Meeting application server prerequisites is essential to a successful Worksspace ONE UEM isntallation. Learn more about all requirements for your hardware, network, software, Server Manager roles, RDP and VM Access to Application Servers, and Service account permissions.

Meet the application server prerequisites before installing the application server. The prerequisites listed here apply to any application server you plan to install.

Hardware Requirements

A Workspace ONE UEM installation can involve many servers, and the exact specifications depend on the size and needs of your deployment. You may need to gather this information before proceeding so you size your servers correctly. Read through the Workspace ONE UEM Recommended Architecture Guide, available at docs.vmware.com., for hardware sizing information and other technical details that ensure the smooth operation of your Workspace ONE UEM solution.

Network Requirements

Review all the network requirements as outlined in the Workspace ONE UEM Recommended Architecture Guide. These requirements include the firewall ports that must be opened for Workspace ONE UEM to function properly.

Software Requirements

Ensure that you meet the following software requirements for the application servers:

  • Internet Explorer 9+ installed on all application servers

  • Branch Cache enabled on all application servers

  • Windows Server 2012 R2, Windows Server 2016, or Windows Server 2019 Desktop Experience

    • For Windows Server 2012 R2, ensure that your Windows installation includes KB2999226 to avoid errors when you start a .NET Core application.

  • 64-bit Java (JRE 1.8) server needed for the server on which AWCM is installed. The Java 8u251 installer is packaged with the Workspace ONE UEM installer and installs automatically if it is not already present.

  • .NET Framework 4.8. The .NET Framework 4.8 web installer is packaged with the WorkspaceONE UEM installer and installs automatically if it is not already present.

    • .NET Core 3.1.1. The minimum supported .NET Core version is 3.1.1.

  • PowerShell version 3.0+ if you are deploying the PowerShell MEM-direct model for email. To verify your version, open PowerShell and run the command $PSVersionTable. More details on this and other email models are available in the Workspace ONE UEM Mobile Email Management Guide, available at docs.vmware.com.

  • Microsoft SQL Server 2012 Native Client 11.3.6538.0 to run the database installer. If you do not want to install SQL Server 2012 Native Client, run the database installer from another UEM server (or a jump server) where Microsoft SQL Server 2012 Native Client 11.3.6538.0 can install.

  • If you plan to use an Active Directory service account for SQL authentication to the UEM database, then the UEM application server must be joined to the domain. This AD service account must have administrator-level permissions for each application server.

  • URL Rewrite 2.0. The correct URL Rewrite version will download and install as part of the installation process if it is not present.

  • The following cipher suites need to be enabled based on the server version of the application servers to communicate with Apple for the new HTTP/2 change that will go into effect early next year (2021):

    • “TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384”(windows server 2016 and later) - This is handled by a crypto library in the product for OS's that do not support it.

    • "TLS_RSA_WITH_AES_256_CBC_SHA “(windows 2012 R2 and earlier)

Proxy Requirements

The Workspace ONE UEM servers can be configured with a proxy / PAC file for outbound Internet access. Apple APNs

traffic, however, is not HTTP traffic, and cannot be authorized through traditional HTTP proxies. This traffic must go

straight out to the Internet or through an application/SOCKS proxy.

If you are performing outbound proxying of APNs messages, your proxy application must support SOCKS V5.

SOCKS V4 and SOCKS V4a are not supported.

Install Role from Server Manager

Ensure that you meet the following IIS requirements, depending on your Windows Server version:

  • IIS 7.0 (Server 2008 R2 SP1)

  • IIS 8.5 (Server 2012 R2)

  • IIS 10.0 (Server 2016)

  • IIS 10.0 (Windows Server 2019 Desktop Experience)

See additional information on the required roles and features under Configure your Application Servers.

RDP and VM Access to Application Servers

You must have remote access to the servers that Workspace ONE UEM is installed on. Verify this access before attempting to install Workspace ONE UEM servers.

Permissions of Workspace ONE UEM Service Accounts

The service account you create for Workspace ONE UEM needs the appropriate permissions to integrate with your back end systems. This can be one service account that has all required access. Verify connectivity between your Workspace ONE UEM service account and your backend systems.