sap afaria system requirements

PUBLIC2021-10-29

SAP Afaria System Requirements

© 2

021 S

AP S

E or

an

SAP affi

liate

com

pany

. All r

ight

s re

serv

ed.

THE BEST RUN

Content

1 Afaria Access and Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2 Installation Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

3 Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

4 Certificate Authority Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

5 SAP Afaria Server Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

6 SAP Afaria Administrator Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

7 Self-Service Portal Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

8 Package Server Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

9 Enrollment Server Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

10 Browser Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

11 Access Control Remote Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

12 Network Access Control Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

13 Relay Server Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

14 SMS Gateway Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

15 Connectivity Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

16 Supported Languages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

16.1 SAP Afaria Server Supported Languages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

16.2 SAP Afaria Client Supported Languages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

17 Device Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

17.1 Android Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

17.2 iOS Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

17.3 Windows Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

17.4 Windows Phone Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

17.5 Windows Devices with the MDM Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

2 PUBLICSAP Afaria System Requirements

Content

1 Afaria Access and Support

SAP provides industry-leading support and a variety of downloads to help you get the best out of your products and solutions.

The sections below provide more information about getting access to Afaria, Afaria support, and Afaria documentation.

Where to Get Afaria

Visit the Afaria Software Download page on the SAP Support portal to download Afaria.

You will require a Download Software authorization, which you can request from your company's SAP System Administrator.

Afaria Support

To get access to Afaria information and report incidents, go to the SAP Support portal . Use these links for Afaria Support Documentation and Afaria Release Notes .

Registering for Notifications

Manage notifications for SAP Notes and knowledge-based articles (KBAs) using the Expert Search feature of the Support Portal. For help on setting up notifications, refer to the Working with the Expert Search topic in the My SAP Notes & KBAs online help.

You can also check out this blog for more information.

Afaria Documentation

For module-wise help content of Afaria, refer to the product documentation in the SAP Help Portal (https://help.sap.com/viewer/p/SAP_AFARIA).

SAP Afaria System RequirementsAfaria Access and Support PUBLIC 3

http://help.sap.com/disclaimer?site=https%3A%2F%2Flaunchpad.support.sap.com%2F%23%2Fsoftwarecenter%2Ftemplate%2Fproducts%2F%2520_APP%3D00200682500000001943%26_EVENT%3DDISPHIER%26HEADER%3DY%26FUNCTIONBAR%3DN%26EVENT%3DTREE%26NE%3DNAVIGATE%26ENR%3D67837800100900007120%26V%3DMAINT%26TA%3DACTUAL%26PAGE%3DSEARCH%2FSYBASE%2520AFARIA%25207.0

http://help.sap.com/disclaimer?site=https%3A%2F%2Fsupport.sap.com%2Fen%2Findex.html

http://help.sap.com/disclaimer?site=https%3A%2F%2Flaunchpad.support.sap.com%2F%23%2Fsolutions%2Fnotesv2%2F%3Fq%3Dafaria

http://help.sap.com/disclaimer?site=https%3A%2F%2Flaunchpad.support.sap.com%2F%23%2Fsolutions%2Fnotesv2%2F%3Fq%3D%25252522release%25252520notes%25252520information%25252522%26sortBy%3Ddate%26sortOrder%3Ddesc%26filters%3D%25255B%25255B%25257B%252522attribute%252522%3A%252522themk%252522%2C%252522operator%252522%3A%252522EQ%252522%2C%252522low%252522%3A%252522MOB-AFA%2A%252522%2C%252522high%252522%3A%252522%252522%25257D%25255D%2C%25255B%25257B%252522attribute%252522%3A%252522type%252522%2C%252522operator%252522%3A%252522EQ%252522%2C%252522low%252522%3A%25252200200720410000000382%252522%2C%252522high%252522%3A%252522%252522%25257D%25255D%25255D

http://help.sap.com/disclaimer?site=https%3A%2F%2Fsupport.sap.com%2Fcontent%2Fdam%2Fsupport%2Fen_us%2Flibrary%2Fssp%2Fmy-support%2Fhelp-for-sap-support-applications%2Fonline_help-my_notes.html%23expertsearch

http://help.sap.com/disclaimer?site=https%3A%2F%2Fblogs.sap.com%2F2017%2F04%2F27%2Fsap-hotnews-security-or-legal-change-notes-get-notified-about-basically-everything%2F

https://help.sap.com/viewer/p/SAP_AFARIA

https://help.sap.com/viewer/p/SAP_AFARIA

Contact Us

To learn more about the SAP Support portal, check the help topics at https://support.sap.com/support-programs-services/about/help-index.html .

