1

System Requirements of Ivanti DSM

Ivanti Desktop and Server Management

Booklet

Release 2020.2 (Build: 7.4.4.5362) Latest Update: 30/04/2021

Copyright © 2021, Ivanti. All rights reserved.

2

Table of Contents Detailed System Requirements .................................................................................................................... 3

System Requirements for Depots ............................................................................................................... 4

System Requirements for HTTP Depots .................................................................................................... 5

System Requirements for the DSM Database (DSMDB) ........................................................................... 8

System Requirements for Management Points with Business Logic ....................................................... 10

System Requirements for Management Points without Business Logic .................................................. 12

Configuration of different Windows Server versions for Management Points ........................................ 14

System Requirements for Managed Computers ....................................................................................... 16

System Requirements for Administrator Workstations ............................................................................ 18

Notes on AddOns and HEAT Integration ................................................................................................. 19

DSM Patch Management ........................................................................................................................... 20

System Requirements for the Management Point Server ......................................................................... 20

System Requirements for the Client Computer ........................................................................................ 22

HEAT Remote ............................................................................................................................................. 23

DSM Remote Control ................................................................................................................................. 24

Third Party Support ................................................................................................................................... 26

System Requirements for the Citrix Support ............................................................................................ 26

System Requirements for the Virtualization ............................................................................................. 28

Ports used in Ivanti DSM ........................................................................................................................... 29

Copyrights and Trademarks ..................................................................................................................... 34

3

Detailed System Requirements The system requirements for the DSM infrastructure components include the operating system, the hardware, software, network and the configuration. The following table contains the system requirements for the main DSM infrastructure components: Depot (file server)

Database server

Management Point with Business Logic

Management Point without Business Logic

Managed Computer

Administrator workstation

4

System Requirements for Depots DSM modules require a shared directory on the file server. Both the DSM program files and the DSM packages (the so called repository) are placed on this depot. Every user account needs Full control on the depot share. The actual file system permissions must be configured as follows:

Read access for all users Read and Write access for the Distribution Service account and for the DSM administrators

We do not recommend assigning permissions with one of the built-in administrator groups

Refer to Planning and Reference > System requirements > User Accounts and File System Permissions in the online documentation for detailed information on the required file system permissions. The share on the server on which you install Ivanti DSM must not be changed at a later time.

The first depot of an DSM environment is the central depot, where the program files are installed and updated. Other depots are the region depots, site depots or local depots.

You can also use Network Attached Storages (NAS) shares for such depots which support the Common Internet File System (CIFS) protocol.

Microsoft client operating systems only support a limited number of parallel inbound connections.

Software If SMB is used, no additional software is needed. If the share is located on a NAS file server, please contact the Support for details. If HTTP depot is used, additional software is required, please refer to Planning and Reference > System requirements > System requirements for HTTP Depots in the online documentation for detailed information.

5

System Requirements for HTTP Depots In general, the same requirements apply whether you operate a depot based on an HTTP protocol (for example a site in a DMZ) or on a SMB protocol; see the Online Documentation for more detailed information on the for depots in Planning > System Requirements for Depots.

A Management Point always uses the SMB protocol when accessing its master depot. For this reason, all master depots of a site must support SMB.

Supported Operating Systems:

Windows Server 2008 (SP2) Windows Server 2008 R2 (SP1) Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows 7 (SP1) Windows 8 / Windows 8.1 Windows 10

Microsoft client operating systems only support a limited number of parallel inbound connections.

To use an http depot, a web server is required on the computer that hosts the depot files. It is generally recommended to use a computer with installed server operating system.

The following server features must be installed on a Windows Server 2008 (R2) / 2012 (R2) / 2016 / 2019 with HTTP depot and Management Point: Display Name Name NumericId

