center

Installation Guide I: System Requirements

Silverback Server

Hardware 

  • 64 Bit CPU, 2.6 GHz Xeon or faster
  • 4GB RAM
  • 10GB of free disk space
  • SCSI or SAS speed disks or equivalent SAS
  • 1GB Network Interface Cards

Operating System

  • Windows Server 2008 R2,  2012 R2 , 2016 or 2019
    • Windows Server 2008 R2 is supported until 09/2019
  • The server must exist in the same LAN as the SQL Server. 10ms latency minimum is required to the SQL Server
  • The same date and time as the Silverback SQL Database Server
  • The server must be configured for US English language, date and time settings (How-To) 
  • Enabled TLS 1.1 and TLS 1.2 (How-To

For both  How-To's you need to be logged in.

Roles and Features

Silverback requires the following Roles and Features:

Try our PowerShell scripts for Roles and Features Installation: Knowledge Base 

  Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2008 R2
Server Roles
  • Web Server (IIS)
  • Web Server (IIS)
  • Web Server (IIS)
  • Web Server (IIS)
Features
  • .NET Framework 3.5 Features
    • NET Framework 3.5 (includes .Net 2.0 and 3.0)
  • .NET Framework 4.7
    • .NET Framework 4.7
    • ASP.NET 4.7
    • WCF Services
      • TCP Port Sharing
  • .NET Framework 3.5 Features
    • NET Framework 3.5 (includes .Net 2.0 and 3.0)
  • .NET Framework 4.6 Features
    • .NET Framework 4.6
    • ASP.NET 4.6
    • WCF Services
      • TCP Port Sharing
  • .NET Framework 3.5 Features
    • NET Framework 3.5 (includes .Net 2.0 and 3.0)
  • .NET Framework 4.5 Features
    • .Net Framework 4.5
    • ASP.NET 4.5 
    • WCF Services
      • TCP Port Sharing
  • Windows PowerShell 5.0  (Download)
  • .NET Framework 3.5.1 Features
    • .NET Framework 3.5.1
  • .NET Framework 4.5.2 (Download)
  • Windows PowerShell 5.0  (Download)

Web Server Role (IIS)

Role Services

  • Common HTTP Features
    • Default Document
    • Directory Browsing
    • HTTP Errors
    • Static Content
    • HTTP Redirection
  • Health and Diagnostics
    • HTTP Logging
  • Performance
    • Static Content Compression
  • Security
    • Request Filtering
  • Application Development
    • .NET Extensibility 3.5
    • .NET Extensibility 4.7
    • ASP.NET 4.7
    • ISAPI Extensions
    • ISAPI Filters
    • WebSocket Protocol
  • Management Tools
    • IIS Management Console
  • Common HTTP Features
    • Default Document
    • Directory Browsing
    • HTTP Errors
    • Static Content
    • HTTP Redirection
  • Health and Diagnostics
    • HTTP Logging
  • Performance
    • Static Content Compression
  • Security
    • Request Filtering
  • Application Development
    • .NET Extensibility 3.5
    • .NET Extensibility 4.6
    • ASP.NET 4.6
    • ISAPI Extensions
    • ISAPI Filters
    • WebSocket Protocol
  • Management Tools
    • IIS Management Console
  • Common HTTP Features
    • Default Document
    • Directory Browsing
    • HTTP Errors
    • Static Content
    • HTTP Redirection
  • Health and Diagnostics
    • HTTP Logging
  • Performance
    • Static Content Compression
  • Security
    • Request Filtering
  • Application Development
    • .NET Extensibility 3.5
    • .NET Extensibility 4.5
    • ASP.NET 3.5
    • ASP.NET 4.5
    • ISAPI Extensions
    • ISAPI FIlters
    • WebSocket Protocol
  • Management Tools
    • IIS Management Console
  • Common HTTP Features
    • Static Content
    • Default Document
    • Directory Browsing
    • HTTP Errors
    • HTTP Redirection
  • Application Development
    • ASP.NET 
    • .NET Extensibility
    • ISAPI Extensions
    • ISAPI FIlters
  • Health and Diagnostics
    • HTTP Logging
  • Security
    • Request Filtering
  • Performance
    • Static Content Compression
  • Management Tools
    • IIS Management Console