For any feedback or queries related to Afaria Technical Publications, contact us at [email protected].


Afaria Access and Support

http://help.sap.com/disclaimer?site=https%3A%2F%2Fsupport.sap.com%2Fsupport-programs-services%2Fabout%2Fhelp-index.html

http://help.sap.com/disclaimer?site=https%3A%2F%2Fsupport.sap.com%2Fsupport-programs-services%2Fabout%2Fhelp-index.html

2 Installation Image

The SAP Afaria product image includes as set of folders with software components.

NoteEach Afaria SP is a complete and wholly self-contained software package that has no dependencies or prerequisites pertaining to prior installations of the product, regardless of version.

Folders marked by an asterisk (*) are reserved for setup program use. Do not access them directly.

Folder Contents Description

AdminUI* This folder contains installation files for the Afaria Administration console.

AfariaServiceHost* This folder contains SAP Afaria API host service files.

CAProxy This folder contains installation files for the Certificate Authority Proxy service. This service only needs to be installed on a machine with domain-level access to the CA if SAP Afaria is configured to use Microsoft Native Certificate Authority through the CA proxy and the SAP Afaria server itself does not have domain-level access to the CA.

EUSSP* This folder contains installation files for the Self-Service Portal. The Self-Service Portal allows users to enroll devices in SAP Afaria management, view device information, and to remote lock or remote wipe devices.

iPhoneServer This folder contains installation files for the SAP Afaria Enrollment Server.

ISAPI_x64* This folder contains installation files for the ISAPI filter that SAP Afaria uses for access control filter.

NetworkAccessControlService* This folder contains installation files that SAP Afaria uses for network access control.

PackageServer* This folder contains installation files for the SAP Afaria Package Server. The Package Server delivers enterprise application packages to devices.

Redistributables ● VC_RunTime – Visual Studio 2012 runtime binaries for 32-bit (x86) and 64-bit (x64).

● SQLAnywhereClient – contains the installer for the 64- and 32-bit client versions.

relay_server This folder contains installation files for SAP SQL Anywhere Relay Server 17. The relay server is an optional component.

relay_server16 This folder contains installation files for SAP SQL Anywhere Relay Server 16. Relay Server 16 is deprecated but still supported.

The relay server is an optional component.

Server* This folder contains installation files for SAP Afaria Server.

SAP Afaria System RequirementsInstallation Image PUBLIC 5

Folder Contents Description

Utility* This folder contains files for a utility program that checks for missing prerequisites or network connectivity issues prior to installing SAP Afaria components.


Installation Image

3 Database Requirements

The database stores procedures, configuration properties, device, group, and policy data, and all message and activity logging.

Component Requirements

Database software ● SAP SQL Anywhere 17● Microsoft SQL Server 2016 Enterprise edition● Microsoft SQL Server 2016 Standard edition● Microsoft SQL Server 2014 Enterprise edition with SP2● Microsoft SQL Server 2014 Standard edition with SP2

Collations ● Case-insensitive, accent-sensitive collation is required.● SQL Anywhere:

UTF-8 character encoding and the Unicode Collation Algorithm (UCA) are required for both CHAR and NCHAR collation sequences. No other encodings or collations are supported.When you create the database, choose UCA for both CHAR and NCHAR collation sequences. This also sets UTF-8 as the character encoding.Using dbinit:

○ -z UCA(CaseSensitivity=Ignore;AccentSensitivity=Respect)

○ -zn UCA(CaseSensitivity=Ignore;AccentSensitivity=Respect)

Using SQL Central:○ Select UCA for both CHAR and NCHAR collation sequences, then select

CaseSensitivity: Ignore and AccentSensitivity: Respect on the Collation Tailoring Options wizard page.