[X] Web Server (IIS) Web-Server 2

. . . [X] Web Server Web-WebServer 140

. . . . . . [X] Common HTTP Features Web-Common-Http 141

. . . . . . . . . [X] Default Document Web-Default-Doc 143

. . . . . . . . . [X] Directory Browsing Web-Dir-Browsing 144

. . . . . . . . . [X] HTTP Errors Web-Http-Errors 145

. . . . . . . . . [X] Static Content Web-Static-Content 142

6

Display Name Name NumericId . . . . . . . . . [X] WebDAV Publishing Web-DAV-Publishing 314 . . . . . . [X] Health and Diagnostics Web-Health 155 . . . . . . . . . [X] HTTP Logging Web-Http-Logging 156 . . . . . . . . . [X] Request Monitor Web-Request-Monitor 158 . . . . . . [X] Performance Web-Performance 171 . . . . . . . . . [X] Static Content Compression Web-Stat-Compression 172 . . . . . . [X] Security Web-Security 162 . . . . . . . . . [X] Request Filtering Web-Filtering 169 . . . . . . . . . [X] URL Authorization Web-Url-Auth 168 . . . . . . . . . [X] Windows Authentication Web-Windows-Auth 164 . . . . . . [ ] Application Development . . . . . . . . . [X] .NET Extensibility *1 Web-Net-Ext 149 . . . . . . . . . [X] .NET Extensibility 4.5/4.6 *2 Web-Net-Ext45 414 . . . . . . . . . [X] ASP Web-ASP 150 . . . . . . . . . [X] ASP.NET *1 Web-Asp-Ext 148 . . . . . . . . . [X] ASP.NET 4.5/4.6 *2 Web-Asp-Ext45 413 . . . . . . . . . [X] ISAPI Extensions Web-ISAPI-Ext 152 . . . . . . . . . [X] ISAPI Filters Web-ISAPI-Filters 153 . . . [X] Management Tools Web-Mgmt-Tools 174 . . . . . . [X] IIS Management Console Web-Mgmt-Console 175 . . . . . . [X] IIS 6 Management Compatibility Web-Mgmt-Compat 178 . . . . . . . . . [X] IIS 6 Metabase Compatibility Web-Metabase 179 . . . . . . . . . [X] IIS 6 Management Console Web-Lgcy-Mgmt-Console 182 . . . . . . . . . [X] IIS 6 Scripting Tools Web-Lgcy-Scripting 181 . . . . . . . . . [X] IIS 6 WMI Compatibility Web-WMI 180 . . . . . . [X] IIS Management Scripts and Tools Web-Scripting-Tools 176 [ ] .NET Framework 3.5.1 Features

7

Display Name Name NumericId

. . . [ ] WCF Services

. . . . . . [X] HTTP Activation *1 NET-HTTP-Activation 222

[ ] .NET Framework 4.5/4.6 Features

. . . [ ] WCF Services

. . . . . . [X] HTTP Activation *2 NET-WCF-HTTP-Activation 421

[X] Remote Server Administration Tools RSAT 67

. . . [X] Role Administration Tools RSAT-Role-Tools 256

*1: Windows Server 2008 (R2) *2: Windows Server 2012 (R2) / Windows Server 2016 / 2019 Software The following software must be installed for an HTTP depot:

IIS 6.0, 7.5, 8.0 or 10.0 activated Microsoft WebDAV (if not using DSM WebDAV Server) NET 4.6 / 4.8 (if using the DSM WebDAV Server)

The IIS is automatically configured on the target system with WMI and ADSI. Alternatively, you may also use Apache 2.2.x or 2.4.x as a web server. In this case, specify the configuration of the Apache Server for WebDAV and the permissions for the distribution account manually.

Make sure to always use the distribution account for the initial distribution of DSM program files to the depot.

8

System Requirements for the DSM Database (DSMDB) The DSM Database (DSMDB) belongs to the management application Business Logic Server. In principle, it is possible to install the database system for the Management Database and the other components of the Management Point all on the same server. However, on larger networks we recommend using a separate server for the database. Supported database systems • MS SQL Server 2008 / MS SQL Server 2008 R2 incl. Express • MS SQL Server 2012 incl. Express • MS SQL Server 2014 incl. Express • MS SQL Server 2016 incl. Express • MS SQL Server 2017 incl. Express

• MS SQL Server 2019 incl. Express

Special features such as Database Mirroring, AlwaysOn or Availability Groups are not part of the standard Quality Assurance. Their functionality can therefore not be guaranteed when used with Ivanti DSM.

Select the appropriate SQL Server Edition If you are working in a small environment or if you are only testing, you can install SQL Server 2012 Express. You can use the database system in test environments or smaller environments up to 2000 clients. In productive environments we recommend applying database systems with full functionality.

SQL Server 2019 Express is provided on the DSM product DVD.

Network

The following requirement must be satisfied: The database server and the Management Point Server (with the Business Logic applications) must be linked via a network connection with low latency and high bandwidth. All database and web servers in the DSM environment must be synchronized in time.

9

Configuration In addition to the manufacturer's requirements, the following requirements must also be satisfied for use together with the Management Point:

As DSM supports only SQL Server authentication it is absolutely essential that the authentication mode 'SQL Server and Windows Authentication mode' is enabled in your database server’s security settings. To do this on the SQL Server, select the option SQL Server and Windows Authentication mode in the Microsoft SQL Server Management Studio (Security tab in the server’s properties dialog box). This setting is the SQL Server default setting. For the client NamedPipes and TCPIP protocol must be enabled The service SQL Server Browser must be started The setting Allow Remote Connection in the server’s security settings has to be active SQL Server should not be used with the Case-sensitive option. Otherwise problems may occur when importing data or searching for data in the DSMC! The name of the used database must not be master.