Additional Software

  • Silverlight: Download
  • Microsoft Access Database Engine 2010: Download (AccessDatabaseEngine_X64.exe)

Browsers

Access to Silverback for End Users, Help Desk and System Administrators is via a web-based console. Supported browsers are:

  • Google Chrome (recommended)
  • Mozilla Firefox
  • Safari
  • Microsoft Edge
  • Internet Explorer 11

To provision a device, End Users must have access to the Silverback Self Service Portal. If a web proxy processes the user’s web traffic, then ensure the proxy server can serve the Self Service Portal. If this is not possible, proxy server exclusions must be set to allow direct access to the site.

 

Accounts & Groups

Accounts

The following accounts are needed:

Type Rights Purpose Required
Domain Account Local Administrator  Install Silverback mandatory
SQL Account

db_creator Role

db_owner Role

Install Silverback Database with SQL Server Authentication

Upgrade Silverback Database with SQL Server Authentication

mandatory
Service Account Read permission to Active Directory LDAP Lookups optional

Groups 

The following groups are purpose dependent: 

Type Name Purpose Included
Global Security Group Silverback Mobile Device Manager

Install Silverback Database with Windows Authentication 

Upgrade Silverback Database with Windows Authentication

Certificate Distribution

 

For on-premise installations: SilverbackComputerAccount$

For cloud customers: CloudConnectorComputerAccount$

Domain local Security Group

with delegated Read permissions to Active Directory

Silverback Enterprise Device Management

Install Silverback Database with Windows Authentication 

Update Silverback Database with Windows Authentication

Certificate Distribution

Silverback Mobile Device Manager Global Security Group

SQL Server

Hardware

10GB of space per 1000 devices – This will change depending on individual requirements for logging and data retention.

Software

  • SQL Server 2008 to 2019
  • SQL Compatibility Level must be 100. This is set by the script on the Silverback database automatically.
  • The server/instance collation must be either
    • SQL_Latin_General_CP1_CI_AS
    • SQL_Latin1_General_CP1_CI_AS
  • The Database Collation should be set to
    • Latin_General_CI_AS
    • Latin1_General_CI_AS

Permissions

  • SQL Account with db_creator permissions  to create the SQL Database 
  • SQL Account with db_owner permissions for database upgrades (optional)

Downgrade your permissions from db_creator to db_owner after initital Silverback installation

Database

Silverback will create and configure its database during the Installation.

The following values can be specified.

  • Data Server Address
  • Failover Database Server Address
  • Database Name
  • Authentication Method 
  • Username
  • Password

Firewall Rules

Traffic source (from) Destination (to) Port Protocol
Devices (Internet) Reverse Proxy 443/tcp
Reverse Proxy Silverback  Server 443/tcp
Silverback Server SQL Server 1433/tcp
Silverback Server Domain Controller 389,636/tcp
Silverback Server Certificate Authority