Support for Non-English/Western European environments

● Right-to-left and bidirectional languages are not supported.● SQL Server:

Non-western European character support is very limited. Only some stored data fields and operations permit the use of characters outside of Windows code page 1252 (aka Latin 1).

● SQL Anywhere:Non-western European characters are supported via the use of UTF-8 character encoding and the Unicode Collation Algorithm (UCA).

Time zone Must be configured for the same date, time, and time zone as the SAP Afaria Server components it supports.

SAP Afaria System RequirementsDatabase Requirements PUBLIC 7

4 Certificate Authority Requirements

The certificate authority issues certificates that SAP Afaria uses to secure device communication and management.

Component Supported Configurations

Certificate Authority ● SCEP:○ Windows Server 2016 and Windows Server 2012 R2

○ IIS○ Active Directory Certificate Services (ADCS) role○ Network Device Enrollment Service (NDES) role

● Native Certificate APIs:○ Windows Server 2016 and Windows Server 2012 R2

○ IIS○ Active Directory Certificate Services (ADCS) role

● Entrust:Products and versions:○ Entrust Managed Services PKI○ Entrust Authority Administration Services Version 9○ Entrust Authority Administration Services Version 8○ Entrust IdentityGuard 11○ Entrust IdentityGuard 10.2

NoteVersion 8 APIs do not support revocation.

Digital ID configurations with Relative Distinguished Name (RDN) format - cn=<igusername> <iggroup> <devicetype>

Additional requirements ● iOS devices require verification of the complete chain of trust● The identity credentials used for the certificate authority IIS SCEP

application pool must match the credentials for the SAP Afaria Enrollment Server


Certificate Authority Requirements

5 SAP Afaria Server Requirements

The SAP Afaria Server is central to Afaria operations. The server communicates with the Afaria database and additional components or devices as necessary.

This recommended setup is for 50 - 300 concurrent device sessions.


Operating system ● Windows Server 2016 Standard edition (64-bit)● Windows Server 2016 Datacenter edition (64-bit)● Windows Server 2012 R2 Standard edition (64-bit)● Windows Server 2012 R2 Datacenter edition (64-bit)

Processor ● Minimum: 1.4 GHz (x64 processor)● Recommended: 2 GHz or faster

Memory ● Minimum: 1.5 GB● Recommended: 2.0 GB

Storage ● 20 GB● Additional storage is required for user data

Database ● Configured for the same date, time, and time zone as the database server

Relay server ● Connections from devices● Connections from Afaria Access Control for Email Components

Directory and authentication ● Microsoft Active Directory● Windows NTLM

Client communication ● SSL protocol v3 using x.509 certificate signed by a trusted or custom signed certificate authority

● IPv4 or IPv6● HTTP with T-Mobile

Windows account ● Log on as service● Interactive logon

SAP Afaria System RequirementsSAP Afaria Server Requirements PUBLIC 9


Additional requirements ● Installation path and virtual directory must contain ASCII characters only

● Microsoft Visual C++ Runtime○ 2012 x64○ 2012 x86

● Internet Information Services (IIS) for Windows Server 7.5● Windows Installer 3.1● Microsoft .NET Framework Runtime 4.5.1, 4.5.2, 4.6.1, or 4.6.2 and all

associated WCF Services● Microsoft XML Core Services 6.0


SAP Afaria Server Requirements

6 SAP Afaria Administrator Requirements

The Afaria Administration console is the interface for administering the SAP Afaria server and components.