You can create several databases in one database system.

HEAT Software recommends optimizing the DSMDB at regular intervals to improve performance. To this end, HEAT software provides the Database Tuning Advisor. You can find it in the DSM share under ...\SSI\DSMDatabaseTuningAdvisor. For instructions on using the Database Tuning Advisor, see the Knowledge Base (https://forums.ivanti.com/s/article/How-to-handle-fragmented-indexes-of-the-DSMDB-CMDB).

User Accounts When creating the Management Point, a database user is required who will be assigned read and write permissions for the database. This database user must already exist before the Management Point is created. The Management Point stores this user and uses it for all database accesses.

The option SQL Server authentication must be selected for the database user. If the database is to be created automatically when the Management Point is being created, the Management Point Wizard also needs a database user who has permission to create a database. This user is used only once and is not stored.

10

System Requirements for Management Points with Business Logic The Management Point used by various management applications is installed on this server. In this context, Business Logic applications represent the central services for the access to the data of the DSM Database (DSMDB). The first Management Point of an DSM environment is the Central Management Point; this is where the Business Logic Server is installed together with the DSM Database (DSMDB). Other Management Points are referred to as Management Point only. In distributed environments, these Management Point may also have Business Logic applications.

You cannot use a Management Point server with an underscore in its name.

Business Logic Applications For management applications with business logic a server operating system is absolutely required. This applies for the following management applications:

Business Logic Server (BLS) Auxiliary Service

Business Logic Server and Auxiliary Service are using the same database.

The database is generally installed on a separate database server. It is only in the case of very small networks that we recommend also installing the database on the Management Point server. The system requirements for the database server can be found in the online documentation under Planning > System Requirements > Database Server.

Supported Operating Systems For Business Logic applications one of the following server operating systems is absolutely required: • Windows Server 2012 Standard, Datacenter Windows • Server 2012 R2 Standard, Datacenter • Windows Server 2016 • Windows Server 2019

11

Hardware The minimum RAM size for a Business Logic Server should be 2 GB. The required disk capacity on the Management Point server depends on the installed management applications. These have different requirements which need to be added when combining several applications. The requirements are listed in the system requirements of the individual application.

Software

IIS 6.0 or higher (except for the Auxiliary Service) .NET Framework 4.6 or 4.8 Power Shell 2.0 (for Auxiliary Service, only when using the Virtualization feature)

The Internet Information Services (IIS) are a prerequisite for transmitting data between Management Points and managed computers via HTTP.

Network Management applications are set up and configured using the DSM infrastructure. As a result, the requirements for the DSM infrastructure apply to the Management Points as well. The following requirements must also be satisfied:

When using several Management Points, the servers for the various Management Points on the LAN or WAN must be linked to each other. The database server and the Management Point Server (with the Business Logic applications) must be linked via a network connection with low latency and high bandwidth. All database and web servers in the DSM environment must be synchronized in time.

Configuration Please configure the Windows Servers according to the list in chapter Configuration of different Windows Server versions for Management Points.

12

System Requirements for Management Points without Business Logic For Management Points which contain specific management applications only, a computer with a client operating system may also be used. Management Applications You can also install the following management applications on Management Points with a client operating system:

OSD Proxy Client Proxy Service Installation Service (SIS) Distribution Service Event Dispatcher Transport Layer Patch Management Service

You can only install the following management applications on Management Points with a server operating system:

Relay Proxy Supported Operating Systems

• Windows Server 2012 Standard, Datacenter, Core* • Windows Server 2012 R2 Standard, Datacenter, Core* • Windows Server 2016 • Windows Server 2019

• Windows 8 / 8.1 Professional, Enterprise • Windows 10 Professional, Enterprise (incl. LTSB und WTG), Education

* supported experimentally: Support for Windows Core editions is not part of the standard Quality Assurance and can be subject to future changes. When using Windows Core editions, any feedback is highly appreciated.

13

Software This software is required on all Management Points:

.NET Framework 4.6 or 4.8 This software is only required for OSD Proxy, Client Proxy, Event Dispatcher and Relay Proxy:

IIS 6.0 or higher Configuration Please configure the Windows Servers according to the list in chapter Configuration of different Windows Server versions for Management Points.

