To successfully deploy the SEG, you must meet the UEM console requirements, hardware requirements, software requirements, and network recommendations.

UEM Console Requirements

  • All currently supported UEM console versions. See the Workspace ONE UEM console release and End of General Support Matrix document for more details on the currently supported versions.
  • REST API must be enabled for the Organization Group.
Prerequisite: Enable REST API

To configure the REST API URL for your Workspace ONE UEM environment:

  1. Navigate to Groups & Settings > All Settings > System > Advanced > API > REST API.
  2. The Workspace ONE UEM gets the API certificate from the REST API URL, that is, on the site URLs page located at Groups & Settings > All Settings > System > Advanced > Site URL. For SaaS deployments,the API URL must be in the asXX.awmdm.com format.

You can configure the SEG V2 at a container organization group that inherits the REST API settings from a customer type organization group.

Hardware Requirements

A SEG V2 server can be either a virtual (preferred) or physical server.

Note the following when deploying SEG V2:

  • An Intel processor is required. CPU Cores should each be 2.0 GHz or higher.
  • The minimum requirements for a single SEG server are 2 CPU cores and 4 GB RAM.
  • When installing the SEG servers in a load balanced configuration, sizing requirements can be viewed as cumulative. For example, a SEG environment requiring 4 CPU Cores and 8 GB RAM can be supported by either:
    • One single SEG server with 4 CPU cores and 8 GB RAM.
    • Two load-balanced SEG servers, each with 2 CPU cores and 4 GB RAM.
  • 5 GB disk space needed per SEG and dependent software. This does not include system monitoring tools or additional server applications.

Software Requirements

  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Networking Requirements

The SEG uses the following default ports:

Source Component Destination Component Protocol Port Description
Devices (from Internet and Wi-Fi) SEG HTTPS 443 Devices request mail from SEG
Console Server SEG HTTPS 443 Console makes administrative commands to SEG 
SEG Workspace ONE UEM REST API (Device Services (DS) or Console Server (CN) server) HTTP or HTTPS 80 or 443 SEG retrieves the configuration and general compliance policy information
SEG Internal hostname or IP of all other SEG servers TCP 5701 and 41232 If SEG Clustering is used, then SEG communication to shared policy cache across other SEGs for updates and replication.
SEG localhost HTTP 44444 Admin accesses the SEG server status and diagnostic information from the localhost machine.
Device Services SEG HTTPS 443 Enrollment events and real-time compliance communicates to SEG.
SEG  Exchange HTTP or HTTPS 80 or 443 Verify the following URL is accessible from the browser on the SEG server and prompts for the credentials. http(s)://<Exchange-Server-FQDN>/Microsoft-Server-ActiveSync

The SEG V2 requires that TLS 1.1 or 1.2 is supported on the client's email server, preferably TLS 1.2. It is recommended that the client follow the guidelines of the email system and the OS manufacturer.

Recommendations

Requirement Notes

Remote access to Windows Servers available to Workspace ONE UEM and administrator rights

Set up the Remote Desktop Connection Manager for multiple server management. You can download the installer from the Microsoft download center.

Installation of Notepad++ (Recommended) This application makes it easier to parse through the log files.
Ensure Exchange ActiveSync is enabled for a test account  
Ensure you have remote access to the servers where Workspace ONE UEM is installed. Typically, Workspace ONE UEM consultants perform installations remotely over a web meeting or screen share. Some customers also provide Workspace ONE UEM with VPN credentials to directly access the environment as well.