Operating system ● Windows Server 2016 Standard edition (64-bit)● Windows Server 2016 Datacenter edition (64-bit)● Windows Server 2012 R2 Standard edition● Windows Server 2012 R2 Datacenter edition

Processor ● Minimum: 1 GHz (x86 processor) or 1.4 GHz (x64 processor)● Recommended: 2 GHz or faster

Memory ● Minimum: 512 MB● Recommended: 2 GB or greater

Storage ● Minimum: 10 GB● Recommended: 40 GB or greater




● Internet Information Services (IIS) for Windows Server 7.5● Windows Installer 3.1● Microsoft .NET Framework Runtime 4.5.1, 4.5.2, 4.6.1, or 4.6.2

SAP Afaria System RequirementsSAP Afaria Administrator Requirements PUBLIC 11

7 Self-Service Portal Requirements

The Self-Service Portal lets users enroll devices in Afaria management, view device information, and issue commands, such as to lock or wipe devices remotely.


Operating systems ● Windows Server 2016 Standard edition (64-bit)● Windows Server 2016 Datacenter edition (64-bit)● Windows Server 2012 R2 Standard edition (64-bit)● Windows Server 2012 R2 Datacenter edition (64-bit)




Database ● Configured for the same time zone as the database server

Additional requirements ● Installation path and virtual directory must contain only ASCII characters

● Microsoft Internet Information Server (IIS) 7.5● Windows Installer 3.1● Microsoft .NET Framework Runtime 4.5.1, 4.5.2, 4.6.1, or 4.6.2


Self-Service Portal Requirements

8 Package Server Requirements

The Package Server sends Afaria application packages to devices for application policies and serves certificates and device provisioning data to third-party applications for onboarding.







Additional requirements ● Installation path and virtual directory must contain only ASCII characters

● Microsoft Internet Information Server (IIS) 7.5● Microsoft Windows Installer 3.1● Microsoft .NET Framework Runtime 4.5.1, 4.5.2, 4.6.1, or 4.6.2● Microsoft Visual C++ Runtime

○ 2012 x64○ 2012 x86

SAP Afaria System RequirementsPackage Server Requirements PUBLIC 13

9 Enrollment Server Requirements

The Enrollment Server supports device enrollment for Android, iOS, Windows Phone, Windows DM (Windows 8.1, 10), and Windows Mobile devices. It also delivers payloads for iOS devices.

Demand for Afaria resources can vary greatly by installation and are highly dependent on several factors. Afaria enrollment server resource recommendations are based on the number of concurrent device sessions and session duration. The following factors can affect session duration:

● Device response time● Number of device enrollment requests● Number of iOS configuration policies● Number of settings within iOS configuration policies● Connection speed● IIS server request processing capacity






Database ● Configured for the same time zone as the database server



● Internet Information Services (IIS) for Windows Server 7.5● Windows Installer 3.1● Microsoft .NET Framework Runtime 4.5.1, 4.5.2, 4.6.1, or 4.6.2● Must be able to retrieve valid CRL and Delta CRL files


Enrollment Server Requirements

10 Browser Requirements

Follow the browser requirements to successfully use the Afaria Administration console and the Self-Service Portal.

Component Requirement

Browser ● Google Chrome● Internet Explorer 11● Mozilla Firefox● Safari

Additional requirements ● On the domain controller in an Active Directory environment, make sure that the Log On To list is either unrestricted or includes the SAP Afaria Administrator server and the computers that access the Afaria Administration console

● Enhanced security configuration setting in Internet Explorer 9 is not supported

● Compatibility view in Internet Explorer is not supported● Due to session state sharing restrictions between tabs, support is

limited to using a single tab

SAP Afaria System RequirementsBrowser Requirements PUBLIC 15

11 Access Control Remote Requirements

Access control remote uses PowerShell commands that are native to the Exchange environment. The Exchange environment may be local or hosted.

Component Description

Local email server ● Microsoft Exchange Server 2016● Microsoft Exchange Server 2013

NoteMicrosoft has discontinued mainstream support for Microsoft Exchange Server 2013 as of April 4, 2018.