14

Configuration of different Windows Server versions for Management Points Windows Server 2008 (R2), 2012 (R2), 2016 and 2019 Depending on the management applications which are installed on a Windows Server 2008 (R2) / 2012 (R2) / 2016 / 2019, certain features and roles must be installed on the server. The following figure schematically shows which features and roles are required by a Management Point, on which Business Logic applications (BLS, Auxiliary Service) or the Relay Proxy are running: Display Name Name NumericId

[X] Web Server (IIS) Web-Server 2

. . . [X] Web Server Web-WebServer 140

. . . . . . [X] Common HTTP Features Web-Common-Http 141

. . . . . . . . . [X] Default Document Web-Default-Doc 143

. . . . . . . . . [X] Directory Browsing Web-Dir-Browsing 144

. . . . . . . . . [X] HTTP Errors Web-Http-Errors 145

. . . . . . . . . [X] Static Content Web-Static-Content 142

. . . . . . . . . [X] WebDAV Publishing Web-DAV-Publishing 314

. . . . . . [X] Health and Diagnostics Web-Health 155

. . . . . . . . . [X] HTTP Logging Web-Http-Logging 156

. . . . . . . . . [X] Request Monitor Web-Request-Monitor 158

. . . . . . [X] Performance Web-Performance 171

. . . . . . . . . [X] Static Content Compression Web-Stat-Compression 172

. . . . . . [X] Security Web-Security 162

. . . . . . . . . [X] Request Filtering Web-Filtering 169

. . . . . . . . . [X] URL Authorization Web-Url-Auth 168

. . . . . . . . . [X] Windows Authentication Web-Windows-Auth 164

. . . . . . [ ] Application Development

. . . . . . . . . [X] .NET Extensibility *1 Web-Net-Ext 149

. . . . . . . . . [X] .NET Extensibility 4.5/4.6 *2 Web-Net-Ext45 414

15

Display Name Name NumericId

. . . . . . . . . [X] ASP.NET *1 Web-Asp-Ext 148

. . . . . . . . . [X] ASP.NET 4.5/4.6 *2 Web-Asp-Ext45 413

. . . . . . . . . [X] ISAPI Filters Web-ISAPI-Filters 153

. . . [X] Management Tools Web-Mgmt-Tools 174

. . . . . . [X] IIS Management Console Web-Mgmt-Console 175

. . . . . . [X] IIS 6 Management Compatibility Web-Mgmt-Compat 178

. . . . . . . . . [X] IIS 6 Metabase Compatibility Web-Metabase 179

. . . . . . . . . [X] IIS 6 Management Console Web-Lgcy-Mgmt-Console 182

. . . . . . . . . [X] IIS 6 Scripting Tools Web-Lgcy-Scripting 181

. . . . . . . . . [X] IIS 6 WMI Compatibility Web-WMI 180

[ ] .NET Framework 3.5.1 Features

. . . [ ] WCF Services

. . . . . . [X] HTTP Activation *1 NET-HTTP-Activation 222

[ ] .NET Framework 4.5/4.6 Features

. . . [ ] WCF Services

. . . . . . [X] HTTP Activation *2 NET-WCF-HTTP-Activation 421

[X] Remote Server Administration Tools RSAT 67

. . . [X] Role Administration Tools RSAT-Role-Tools 256

*1: Windows Server 2008 (R2) *2: Windows Server 2012 (R2) / Windows Server 2016 / 2019

When installing a Management Point you will be supported by DSM regarding the required prerequisites. DSM automatically checks whether the prerequisites are met to install the desired management applications on the Management Point. DSM indicates any missing software, features and roles on the server.

16

System Requirements for Managed Computers Computers that are to be managed with DSM modules and have the DSM Client installed.

The listed operating systems can be managed in Ivanti DSM, Windows and Linux operating systems can be installed using DSM OS Deployment. HEAT Remote and DSM Patch Management do not support all of these operating systems, detail requirements are specified in the online help of the respective product.

Supported Windows Operating Systems

Windows 7 Professional, Enterprise, Ultimate Windows Embedded Standard 7 SP1 Windows 8 Professional, Enterprise, Windows To Go Windows 8.1 Professional, Enterprise, Windows To Go Windows Thin PC Windows 10 Professional, Enterprise (incl. LTSB und WTG), Education Windows 10 1909 Enterprise IOT

Windows Server 2008 Standard, Enterprise, Datacenter, Core Windows Server 2008 R2 Standard, Enterprise, Datacenter, Hyper-V, Core Windows Server 2012 Standard, Datacenter, Hyper-V, Core Windows Server 2012 R2 Standard, Datacenter, Hyper-V, Core Windows Server 2016 Windows Server 2019

In DSM, a managed computer is clearly identified based on its hardware information (e.g. SMBIOS GUID and Initial MAC Address). An exception are "computers" on USB sticks with Windows To Go operating system, which are offered for Windows 8/8.1. Since there is no identification of such computer objects based on the hardware, SID and FQDN of the operating system are used instead. Thus, a unique identification is possible even if the USB stick is connected to different computers. In the Basic Inventory Windows To Go is reported as Installed Operating System Flavor.

