The Advanced (Custom) method of installing the Workspace ONE Assist server, featuring advanced options such as multiple servers to accommodate high availability and horizontal scaling, is a process that is composed of a single phase.

Take the following steps and install Workspace ONE Assist with its advanced (custom) configuration.

Procedure

  1. Download, extract, and save the Workspace ONE Assist installer into a temporary directory on the Workspace ONE Assist server, right-click the installer file, and select Run as administrator.
  2. At the Welcome screen, select Next.
  3. Enter the directory where you want to install the Advanced Remote Management application and select Install.
    The default installation directory can be customized to any location on the server.
  4. Select Advanced Installation (Custom) and then select Next.
  5. Select all components for installation on the server.
    • Database
    • Core Services
    • Portal Services
    • Application Services
    • Connection Proctor
  6. Select Next.
  7. Configure the Database settings. Select Connect to existing SQL Server and complete the following settings.
    Setting Description
    SQL Server Name Enter the database server hostname.
    Authentication Select the database account authentication. The authentication can be either Windows Authentication or SQL Authentication.
    User name Enter the user name of the database account. This user name is used by the installer to create all the databases required to install Workspace ONE Assist.
    Password Enter the password of the database account.
    Note: When making user names and passwords, do not use the following special characters:
    • Ampersand - &
    • Less Than - <
    • Greater Than - >
    • Single Quote - '
    • Double Quotes - "
    • Semicolon - ;
  8. Select the ...More button and complete the Database Advanced Settings.
    Important: If you are upgrading an existing installation, you must reenter your user name passwords. You must also reenter the paths of your MDF, LDF, and NDF file locations.
    Setting Description
    DB Owner User name/ Password

    Set the user name and password for the Workspace ONE Assist database owner SQL account. This account does not have system-wide permissions. The account only has permissions within the Workspace ONE Assist databases.

    This user name is apadminuser.

    DB Application User name/ Password

    Set the user name and password for the Workspace ONE Assist database application account.

    This user name is apdbuser.

    Note: When making user names and passwords, do not use the following special characters:
    • Ampersand - &
    • Less Than - <
    • Greater Than - >
    • Single Quote - '
    • Double Quotes - "
    • Semicolon - ;
    MDF Path Enter the path of the primary data file (MDF).
    LDF Path Enter the path of the transaction log file (LDF).
    NDF Path Enter the path of the secondary data file (NDF).
  9. Select Save followed by Next.
  10. Configure the Portal settings.
    Setting Description
    Tenant FQDN Enter the server fully qualified domain name. For example, "rmstage01.awmdm.com"
    SSL Certificate

    Select the folder icon and browse for the SSL Certificate already installed. For details, see Install an SSL Certificate.

    SQL Server Name Enter the database server hostname from the previous step.
    Apply Default Settings. Enable this check box to pre-populate the additional settings Enrollment Certificate, T10 Certificate, and License.
  11. Select the ...More button and complete the Custom Portal Advanced Settings.
    Important: If you are using port numbers other than the defaults referenced in Network and Security Requirements, you must enter these non-default port numbers here.
    Setting Description
    DB Application User name/ Password

    Enter the user name and password for the Workspace ONE Assist database application account.

    This user name is apdbuser.

    Note: When making user names and passwords, do not use the following special characters:
    • Ampersand - &
    • Less Than - <
    • Greater Than - >
    • Single Quote - '
    • Double Quotes - "
    • Semicolon - ;
    HTTP Port Enter the internal HTTP port used by portal services. The default is 80 but you can enter an alternate port number, such as 8080.
    IIS Site Binding IP Address Defines from which interfaces/IP addresses portal services can be reached. By default, the setting is ‘All Unassigned’ to enable all interfaces/IPs.
    HTTPS Port Enter the HTTPS port number. The default is 443 but you can enter your preferred port number.
    SSL Enable Enables SSL/TLS protocol for portal services. By default, this check box is enabled so that the portal services use SSL/TLS. Leave this check box enabled.

    T10 user name

    And

    Auto Generated

    Defines T10 API user for connectivity between AirWatch portal and RM system. By default, if ‘Auto Generated’ check box is enabled, the installer assigns a random user name to be created locally on the server. Leave this text box defaulted and the check box enabled for the Installer to create the T10 API user. If you want to define the user, disable the check box and type in the T10 user name you want to use.
    Forward Lookup Zone To the right of the Auto Generated label, enable this check box and enter your forward lookup zone here. You can also enter a custom lookup zone.
  12. Select Save followed by Next.
  13. Configure the Connection Proctor settings.
    Important: If you are using port numbers other than the defaults referenced in Network and Security Requirements, you must enter these non-default port numbers here.
    Setting Description
    Connection Proctor FQDN Defines the Fully Qualified Domain Name (FQDN) on which CP services can be reached. Enter in the FQDN, which must be the same as the FQDN assigned for portal services.
    Port

    Enter the port number for CP services. The default is 8443 but you can enter your preferred port number.

    Whatever port you select, ensure that network/security teams use this port when assigning translation rules from the firewall/router to the Workspace ONE Assist Server for CP services.

    SSL Certificate

    Select the folder icon and browse for the SSL Certificate already installed. For details, see Install an SSL Certificate.

    SAN (subject alternative name) certificates are supported. The implementation of SAN certificates depends upon your server arrangement.

    • Single Node – The SAN certificate must define the FQDN for each public facing server/SSL termination point that hosts the solution.
    • Multi-Node – The SAN certificate must have an FQDN defined for each connection proctor server and advanced remote management server.
      • For example, presume you have 2 connection proctor servers and 2 advanced remote management servers. The 2 Workspace ONE Assist servers host portal services, which need TLS/SSL traffic terminated at the load balancer. The FQDN for the SAN certificate must reflect the fully qualified domain name, for instance, "rmstage01.awmdm.com".
      • Meanwhile, for each of the 2 CP servers, TLS/SSL traffic terminates at the connection proctor, and therefore, you must have 2 FQDNs defined in the SAN certificate, for instance, "rmstage01.awmdm.com' and "rmstage02.awmdm.com'.
    SQL Server Name Enter the database server hostname from the previous step.
    Apply Default Settings. Enable this check box to pre-populate the additional setting Enrollment Certificate.
  14. Select the ...More button and complete the Custom Connection Proctor Advanced Settings.
    Important: If you are using port numbers other than the defaults referenced in Network and Security Requirements, you must enter these non-default port numbers here.
    Setting Description
    DB Application User name/ Password

    Enter the user name and password for the Workspace ONE Assist database application account.

    This user name is apdbuser.

    Note: When making user names and passwords, do not use the following special characters:
    • Ampersand - &
    • Less Than - <
    • Greater Than - >
    • Single Quote - '
    • Double Quotes - "
    • Semicolon - ;
    CP Internal IP Address/Port

    Defines from which internal IP addresses the connection proctor can be reached. By default, the setting is ‘All Unassigned’ to enable all addresses.

    Enter the port number for the Connection Proctor component. The default is 8443 but you can enter your preferred port number.

    Forward Lookup Zone Under the CP Internal IP Address/Port drop-down menu, enable this check box and enter your forward lookup zone here. You can also enter a custom lookup zone.
  15. Select Save followed by Next.
  16. At the Selected Components screen, review your selections. Once you have verified your configuration, select Install.

What to do next

Proceed to Configure the Workspace ONE UEM Console.