Hosted email server ● Microsoft Office 365

PowerShell Host Server ● Microsoft PowerShell Version 2.0● Enable the PowerShell remote command capability by enabling Ba

sic or Kerberos authentication on the virtual directory in IIS


Access Control Remote Requirements

12 Network Access Control Requirements

The Network Access Control Server allows Android and iOS devices access to corporate Wi-Fi networks by ensuring the devices are under SAP Afaria control before Wi-Fi access is granted.

This ensures that devices are kept in compliance with SAP Afaria MDM control, enforcing inventory collection and security policies on the device before permitting access to enterprise networks.








● Microsoft Internet Information Services (IIS) 7.5● IIS Basic Authentication Enabled

○ Afaria NAC service configured to communicate with the same TLS protocol(s) used by the NAC router

● Windows Installer 3.1● Microsoft .NET Framework Runtime 4.5.1, 4.5.2, 4.6.1, or 4.6.2● Microsoft Visual C++ Runtime

○ 2012 x64○ 2012 x86

SAP Afaria System RequirementsNetwork Access Control Requirements PUBLIC 17

13 Relay Server Requirements

The Relay Server is a secure, load-balanced proxy server that relays communication between mobile devices and servers. It is an optional component that is included with the SAP Afaria product on the product installation image.


Relay server ● SAP SQL Anywhere 17 Relay Server● SAP SQL Anywhere 16 Relay Server

NoteRelay Server 16 is deprecated but still supported to allow customers to transition to Relay Server 17. Both versions can run in parallel during this transition period.

Web server ● IIS 10 for Windows Server 2016● IIS 7.5 (Windows)● Apache (Linux)

Supported server components ● SAP Afaria Server● SAP Afaria Enrollment Server● SAP Afaria Package Server● Certificate Authority


Relay Server Requirements

14 SMS Gateway Requirements

SAP Afaria uses the SMS Gateway to deliver outbound notifications, remote wipe commands, and any other communication that is addressed for SMS routing to supported devices.

Refer to Installing SMS Gateway in the Installing SAP Afaria guide for more information.


Third-party components ● Cygwin UNIX-emulating environment (manual installation)

Other requirements ● Short Message Peer-to-Peer (SMPP) 3.4 protocol support● SMS gateway configuration settings must contain only ASCII char

acters

SAP Afaria System RequirementsSMS Gateway Requirements PUBLIC 19

https://help.sap.com/viewer/09e07b0e3db74c709901684294186994/7.0.31/en-US/9cf2218e6e6c10148ebe1a87b0e91070.html

15 Connectivity Requirements

Connectivity requirements must be used for components to connect with each other successfully.

Component Ports

SAP Afaria Server ● Port 80 inbound: HTTP without a relay server● Port 80 outbound: HTTP with a relay server● Port 135 inbound: DCOM communications with SAP Afaria compo

nents. The DCOM port range is configurable. These ports are reserved for, and managed by, DCOM services.

● Port 443 inbound: HTTPS without a Relay Server● Port 443 outbound: HTTPS with a Relay Server● Port 443 outbound: Google Cloud Messaging (https://

android.apis.google.com/gcm/send)● Port 443 outbound: HTTPS with messaging servers for Access Con

trol Remote● Port 443: HTTPS for Windows Push Notification Service (https://

login.live.com and https://cloud.notify.windows.com). For additional information, see https://msdn.microsoft.com/en-us/library/windows/apps/hh913756.aspx

● Port 2195 outbound: Apple Push Notification Service server (gateway.push.apple.com)

● Port 2196 outbound: Apple Push Notification Service feedback server (feedback.push.apple.com)

● Port 3007 inbound: XNET traffic for management of Android, Windows and Windows Mobile

● Port 3008 inbound: XNETS Traffic (SSL encrypted) for management of Android, Windows and Windows Mobile

● Port 5223 outbound: Apple Push Notification Service server (gateway.push.apple.com) for devices using Wi-Fi

● Port 8085 inbound: Requests from SAP Afaria components for notifications to devices



● Port 8089 inbound: Internal communication● Outbound connectivity to the Afaria database. The port is configura

ble for each supported database type.


