To deploy the VMware AirWatch Cloud Connector as part of an on-premises or SaaS deployment, ensure your system meets the necessary requirements.

Hardware Requirements

Use the following requirements as a basis for creating your VMware AirWatch Cloud Connector server. For SaaS deployments, the AirWatch Cloud Connector Server can be a VM or physical server.

Table 1. ACC Hardware Requirements
Number of Users 1,000 to 10,000 10,000 to 25,000 25,000 to 50,000 50,000 to 100,000
CPU Cores 2 CPU cores 2 load-balanced servers with 2 CPU cores 2 load-balanced servers with 2 CPU cores 3 load-balanced servers with 2 CPU cores
RAM 4 GB 4 GB each 4 GB each 8 GB each
Disk Space 50 GB 50 GB each 50 GB each 50 GB each

The VMware Identity Manager Connector component has the following additional requirements. If you are installing both the ACC and VMware Identity Manager Connector components on the same server, add these requirements to the ACC requirements.

Table 2. VMware Identity Manager Connector Requirements
Number of Users 1,000 to 10,000 10,000 to 25,000 25,000 to 50,000 50,000 to 100,000

CPU Cores

2 load-balanced servers with 4 CPU Cores 2 load-balanced servers with 4 CPU Cores 2 load-balanced servers with 4 CPU Cores 2 load-balanced servers with 4 CPU Cores

RAM

6 GB each 8 GB each 16 GB each 16 GB each
Disk Space 50 GB each 50 GB each 50 GB each 50 GB each

Notes:

  • VMware AirWatch Cloud Connector traffic is automatically load-balanced by the AWCM component. It does not require a separate load balancer. Multiple VMware AirWatch Cloud Connectors in the same organization group that connect to the same AWCM server for high availability, can all expect to receive traffic (a live-live configuration). How traffic is routed is determined by AWCM and depends on the current load.

  • CPU Cores should each be 2.0 GHz or higher. An Intel processor is required.
  • Disk Space requirements include: 1 GB disk space for the VMware AirWatch Cloud Connector application, Windows OS, and .NET runtime. Additional disk space is allocated for logging.

Software Requirements

Ensure your VMware AirWatch Cloud Connector server meets all the following software requirements.

Requirement Notes

Windows Server 2008 R2 SP1 or

Windows Server 2012 R2 or

Windows Server 2016

Windows Server 2019 Desktop Experience

The VMware AirWatch Cloud Connector is intended to run on an English-language Windows OS.

Install PowerShell on the server

PowerShell version 3.0+ is required if you are deploying the PowerShell MEM-direct model for email. To check your version, open PowerShell and run the command $PSVersionTable.

Install .NET Framework 4.8

The VMware AirWatch Cloud Connector will not auto update to v1912 unless .NET 4.8 is installed. Install .NET 4.8 on the VMware AirWatch Cloud Connector servers to allow auto update to continue.

General Requirements

Ensure your VMware AirWatch Cloud Connector is set up with the following general requirements to ensure a successful installation.

Requirement Notes

Ensure that you have remote access to the servers that Workspace ONE UEM is installed on

Workspace ONE UEM recommends setting up Remote Desktop Connection Manager for multiple server management, you can download the installer from https://www.microsoft.com/en-us/download/details.aspx?id=44989

Typically, installations are performed remotely over a web meeting or screen share that a Workspace ONE UEM consultant provides. Some customers also provide Workspace ONE UEM with VPN credentials to directly access the environment as well.

Installation of Notepad++ (Recommended)

Workspace ONE UEM recommends setting up Notepad++.

Services accounts for authentication to backend systems

Validate AD connectivity method using LDP.exe tool (See http://www.computerperformance.co.uk/ScriptsGuy/ldp.zip)

LDAP, PowerShell, etc.

On Premises Network Requirements: Core Components

For configuring the ports listed below, all the traffic is uni-directional (outbound) from the source component to the destination component.

An outbound proxy or any other connection management software or hardware must not terminate or reject the outbound connection from the VMware AirWatch Cloud Connector. The outbound connection required for use by VMware AirWatch Cloud Connector must remain open at all times.

Source Component

Destination Component

Protocol

Port

Verification

VMware AirWatch Cloud Connector Server

AWCM Server

HTTPS

2001

Telnet from VMware AirWatch Cloud Connector to AWCM Server on port or once installed:

Verify by entering https://<AWCM URL > :2001/awcm/status and ensure there is no certificate trust error.

If auto-update is enabled, VMware AirWatch Cloud Connector must be able to query Workspace ONE UEM console for updates using port 443.

If you are using VMware AirWatch Cloud Connector with AWCM and you have multiple AWCM servers and want to load balance them, you need to configure persistence.