17

Supported Linux Operating Systems (incl. Linux systems available at release date)

CentOS from version 5 Debian Fedora from version 9 OpenSUSE from version 10.3 Red Hat Enterprise Linux Server from version 5 Red Hat Enterprise Linux Client from version 5 SUSE Linux Enterprise Server from version 10 SUSE Linux Enterprise Desktop from version 10 Ubuntu

Make sure to install the x32 libraries (“libc6-i386”) so that you can install and run the DSM Unix Client on x64 systems. Also “cifs-utils” needs to be installed.

All other Linux operating systems are recognized as Unknown Linux (x64) or Unknown Linux (x86).

Other supported operating systems

MacOS X

Note: MacOS 10.15 Catalina doesn’t support 32bit Applications. Therefore, it won’t be possible to install the current DSM Client

Configuration A computer that is to be managed by the DSM modules must be able to communicate with the Management Point via HTTP.

18

System Requirements for Administrator Workstations The administration of your DSM environment is done via the DSM Console (DSMC). To administer your DSM environment in the DSMC you will need an administrator workstation. You can operate the DSMC directly on the Management Point server or from any workstations that fulfill the requirements below. Software

The following MUST be running on the workstation: Internet Explorer Version 7.x or higher

Configuration Management Point websites that are opened in the Internet Explorer need to be registered in the Local Intranet zone of the Internet Properties. In this case, the default settings are presumably kept for Security (Medium). DSM modules automatically enter Management Point websites in Local Intranet when the DSMC or the Installer are started on the computer. This needs to be done manually if neither DSMC nor Installer have been started; or you need to log on additionally each time you open the website.

19

Notes on AddOns and HEAT Integration DSM Web (legacy) DSM Web is a DSM Management application; it is installed on Management Points with Business Logic Server automatically. For all areas of the DSM Web, a user needs specific rights to employ it. Assign the required rights on ORG level with the Manage Permissions task. In order to use the Web Console on the computer from which you will start DSM Web, you need the following application:

Silverlight 5 Please enter the following link in your browser to get the required plugin:http://www.-microsoft.com/silverlight/

Dependent on the operating system, you can use the following browsers:

http://www.microsoft.com/getsilverlight/locale/en-us/html/installation-win-SL5.html

Silverlight is no longer supported by new versions of browsers such as Microsoft Edge. A different DSM Web Console is already available within the product.

ITSM, HEAT and Discovery Integration The integration applies to all supported platforms.

HEAT/ITSM requires basically the same release version as DSM.

20

DSM Patch Management

System Requirements for the Management Point Server The DSM Patch Management (Advanced Patch Management and DSM PatchLink) is installed on the Central Management Point and is integrated completely in DSM NetInstall. If necessary, you can also use another Management Point on ORG level. Therefore, you can execute Patch Management completely from within the DSM Console (DSMC). For the integration into the Management Point, the Management Point Server has to meet the same hardware and software requirements as in DSM NetInstall. Specific requirements for the Management Point Server apply to the following areas of DSM Patch Management:

Operating System Hardware Software Network Configuration

Operating System DSM Patch Management has the same requirements as DSM NetInstall which are described in this document.

Hardware

Management Point with Patch Management Service We recommend that you provide at least 500 MB of RAM for Patch Management. DSM PatchLink downloads the mass data of the patches to the following directory: C:\Program Files (x86)\HEAT Software\LPR\content. Depending on the number of different operating systems, this directory needs 500 MB to 1 GB of available free storage. DSM PatchLink gets the mass data from http(s)://heat.cdn.heatsoftware.com/dsm/. The URLs to download the mass data for 3rd-Party products can be found in the Knowledgebase article KB 26244 (HEAT PatchLink DeskTop Connection Guide) in the 3rd-Party Content section. Managed Computers DSM PatchLink copies the PM Client files and the individual patch catalog to this directory: C:\Program Files (x86)\HEAT Software\LPR\client. Here, 200 MB of free storage is enough.