Connectivity Requirements

Component Ports

Package Server ● Port 80 inbound: HTTP communication with devices (without a relay server)

● Port 80 outbound: HTTP communication with a SAP Afaria Relay Server

● Port 135 outbound: DCOM communication with the SAP Afaria Server. The DCOM port range is configurable. These ports are reserved for, and managed by, DCOM services.

● Port 443 inbound: HTTPS communication with devices (without a relay server)

● Port 443 outbound: HTTPS communication with a Relay Server● Port 8085 outbound: Requests to the SAP Afaria Server for notifica

tions to devices● Port 8086 outbound: Requests to the SAP Afaria Server for notifica


tions to devices● Port 8080 – reserved for internal communication.● Outbound connectivity to the Afaria database. The port is configura

ble for each supported database type.● (For ATS support on the Afaria iOS client, version 6.60.8177.0 and

higher) TLS v1.2 using a server SSL certificate signed with Secure Hash Algorithm 2 (SHA-2) for HTTPS communications

Enrollment Server ● Port 80 inbound: HTTP communication with devices (without a Relay Server)

● Port 80 outbound: HTTP communication with a relay server● Port 135 outbound: DCOM communication with the SAP Afaria

Server. The DCOM port range is configurable. These ports are reserved for, and managed by, DCOM services.

● Port 443 inbound: HTTPS communication with devices (without a relay server)

● Port 443 outbound: HTTPS communication with a Relay Server● Port 7007: Reserved for internal communication● Port 8085 outbound: Requests to the SAP Afaria Server for notifica



tions to devices● (For ATS support on the Afaria iOS client, version 6.60.8177.0 and

higher) TLS v1.2 using a server SSL certificate signed with Secure Hash Algorithm 2 (SHA-2) for HTTPS communications

SAP Afaria System RequirementsConnectivity Requirements PUBLIC 21

Component Ports

SAP Afaria Administrator and API ● Port 80 inbound: HTTP communication● Port 80 outbound: HTTP communication● Port 135 outbound: DCOM communication with the SAP Afaria

Server. The DCOM port range is configurable. These ports are reserved for, and managed by, DCOM services.

● Port 443 inbound: HTTPS communication● Port 443 outbound: HTTPS communication● Port 7980/7982 inbound

Self-Service Portal ● Port 80/443 inbound to IIS server, where the self-service portal website is installed

● Port 7980/7982 outbound: Communication with Afaria API

Certificate Authority ● Port 80 inbound: HTTP communication with devices (without a Relay Server)

● Port 80 outbound: HTTP communication with a Relay Server● Port 443 inbound: HTTPS communication with devices (without a

Relay Server)● Port 443 outbound: HTTPS communication with a Relay Server

Access Control Filter ● The server hosting the Datahandler component requires outbound connectivity to the Afaria server or its optional relay server proxy.

● Outbound port 3012 - when the Afaria filter's components are installed on separate servers, the Datahandler component host requires outbound connectivity to the filter component host.

Network Access Control ● Port 443 inbound● Port 7980/7982 outbound: Communication with Afaria API

Directory ● Port 389/636: LDAP/LDAPS● Port 3268/3269: Global Catalog/Global Catalog over SSL


Connectivity Requirements

Component Ports

Additional requirements If a Certificate Revocation List (CRL) is used, the CRL endpoint specified within the SSL certificate must be publicly accessible through an HTTP URL.

SAP Afaria checks CRLs on the device's identity certificate issued during enrollment of the device. This certificate is used by the device to make requests of the Afaria Server. SSL configurations are external to Afaria.

If the CRL Request from Afaria goes through a proxy, it uses the proxy settings of the operating system and not of Afaria. It is the OS that performs the validation check and not Afaria.

NoteWindows Server 2008 retrieves CRLs using the FILE, HTTP, and LDAP protocols. If you configure the Certificate Authority that Afaria uses to use only the FILE protocol in the Certificate Revocation List Distribution Point (CDP), you will need to configure your Windows Server in a specific way. For the configuration steps, refer to SAP Knowledge Base Article 2132316 .