For more information on setting up AWCM Persistence Rules Using F5, see the following Knowledge Base article: https://support.air-watch.com/articles/115001666028.

VMware AirWatch Cloud Connector Server

Workspace ONE UEM console

HTTP or HTTPS

80 or 443

Telnet from VMware AirWatch Cloud Connector to the console on port or once installed:

Verify by entering https://<console URL > and ensure there is no certificate trust error.

If auto-update is enabled, VMware AirWatch Cloud Connector must be able to query Workspace ONE UEM console for updates using port 443.

VMware AirWatch Cloud Connector Server API server (or wherever API is installed) HTTPS 443

Verify by navigating to the URL of your API server.

VMware AirWatch Cloud Connector Server

CRL:

http://csc3-2010-crl.verisign.com/CSC3-2010.crl

HTTP 80 For various services to function properly
         

On Premises Network Requirements: Optional Integrations

For configuring the ports listed below, all the traffic is uni-directional (outbound) from the source component to the destination component.

An outbound proxy or any other connection management software or hardware must not terminate or reject the outbound connection from the VMware AirWatch Cloud Connector. The outbound connection required for use by VMware AirWatch Cloud Connector must remain open at all times.

Source Component

Destination Component

Protocol

Port

VMware AirWatch Cloud Connector Server

Internal SMTP

SMTP

25

VMware AirWatch Cloud Connector Server

Internal LDAP

LDAP or LDAPS

389, 636, 3268, or 3269

VMware AirWatch Cloud Connector Server

Internal SCEP

HTTP or HTTPS

80 or 443

VMware AirWatch Cloud Connector Server

Internal ADCS

DCOM

135, 1025-5000, 49152-65535

VMware AirWatch Cloud Connector Server

Internal Exchange 2010 or higher

HTTP or HTTPS

80 or 443

SaaS Network Requirements: Core Components

For configuring the ports listed below, all the traffic is uni-directional (outbound) from the source component to the destination component.

An outbound proxy or any other connection management software or hardware must not terminate or reject the outbound connection from the VMware AirWatch Cloud Connector. The outbound connection required for use by VMware AirWatch Cloud Connector must remain open at all times.

Source Component

Destination Component

Protocol

Port

Verification

VMware AirWatch Cloud Connector Server

AWCM

For example: (https://awcm274.awmdm.com)

HTTPS

443

Verify by entering https://awcmXXX.awmdm.com/awcm/status and ensure there is no certificate trust error. (Replace 'XXX' with the same number as used in your environment URL, for example, '100' for cn100.)

VMware AirWatch Cloud Connector Server

Workspace ONE UEM console

For example: (https://cn274.awmdm.com)

HTTP or HTTPS

80 or 443

Verify by entering https://cnXXX.awmdm.com and ensure there is no certificate trust error. (Replace 'XXX' with the same number as used in your environment URL, for example, '100' for cn100.)

If auto-update is enabled, VMware AirWatch Cloud Connector must be able to query Workspace ONE UEM console for updates using port 443.

VMware AirWatch Cloud Connector Server

Workspace ONE UEM API

For example:

(https://as274.awmdm.com)

 

HTTPS 443

Verify by entering https://asXXX.awmdm.com/api/help and ensure you are prompted for credentials. (Replace 'XXX' with the same number as used in your environment URL, for example, '100' for cn100.)

VMware AirWatch Cloud Connector to API access is required for the proper functioning of the AirWatch Diagnostics service.

VMware AirWatch Cloud Connector Server

CRL:

http://crl3.digicert.com/sha2-assured-cs-g1.crl

HTTP 80 For various services to function properly

SaaS Network Requirements: Optional Integrations

For configuring the ports listed below, all the traffic is uni-directional (outbound) from the source component to the destination component.

An outbound proxy or any other connection management software or hardware must not terminate or reject the outbound connection from the VMware AirWatch Cloud Connector. The outbound connection required for use by VMware AirWatch Cloud Connector must remain open at all times.

Source Component

Destination Component

Protocol

Port

VMware AirWatch Cloud Connector Server

Internal SMTP

SMTP

25

VMware AirWatch Cloud Connector Server

Internal LDAP

LDAP or LDAPS

389, 636, 3268, or 3269

VMware AirWatch Cloud Connector Server

Internal SCEP

HTTP or HTTPS

80 or 443

VMware AirWatch Cloud Connector Server

Internal ADCS

DCOM

135, 1025-5000, 49152-65535

VMware AirWatch Cloud Connector Server

Internal Exchange 2010 or higher

HTTP or HTTPS

80 or 443

AWCM Pre-install Requirement (On-Premises)

If you are an on-premises customer, ensure that AWCM is installed correctly, running, and communicating with Workspace ONE UEM without any errors.