To deploy the VMware AirWatch Cloud Connector as part of an on-premises or a SaaS deployment, ensure your system meets the necessary requirements.

Hardware Requirements

Use the following requirements as a basis for creating your VMware AirWatch Cloud Connector server. For SaaS deployments, the VMware AirWatch Cloud Connector server can be a VM or physical server.

Table 1. ACC Hardware Requirements
Number of Users 1,000 to 10,000 10,000 to 25,000 25,000 to 50,000 50,000 to 100,000
CPU Cores 2 CPU cores 2 load-balanced servers with 2 CPU cores 2 load-balanced servers with 2 CPU cores 3 load-balanced servers with 2 CPU cores
RAM 4 GB 4 GB each 4 GB each 8 GB each
Disk Space 50 GB 50 GB each 50 GB each 50 GB each

The VMware Identity Manager Connector component has the following requirements. If you are installing both the VMware AirWatch Cloud Connector and the VMware Identity Manager Connector components on the same server, then add these requirements to the VMware AirWatch Cloud Connector requirements.

Table 2. VMware Identity Manager Connector Requirements
Number of Users 1,000 to 10,000 10,000 to 25,000 25,000 to 50,000 50,000 to 100,000

CPU Cores

 2 load-balanced servers with 4 CPU Cores 2 load-balanced servers with 4 CPU Cores 2 load-balanced servers with 4 CPU Cores 2 load-balanced servers with 4 CPU Cores

RAM

 6 GB each 8 GB each 16 GB each 16 GB each
Disk Space 50 GB each 50 GB each 50 GB each 50 GB each

Notes:

  • No additional sizing is needed for the Domain Join via ACC unless the domain joins per minute exceeds 20. For additional sizing information please reach out to VMware.
  • VMware AirWatch Cloud Connector traffic is automatically load-balanced by the AWCM component. It does not require a separate load balancer. Multiple VMware AirWatch Cloud Connectors in the same organization group that connect to the same AWCM server for high availability, can all expect to receive traffic (a live-live configuration). How traffic is routed is determined by AWCM and depends on the current load.
  • CPU Cores should each be 2.0 GHz or higher. An Intel processor is required.
  • Disk Space requirements include: 1 GB disk space for the VMware AirWatch Cloud Connector application, Windows OS, and .NET runtime. Additional disk space is allocated for logging.

Software Requirements

Ensure your VMware AirWatch Cloud Connector server meets all the following software requirements.

Requirement Notes

Windows Server 2016

Windows Server 2019 Desktop Experience

Windows Server 2022

 The VMware AirWatch Cloud Connector runs on an English-language Windows OS.
Install PowerShell on the server Deploying the PowerShell MEM-direct model for email requires PowerShell version 5.1 or later. To check your version, open PowerShell and run the command $PSVersionTable.
Install .NET Framework 4.8 The VMware AirWatch Cloud Connector does not auto update to v1912 unless .NET 4.8 is installed. To continue auto updating, install .NET 4.8 on the VMware AirWatch Cloud Connector servers.

General Requirements

Ensure your VMware AirWatch Cloud Connector is set up with the following general requirements to ensure a successful installation.

Requirement Notes
Ensure that you have remote access to the servers that Workspace ONE UEM is installed on Workspace ONE UEM recommends setting up Remote Desktop Connection Manager for multiple server management, you can download the installer from the Microsoft Download Center.

Typically, installations are performed remotely over a web meeting or screen share that a Workspace ONE UEM consultant provides. Some customers also provide Workspace ONE UEM with VPN credentials to directly access the environment as well.
Installation of Notepad++ (Recommended) Workspace ONE UEM recommends setting up Notepad++.
Services accounts for authentication to backend systems You can use LDAP, PowerShell, or others.

Validate your AD connectivity method.

On Premises Network Requirements: Core Components

For configuring the ports listed below, all the traffic is uni-directional (outbound) from the source component to the destination component.

An outbound proxy or any other connection management software or hardware must not terminate or reject the outbound connection from the VMware AirWatch Cloud Connector. The outbound connection required for use by VMware AirWatch Cloud Connector must remain open at all times.

Source Component Destination Component Protocol Port Verification
VMware AirWatch Cloud Connector Server AWCM Server HTTPS 2001

Telnet from VMware AirWatch Cloud Connector to AWCM Server on port or once installed:

Verify by entering https://<AWCM URL > :2001/awcm/status and ensure there is no certificate trust error.

If auto-update is enabled, VMware AirWatch Cloud Connector must be able to query Workspace ONE UEM console for updates using port 443.

If you are using VMware AirWatch Cloud Connector with AWCM and you have multiple AWCM servers and want to load balance them, you need to configure persistence.