Using FILE type CDP URLs is optional: LDAP or HTTP CDP URLs can be used as well. For more information, see Microsoft Knowledge Base Article #946401 and SAP Knowledge Base Article 2073302

.

SAP Afaria System RequirementsConnectivity Requirements PUBLIC 23

http://help.sap.com/disclaimer?site=https%3A%2F%2Flaunchpad.support.sap.com%2F%23%2Fnotes%2F2132316


http://help.sap.com/disclaimer?site=http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F946401

http://help.sap.com/disclaimer?site=http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F946401



16 Supported Languages

SAP Afaria Server Supported Languages [page 24]The SAP Afaria server supports the following languages.

SAP Afaria Client Supported Languages [page 25]The SAP Afaria client has been localized into the following languages.

16.1 SAP Afaria Server Supported Languages

The SAP Afaria server supports the following languages.

Language Operating SystemAfaria Administration con

sole Self-Service Portal

Czech ●

Chinese (Simplified) ● ●

Chinese (Traditional) ● ●

Croatian ●

English ● ● ●

French ● ●

French (Canadian) ●

German ● ●

Hungarian ●

Italian ●

Japanese ●

Korean ● ●

Polish ●

Portuguese (Brazil) ●

Romanian ●


Supported Languages

Language Operating SystemAfaria Administration con

sole Self-Service Portal

Russian ●

Serbian ●

Slovenian ●

Spanish ●

Spanish (Colombia) ●

Thai ●

Turkish ●

16.2 SAP Afaria Client Supported Languages

The SAP Afaria client has been localized into the following languages.

Language Android iOS Windows Phone Windows

Chinese (Simplified) ● ● ●

Chinese (Traditional) ● ● ●

Croatian ● ● ●

Czech ● ● ●

English ● ● ● ●

French ● ● ●

French (Canadian) ● ● ●

German ● ● ●

Hungarian ● ● ●

Italian ● ● ●

Japanese ● ● ●

Korean ● ● ●

Polish ● ● ●

SAP Afaria System RequirementsSupported Languages PUBLIC 25

Language Android iOS Windows Phone Windows

Portuguese (Brazil) ● ● ●

Romanian ● ● ●

Russian ● ● ●

Serbian ● ● ●

Slovenian ● ● ●

Spanish (American) ●

Spanish (Columbia) ● ●

Spanish (Mexican)

Thai ● ● ●

Turkish ● ● ●

The Windows client is supported on the following language Operating Systems:

● Chinese (Simplified)● Chinese (Traditional)● English● French● French (Canadian)● German● Italian● Japanese● Korean● Portuguese (Brazil)● Russian● Spanish● Spanish (Mexican)


Supported Languages

17 Device Requirements

Operating requirements for the different device types.

The device types supported by SAP Afaria in this release are:

Android Devices [page 27]SAP Afaria supports Android devices that meet the following requirements.

iOS Devices [page 28]SAP Afaria supports iOS devices that meet the following requirements.

Windows Devices [page 29]SAP Afaria supports Window devices that meet the following requirements.

Windows Phone Devices [page 30]SAP Afaria supports Windows Phone devices that meet the following requirements.

Windows Devices with the MDM Client [page 30]SAP Afaria supports Windows devices with the MDM client (Windows DM) that meet the following requirements.

17.1 Android Devices

SAP Afaria supports Android devices that meet the following requirements.


Operating system ● Android 12.x● Android 11.x● Android 10.x● Android 9.x● Android 8.x● Android 7.x● Android 6.x● Android 5.x

NoteSecurity patches are no longer supplied for 5.x devices.

NoteTo ensure support for the latest OS version, install the latest Android client.

SAP Afaria System RequirementsDevice Requirements PUBLIC 27


Samsung KNOX Standard Some MDM features are dependent on the "MDM version", which is viewable through inventory, and may not function without updating the OS version to a level that supports the specific MDM functionality. Samsung currently supports the following MDM versions:

● 1.0● 2.0● 2.1● 2.2● 3.0● 4.0● 4.0.1

Samsung KNOX Premium 1.2

NoteAfaria supports KNOX 1.2 functionality on Samsung devices with KNOX 2.0.