21

Software DSM Patch Management requires the following DSM environment:

DSM NetInstall Network The Management Point Server must have:

Internet access

Configuration For optimum use of DSM Patch Management, we recommend customizing virus scanners. Please refer to the following Knowledgebase article https://forums.ivanti.com/s/article/Ivanti-DSM-Virus-Scanner-Configuration-Uploaded-File

22

System Requirements for the Client Computer DSM Patch Management (Advanced Patch Management and DSM PatchLink) creates patch packages for Microsoft's product updates and security patches. DSM Patch Management additionally supports the patch installation of numerous non-Microsoft and 3rd Party products as well as Linux systems. The following requirements have to be met so that these patch packages can be installed on the computers. For client computers there are the following specific requirements:

Operating system Software

Operating System

Windows Patch packages can be installed on all client and server operating systems that are supported by DSM.

Linux Depending on the Patch Solution in use (APM or PatchLink), patch packages can be installed on Linux computers with one of the following operating systems:

Red Hat Enterprise 7 SUSE Linux Enterprise 12 CentOS Ubuntu

For this, Linux computers must have direct connection to the Linux network or, as an alternative, to a local Red Hat Satellite or SUSE Manager.

As the supported Linux OS may be constantly updated and might differ from the Patch Solution in use, please get in touch with Technical Support for further details on the different Patch Solutions.

Software To be able to install all available patches on a Windows computer, the following software has to be installed as a minimum:

Windows Installer 3.1

23

HEAT Remote The system requirements for HEAT Remote refer to the administrator's computer and to the client computer (endpoint) that is remote controlled by the administrator. Supported Operating Systems

• Windows 7 • Windows 8/8.1 • Windows 10 • Windows Server 2003 • Windows Server 2003 R2 • Windows Server 2008 • Windows Server 2008 R2 • Windows Server 2012 • Windows Server 2012 R2 • Windows Server 2016 • Windows Server 2019

Network

HEAT Remote is set up and configured using the DSM infrastructure. Therefore, the same requirements apply to the network environment. To set up a remote connection with HEAT Remote, the following requirement must also be met:

The computers of the client and the administrator must be connected via the local network (the client is a managed computer in the DSM environment).

24

DSM Remote Control DSM Remote Control is the new Remote Solution which is part of DSM since DSM 2020.2 The Remote Solution consists of different components which will require the following specifications Used Ports

- 44344 Used by the Viewer Application - 44345 Used by the Remote PC Connection - 44346 Used by the authentication Web Service

Component / Action Protocol/Local Port

Remote Port Changeable TCP/UDP Direction

Web Viewer app/Accepting browser connections HTTPS/443 No TCP In

Auth web service/Accepting Viewer connections HTTPS/443 No TCP In

Tunnel/Accepting Auth connections HTTPS/44346 No TCP In

Tunnel/Accepting Agent connections HTTPS/44345 No TCP In

Tunnel/Accepting Viewer connections HTTPS/44344 No TCP In Tunnel Component The tunnel can be installed on any DSM Management Point. To remote control clients outside of the local network, the tunnel needs to be installed on a Management Point within a DMZ. The tunnel application can handle around 30.000 agents connected simultaneously. To receive the best performance, Ivanti recommends to install the Tunnel application on a server operating system. Agent Component Supported Operating Systems (32-bit / 64-bit)

• Windows 7 • Windows 10 • Windows Server 2003 • Windows Server 2008 • Windows Server 2012 • Windows Server 2016 • Windows Server 2019

25

Web Service Component The web service can be installed on any Windows Professional OS, Server or client versions, with a configured IIS web server. Note: Since SU1 the webservice is part of a Management Point component installed on the BLS Please ensure the following Roles and Features have been installed on the IIS:

1. Roles: - Web Server (IIS) / Web Server

- Application Development o .NET Extensibility 3.5 o .NET Extensibility 4.7 o ASP.NET 4.7 o ISAPI Extension o ISAPI Filters

- Management Tools o IIS Management Console o IIS 6 Management Compatibility o IIS Management Scripts and Tools o Management Service

2. Features - .NET Framework 3.5 Features

o .NET Framework 3.5 o HTTP Activation

Web Viewer The following Browsers are supported:

