SEG (V2 Platform) Requirements

You must meet the hardware, software, network, and general requirements to successfully deploy the SEG.

UEM Console Requirements

  • AirWatch Console 9.0.3 or later
  • REST API enabled for the Customer type Organization Group

Prerequisite: Enable REST API

To configure the REST API URL for your Workspace ONE UEM environment:

  1. Navigate to Groups & Settings > All Settings > System > Advanced > API > REST API.
  2. The UEM console gets the API certificate from the REST API URL that is on the Site URLs page. For SaaS deployments, use the format as 'XX.airwatchportals.com'.

You can configure the Secure Email Gateway (V2 platform) at a Container organization group that inherits the REST API settings from a Customer type organization group.

Hardware Requirements

A Secure Email Gateway (V2 platform) server can be a VM or physical server with the following hardware.

Notes for both SEG deployments types: 

  • An Intel processor is required. CPU Cores should each be 2.0 GHz or higher.
  • The minimum requirements for a single SEG server are 2 CPU cores and 4 GB of RAM.

  • When installing SEG servers in a load balanced configuration, sizing requirements can be viewed as cumulative. For example, a SEG environment requiring 4 CPU Cores and 8GB of RAM can be supported by either:
    • One single SEG server with 4 CPU cores and 8GB RAM.

      or

    • Two load balanced SEG servers with 2 CPU core and 4GB RAM each.
  • 5 GB Disk Space needed per SEG and dependent software. This does not include system monitoring tools or additional server applications.

Software Requirements

Requirement Notes

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

 

Networking Requirements

Source Component

Destination Component

Protocol

Port

Description

Devices (from Internet and Wi-Fi)

SEG

HTTPS

443

Devices request mail from SEG

Console Server SEG HTTPS 443 Console makes administrative commands to SEG 

SEG

Workspace ONE UEM REST API (DS or CN server)

HTTP or HTTPS

80 or 443

SEG retrieves the configuration and general compliance policy information

SEG (OPTIONAL) Internal hostname or IP of all other SEG servers TCP

5701

41232

SEG communicates to shared policy cache across other SEGs for updates and replication

SEG localhost HTTP 44444 Admin accesses the SEG server status and diagnostic information from the localhost machine
Device Services SEG HTTPS 443 Enrollment events and real-time compliance communicates to SEG
SEG  Exchange HTTP or HTTPS 80 or 443 Verify the following URL is trusted from the browser on the SEG server and gives a prompt for credentials:

For Exchange: http(s):// Exchange_Activesync_FQDN/Microsoft-server-activesync

Recommendations

Requirement Notes

Remote access to Windows Servers available to Workspace ONE UEM and Administrator rights

Set up the Remote Desktop Connection Manager for multiple server management, download the installer from https://www.microsoft.com/en-us/download/details.aspx?id=44989

Installation of Notepad++ (Recommended)  
Ensure Exchange ActiveSync is enabled for a test account  

Remote Access to Servers

Ensure that you have remote access to the servers where Workspace ONE UEM is installed. Typically, Workspace ONE UEM consultants perform installations remotely over a web meeting or screen share. Some customers also provide Workspace ONE UEM with VPN credentials to directly access the environment as well.