For more information on setting up AWCM Persistence Rules Using F5, see the following Knowledge Base article: https://support.air-watch.com/articles/115001666028.
VMware AirWatch Cloud Connector Server Workspace ONE UEM console HTTP or HTTPS 80 or 443

Telnet from VMware AirWatch Cloud Connector to the console on port or once installed:

Verify by entering https://<console URL > and ensure there is no certificate trust error.

If auto-update is enabled, VMware AirWatch Cloud Connector must be able to query Workspace ONE UEM console for updates using port 443.
VMware AirWatch Cloud Connector Server API server (or wherever API is installed) HTTPS 443

Verify by navigating to the URL of your API server.

VMware AirWatch Cloud Connector Server CRL:

http://csc3-2010-crl.verisign.com/CSC3-2010.crl

HTTP 80 For various services to function properly

On Premises Network Requirements: Optional Integrations

For configuring the ports listed below, all the traffic is uni-directional (outbound) from the source component to the destination component.

An outbound proxy or any other connection management software or hardware must not terminate or reject the outbound connection from the VMware AirWatch Cloud Connector. The outbound connection required for use by VMware AirWatch Cloud Connector must remain open at all times.

Source Component Destination Component Protocol Port
VMware AirWatch Cloud Connector Server Internal SMTP SMTP 25
VMware AirWatch Cloud Connector Server Internal LDAP LDAP or LDAPS 389, 636, 3268, or 3269
VMware AirWatch Cloud Connector Server Internal SCEP HTTP or HTTPS 80 or 443
VMware AirWatch Cloud Connector Server Internal ADCS DCOM 135, 1025-5000, 49152-65535
VMware AirWatch Cloud Connector Server Internal Exchange 2010 or higher HTTP or HTTPS 80 or 443
VMware AirWatch Cloud Connector Server External Office 365: outlook.office365.com HTTP or HTTPS 80 or 443

SaaS Network Requirements: Core Components

For configuring the ports listed below, all the traffic is uni-directional (outbound) from the source component to the destination component.

An outbound proxy or any other connection management software or hardware must not terminate or reject the outbound connection from the VMware AirWatch Cloud Connector. The outbound connection required for use by VMware AirWatch Cloud Connector must remain open at all times.

Source Component Destination Component Protocol Port Verification
VMware AirWatch Cloud Connector Server AWCM

For example: (https://awcm274.awmdm.com)

 HTTPS 443 Verify by entering https://awcmXXX.awmdm.com/awcm/status and ensure there is no certificate trust error. (Replace 'XXX' with the same number as used in your environment URL, for example, '100' for cn100.)
VMware AirWatch Cloud Connector Server Workspace ONE UEM console

For example: (https://cn274.awmdm.com)

 HTTP or HTTPS 80 or 443

Verify by entering https://cnXXX.awmdm.com and ensure there is no certificate trust error. (Replace 'XXX' with the same number as used in your environment URL, for example, '100' for cn100.)

If auto-update is enabled, VMware AirWatch Cloud Connector must be able to query Workspace ONE UEM console for updates using port 443.
VMware AirWatch Cloud Connector Server

Workspace ONE UEM API

For example:

(https://as274.awmdm.com)

 		 HTTPS 443

Verify by entering https://asXXX.awmdm.com/api/help and ensure you are prompted for credentials. (Replace 'XXX' with the same number as used in your environment URL, for example, '100' for cn100.)

VMware AirWatch Cloud Connector to API access is required for the proper functioning of the AirWatch Diagnostics service.
VMware AirWatch Cloud Connector Server

CRL:

http://crl3.digicert.com/sha2-assured-cs-g1.crl

 HTTP 80 For various services to function properly

SaaS Network Requirements: Optional Integrations

For configuring the ports listed below, all the traffic is uni-directional (outbound) from the source component to the destination component.

An outbound proxy or any other connection management software or hardware must not terminate or reject the outbound connection from the VMware AirWatch Cloud Connector. The outbound connection required for use by VMware AirWatch Cloud Connector must remain open at all times.

Source Component Destination Component Protocol Port
VMware AirWatch Cloud Connector Server Internal SMTP SMTP 25
VMware AirWatch Cloud Connector Server Internal LDAP LDAP or LDAPS 389, 636, 3268, or 3269
VMware AirWatch Cloud Connector Server Internal SCEP HTTP or HTTPS 80 or 443
VMware AirWatch Cloud Connector Server Internal ADCS DCOM 135, 1025-5000, 49152-65535
VMware AirWatch Cloud Connector Server Internal Exchange 2010 or higher HTTP or HTTPS 80 or 443
VMware AirWatch Cloud Connector Server External Office 365: outlook.office365.com HTTP or HTTPS 80 or 443

AWCM Pre-install Requirement (On-Premises)

If you are an on-premises customer, ensure that AWCM is installed correctly, running, and communicating with Workspace ONE UEM without any errors.