- Firefox - Google Chrome - Microsoft Edge

26

Third Party Support

System Requirements for the Citrix Support The DSM Citrix Integration is installed on the Central Management Point in the DSM environment and is completely integrated in DSM NetInstall. Therefore, the DSM Citrix Integration has the same requirements as DSM NetInstall. The DSM Citrix Integration is integrated into and can be managed completely from the DSM Console (DSMC). For the complete functionality of the DSM Citrix Integration, you also need the DSM OS Deployment (OSD). By installing the DSM Citrix Integration, OSD is extended to contain specific OSD packages you can use to automatically install Citrix Servers and Citrix Farms. However, this extension is only available for XenApp 6.0 and 6.5. Computers onto which the Citrix Server software shall be installed have to meet the requirements specified mentioned hereafter. You can either install Citrix Servers "out-of-the-box" via DSM OS Deployment or import existing Citrix Servers with Citrix Farms into the DSM environment. Hardware Requirements for Installing Citrix Platforms Please find detailed information concerning planning Citrix Server farms (e. g. on special adaptations of the supported operating systems, system hardware requirements and database usage) on the Citrix® homepage in the Citrix Product Documentation Library. Software Requirements for Installing Citrix Platforms Prior to installing Citrix XenApp, you have to install Microsoft Power Shell 2.0 on the Management Point that will host the Citrix Management Suite.

Please note that it is now possible to install DSM Citrix Integration on every Management Point of your DSM environment. The former restriction for the DSM Citrix Integration only to be installed on a Business Logic Server (BLS) has been dropped.

27

Citrix platforms supported by the DSM Citrix Integration Due to the close interconnection of the DSM Citrix Integration with DSM OS Deployment and DSM NetInstall, you can administer Citrix Farms from one source. With OSD, you can automate the installation and administration of Citrix® Servers, client computers and their respective Citrix Farms. During the setup, the required scripts and packages are imported and provided in the Global Software Library.

DSM Citrix Integration supports the following Citrix® platforms:

Citrix XenApp 7.6 EN for 64-bit systems (incl. session host only) Citrix XenApp 7.5 EN for 64-bit systems (incl. session host only) Citrix XenApp 6.5 EN for 64-bit systems (incl. session host only) Citrix XenApp 6.0 EN for 64-bit systems

The support of the specified Citrix platforms is part of the standard Quality Assurance. Other versions (e.g. languages) are to be used at your own risk. Prepackaged packages are only available for XenApp 6.0 and 6.5.

28

System Requirements for the Virtualization To employ DSM's virtualization functionality, activate the DSM Virtualization AddOn during the installation or update of Ivanti DSM. Moreover, make sure to install the Microsoft PowerShell 2.0 on the following computers:

Management Point where the Business Logic Auxiliary Server is installed (by default: Primary BLS) Administrator workstation (computer where you start the DSMC)

Application Virtualization DSM supports the following virtualization platforms:

VMWare Thin App 4.0, 4.62 Citrix XENApp 5 Citrix XENApp 6.5 (x64) Citrix XENApp 7.5 (x64) Citrix XENApp 7.6 (x64)

Desktop Virtualization DSM supports the following virtualization platforms:

VMware View 4.5 Citrix XenDesktop 5

For the management with Ivanti DSM you may use virtualization platforms without any special configurations.

Hardware Virtualization DSM supports the following virtualization platforms:

VMWare ESX Server 4.0, 4.1 Citrix XEN Server 5.5 and higher

Microsoft Hyper-V at the moment is not supported by DSM. This virtualization solution can however be integrated by means of customizing with the help of Professional Services Consulting.

29

Ports used in Ivanti DSM Ivanti DSM is based on an infrastructure that is spread over an organization’s network and sometimes beyond. Using this infrastructure is possible only with a respective communication throughout the network. The ports Ivanti DSM uses for this communication are displayed in the following tables, separate for each infrastructure object of Ivanti DSM. Management Point

MP Application / Component Local Remote Changeable TCP/UDP Direction

Port Port

(Primary) Business Logic Server, Yes, via ICDB:

Relay Proxy, Event Dispatcher,

DSM Web, OSD Proxy, 8080 Any Port of the TCP In

HEAT SM Integration website

- Web Services via HTTP (Admin, Client)

(Primary) Business Logic Server, Yes, via ICDB:

Relay Proxy, Event Dispatcher,

DSM Web, OSD Proxy, 443 Any HTTPS port of TCP In

HEAT SM Integration the website

- Web Services via HTTPS (Admin, Client)

Yes, via ICDB:

SQL Server Any 1433 Database TCP Out

connection

Yes, via ICDB:

Transport Layer 5052 Any TCP port for TL TCP In

communication

Yes, via ICDB:

Transport Layer Any 5052 TCP port for TL TCP Out

communication

RPC 135 *

Service Installation Service (SIS), Any

(Remote No - Out

Client push installation procedure

calls)

NBT/CIFS

Distribution Service * No - Out

- Access to depot server (SMB) (SMB

default)