17.2 iOS Devices

SAP Afaria supports iOS devices that meet the following requirements.


Operating system ● iOS 14● iOS 13.3, 13.2, 13.1, and 13● iOS 12 and 12.1● iOS 11.x.x● iOS 10.x.x

Server Connectivity The Afaria iOS client, version 6.60.8177.0 and higher, supports App Transport Security (ATS). ATS requires TLS v1.2 using a server SSL certificate signed with Secure Hash Algorithm 2 (SHA-2) for HTTPS communications on servers hosting the Enrollment and Package Servers.

Certificates ● Apple Inc. Root Certificate● Application Integration Intermediate Certificate● Apple Push Notification Service Certificate● Apple Application Integration 2 Certification Authority


Device Requirements


Supervised Mode ● iOS 13● iOS 12 and 12.1● iOS 11.x.x● iOS 10.x.x● Apple Configurator 1.4.2, 2.0, and 2.1

Apple Device Enrollment Program ● iOS 13● iOS 12 and 12.1● iOS 11.x.x● iOS 10.x.x

17.3 Windows Devices

SAP Afaria supports Window devices that meet the following requirements.


Operating system ● 64-bit○ Windows Server 2016○ Windows Server 2012 R2○ Windows 10○ Windows 7 SP1

● 32-bit○ Windows 10○ Windows 7 SP1

Storage ● 12 MB (Installation)● Additional space for channel data

Protocol support ● XNET● XNETS● HTTP● HTTPS

Additional requirements ● Microsoft Windows Installer 3.1

SAP Afaria System RequirementsDevice Requirements PUBLIC 29

17.4 Windows Phone Devices

SAP Afaria supports Windows Phone devices that meet the following requirements.

Windows Phone devices do not support LDAP authentication.


Operating system ● Windows 10 Mobile, released in October 2017● Windows 10 Mobile Enterprise, released in October 2017● Windows 10 Mobile, released in April 2017● Windows 10 Mobile Enterprise, released in April 2017

17.5 Windows Devices with the MDM Client

SAP Afaria supports Windows devices with the MDM client (Windows DM) that meet the following requirements.

Component Requirement

Operating System ● Windows 10


Device Requirements

Important Disclaimers and Legal Information

HyperlinksSome links are classified by an icon and/or a mouseover text. These links provide additional information.About the icons:

● Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your agreements with SAP) to this:

● The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.● SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any

damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.

● Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering a SAP-hosted Web site. By using such links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this information.

Videos Hosted on External PlatformsSome videos may point to third-party video hosting platforms. SAP cannot guarantee the future availability of videos stored on these platforms. Furthermore, any advertisements or other content hosted on these platforms (for example, suggested videos or by navigating to other videos hosted on the same site), are not within the control or responsibility of SAP.

Beta and Other Experimental FeaturesExperimental features are not part of the officially delivered scope that SAP guarantees for future releases. This means that experimental features may be changed by SAP at any time for any reason without notice. Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate or otherwise use the experimental features in a live operating environment or with data that has not been sufficiently backed up.The purpose of experimental features is to get feedback early on, allowing customers and partners to influence the future product accordingly. By providing your feedback (e.g. in the SAP Community), you accept that intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.

Example CodeAny software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of example code unless damages have been caused by SAP's gross negligence or willful misconduct.

Bias-Free LanguageSAP supports a culture of diversity and inclusion. Whenever possible, we use unbiased language in our documentation to refer to people of all cultures, ethnicities, genders, and abilities.

SAP Afaria System RequirementsImportant Disclaimers and Legal Information PUBLIC 31

www.sap.com/contactsap

© 2021 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice.

Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies.

Please see https://www.sap.com/about/legal/trademark.html for additional trademark information and notices.

THE BEST RUN

https://www.sap.com/about/legal/trademark.html

sap afaria system requirements

Documents