389,443/tcp

DCOM/RPC

Silverback Server SMTP Server 25/tcp
Silverback Server (*for Exchange 2010 Protection) Exchange Server  443/tcp
Silverback Server gateway.push.apple.com 2195/tcp,  443/tcp
Silverback Server mdmenrollment.apple.com 2195/tcp,  443/tcp
Silverback Server vpp.itunes.apple.com  2195/tcp,  443/tcp
Silverback Server Adressblock: 17.0.0.0/8 (internet) 2195/tcp,  443/tcp
Silverback Server itunes.apple.com 80/tcp, 443/tcp
Silverback Server fcm.googleapis.com/fcm/send 443/tcp 
  Google ASN IP Block - 15169 443/tcp 
Silverback Server Microsoft Push Network (*deprecated) 443/tcp
Silverback Server (*except Australia) SMS (apiaerialink.net, rest.messagebird.com) 443/tcp
Silverback Server (Australia) SMS (sms.silverbackmdm.com) 59.154.43.98
Internal Devices  Silverback Server 443/tcp
Devices (e.g Wi-Fi) gateway.push.apple.com 5523/tcp
Devices (e.g Wi-Fi)  Adressblock: 17.0.0.0/8 (internet) 5223/tcp
Devices (e.g Wi-Fi)  (until 11.04.2019) android.googleapis.com/gcm/send 5228/tcp , 5229/tcp, 5230/tcp 
Devices (e.g Wi-Fi) (from 11.04.2019) fcm.googleapis.com/fcm/send 5228/tcp , 5229/tcp, 5230/tcp 
Devices (e.g Wi-Fi) *Knox Only gslb.secb2b.com  80/tcp, 443/tcp
Devices (e.g Wi-Fi) *Knox Only eu-prod-klm.secb2b.com 80/tcp, 443/tcp

Servers & Network

Bandwidth

We recommend at least 100Mbps network connections, with latency under 10ms between all internal systems

Domain and Forest Level

  • Silverback support the following Domain and Forest Level:
    • Windows Server 2003
    • Windows Server 2008
    • Windows Server 2008 R2
    • Windows Server 2012 R2

DNS

As Silverback requires devices to connect via DNS, appropriate DNS entries must be setup for your server.

DNS Name

  • Internally and externally the DNS name should ideally be the same, so devices can resolve the server address inside your network and outside. 
  • For example: silverback.imagoverum.com

Android & Companion

For Android Based devices, a DNS SRV record lookup is performed to find the server based on the username entered in the client. If the user enters e.g. “tim.tober@imagoverum.com” , then a SRV service record lookup is performed against “imagoverum.com” for the _silverback SRV record.

The SRV record should be setup like this:

Service _silverback
Protocol _tcp
Priority 0
Weight 0
Port Number 443
Target or Service Hoster e.g. silverback.imagoverum.com

SSL

Silverback Web Site Certificate

The Silverback solution utilizes a device management protocol that requires an established trust relationship between the device and server. This allows the server to provision and manage your mobile fleet securely. The Silverback web service requires one (1) certificate signed by a Certificate Authority trusted by the devices. The certificate must also match the DNS Name outlined in Section DNS Setup. The Silverback Website Certificate is a core requirement for Silverback to function, please have the PFX/P12 Certificate Bundle available for installation.

A full list of iOS trusted Certificate Authorities is available at: http://support.apple.com/kb/HT5012.

Web Proxy

Silverback is web based. Take it into consideration if there are any corporate web proxies in your network. If your end users are using a web proxy to browse the internet, then an appropriate configuration is needed to allow Silverback to function effectively:

  • Ensure that each web browser (that has a proxy set) has an exclusion set for the Silverback server URL outlined in section DNS Setup.
  • Configure each web proxy to allow traffic destined for the Silverback server to reach its destination unaltered.
  • Ensure that any devices connected to Wi-Fi have access to the Apple push network, as outlined in Firewall Rules.
  • Ensure that any Android devices enrolled in Silverback are able to access GCM, as outlined in Firewall Rules.

SMTP

Silverback will notify administrators about key events in the system if configured to do so. The SMTP Server details are required for alerts. The SMTP Server must allow anonymous relay within the company domain.

Active Sync

Silverback is used to manage deployment of Exchange ActiveSync client configurations. Ensure your Exchange ActiveSync is currently configured and in a working state. 

Exchange PowerShell Connectivity

Silverback can be configured to use Microsoft Exchange’s Device Quarantine Mode to block devices from syncing with the Exchange Server at a device level. For this to work, add the following extra Active Directory Permissions on the Silverback Enterprise Device Manager Group:

  • Organization Management
  • Server Management
  • Exchange Recipient Management
  • Server Management Groups

Refer to our Exchange PowerShell Integration Guide for additional information.

  • Was this article helpful?