Distribution Service Port used Yes, via ICDB: TCP Out

30

MP Application / Component Local Remote Changeable TCP/UDP Direction

Port Port

- Access to depot server (HTTP) for HTTP HTTP URL

depot

OSD Proxy - BootP 67 68 No UDP In

OSD Proxy - TFTP 69 Any No UDP In

(ISO / configuration files)

OSD Proxy - Wake on LAN Any 2304 No UDP Out

OSD Proxy - PXE 4011 4011 No UDP In

Yes, via ICDB:

OSD Proxy - Imaging, Multicast 19779 Any Server port the UDP In

client connects

to

Yes, via ICDB:

27971- First used

OSD Proxy - Multicast Any multicast port UDP Out

28003

Last used

multicast port

OSD Proxy - Request for Boot Image 2000 Any No UDP In

(when using DOS client)

DSM Citrix Integration Yes, via:

5985 Internal Citrix TCP Out

- WinRM/Remote Powershell HTTP

configuration

DSM Citrix Integration Yes

5986 Internal Citrix TCP Out

- WinRM/Remote Powershell HTTPS

configuration

Yes, via ICDB:

HEAT Discovery Integration 80 HEAT TCP Out

Discovery Basis

URL

HEAT MDM Integration (HTTPS) 443 No TCP Out

31

SQL Server

Component Local Port Remote Port Changeable TCP/UDP Direction

SQL Server 1433 Yes, via: TCP In

Internal SQL Server configuration

Depot Server

Component Local Port Remote Port Changeable TCP/UDP Direction

SMB * 137-139 No TCP/UDP In

SMB * 445 No TCP In

HTTP no default Yes, via: TCP In

Configuration of HTTP website

HTTPS 443 Yes, via: TCP In

Configuration of HTTPS website

32

Managed Computer

Component / Action Local Port Remote Port Changeable TCP/UDP Direction

Push execution

- Execute changes RPC 135 *

(FastInstall) (Remote No TCP/UDP In

- HEAT Cloud Remote procedure

connection calls)

- Remote registry

NBT/CIFS

Log file access (SMB default) No - In

*

BLS synchronization (with Yes, via:

8080 Management Point TCP Out

BLS or Relay Proxy)

(above)

Access to depot server NBT/CIFS

(SMB default) No - Out

(SMB)

*

Access to depot server Port used for Yes, via: TCP Out

(HTTP) HTTP depot Depot (above)

Neighborcast (P2P Yes, via ICDB:

56789 56789 Broadcast port for UDP In/Out

staging)

client discovery

Neighborcast (P2P Yes, via ICDB:

56789 Port for package TCP In

staging)

download

Neighborcast (P2P Yes, via ICDB:

56789 Port for package TCP Out

staging)

download

Yes, via ICDB:

HEAT Remote Client 5900 Port for UDP In

HEAT Remote

HEAT Cloud Remote

Client 11438 No TCP Out

- Connection via local

network

HEAT Cloud Remote

Client 443,80 No TCP Out

- Connection via internet

33

Administrator Workstation

Local Remote Port Changeable TCP/UDP Direction

Component / Action

Port

Yes, via:

SOAP via HTTP (default) 8080 Management Point TCP Out

(above)

Yes, via:

SOAP via HTTPS 443 Management Point TCP Out

(above)

Access to depot server NBT/CIFS (SMB No - Out

(SMB) default) *

Access to depot server Port used for HTTP Yes, via: TCP Out

(HTTP) depot Depot (above)

RPC 135 *

Status queries to clients (Remote procedure No - Out

calls)

HEAT Remote Yes, via ICDB:

5900 Port for UDP Out

Administrator

HEAT Remote

HEAT Cloud Remote 443,80 No TCP Out

Operator

HEAT Cloud Remote

Operator No TCP In

11438

- Connection via local

network

* NBT/CIFS (SMB default)

Please refer to the Microsoft documentation. Allow at least ports 137,138 (UDP) and 139,445 (TCP).

* RPC (Remote procedure calls) Ports 135 and 445, as well as dynamic RPC ports and RPC endpoint mapper ports are needed for UDP and TCP.

34

Copyrights and Trademarks This document contains the confidential information and/or proprietary property of Ivanti, Inc. and its affiliates (referred to collectively as “Ivanti”) and may not be disclosed or copied without prior written consent of Ivanti. Ivanti retains the right to make changes to this document or related product specifications and descriptions, at any time, without notice. Ivanti makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. For the most current product information, please visit www.ivanti.com. Copyright © 2020, Ivanti. All rights reserved. Ivanti and its logos are registered trademarks or trademarks of Ivanti, Inc. and its affiliates in the United States and/or other countries. Protected by patents, see https://www.ivanti.com/company/legal. Other brands and names may be claimed as the property of others.