You must meet the UEM Console requirements as well as the hardware, software, and network recommendations to successfully deploy the SEG.
UEM Console Requirements
- AirWatch Console 9.0.3 or later
- REST API must be enabled for the Organization Group type, Customer.
To configure the REST API URL for your Workspace ONE UEM environment:
- Navigate to .
- The Workspace ONE UEM gets the API certificate from the REST API URL that is on the Site URLs page. For SaaS deployments, use the format as XX.airwatchportals.com.
You can configure the SEG V2 at a container organization group that inherits the REST API settings from a customer type organization group.
A SEG V2 server can be either a virtual or physical server .
Note the following when deploying SEG V2:
- An Intel processor is required. CPU Cores should each be 2.0 GHz or higher.
- The minimum requirements for a single SEG server are 2 CPU cores and 4 GB RAM.
- When installing the SEG servers in a load balanced configuration, sizing requirements can be viewed as cumulative. For example, a SEG environment requiring 4 CPU Cores and 8 GB RAM can be supported by either:
- One single SEG server with 4 CPU cores and 8 GB RAM.
- Two load-balanced SEG servers, each with 2 CPU cores and 4 GB RAM.
- 5 GB disk space needed per SEG and dependent software. This does not include system monitoring tools or additional server applications.
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
|Source Component||Destination Component||Protocol||Port||Description|
|Devices (from Internet and Wi-Fi)||SEG||HTTPS||443||Devices request mail from SEG|
|Console Server||SEG||HTTPS||443||Console makes administrative commands to SEG|
|SEG||Workspace ONE UEM REST API (Device Services (DS) or Console Server (CN) server)||HTTP or HTTPS||80 or 443||SEG retrieves the configuration and general compliance policy information|
|SEG||Internal hostname or IP of all other SEG servers||TCP||5701 or 41232||If SEG Clustering is used, then SEG communicates to shared policy cache across other SEGs for updates and replication.|
|SEG||localhost||HTTP||44444||Admin accesses the SEG server status and diagnostic information from the localhost machine.|
|Device Services||SEG||HTTPS||443||Enrollment events and real-time compliance communicates to SEG.|
|SEG||Exchange||HTTP or HTTPS||80 or 443||Verify the following URL is trusted from the browser on the SEG server and gives a prompt for credentials. Exchange server: http(s)://Exchange_ActiveSync_FQDN/Microsoft-server-ActiveSync|
Remote access to Windows Servers available to Workspace ONE UEM and administrator rights
Set up the Remote Desktop Connection Manager for multiple server management, download the installer from https://www.microsoft.com/en-us/download/details.aspx?id=44989
|Installation of Notepad++ (Recommended)|
|Ensure Exchange ActiveSync is enabled for a test account|
- Ensure that the SEG URL is either in camel case or lower case.
- Supported :
- Not supported: Microsoft-Server-Activesync
- Supported :
- The SEG V2 requires that TLS 1.1 or 1.2 is supported on the client's email server, preferably TLS 1.2. It is recommended that the client follow the guidelines of the email system and the OS manufacturer.
Remote Access to Servers
Ensure that you have remote access to the servers where Workspace ONE UEM is installed. Typically, Workspace ONE UEM consultants perform installations remotely over a web meeting or screen share. Some customers also provide Workspace ONE UEM with VPN credentials to directly access the environment as well.