Loading...

Knowledge Center


Ports and Installation Service Account Permissions to Support Enterprise Mobility Management
Technical Articles ID:  KB70276
Last Modified:  03/24/2014
Rated:


Environment

McAfee Enterprise Mobility Management 11.x, 10.2

For product supported environments, see KB76319.

Summary

This KnowledgeBase article lists the ports needed for Enterprise Mobility Management (EMM) 9.x and 10.x to work correctly. The list includes external and internal ports.

NOTE:
 Apple and Google reserve the right to change the IP range of each address, which can result in these IP ranges changing frequently and/or without warning. Therefore, McAfee does not specify the IP ranges of these addresses, and recommends that only the Fully Qualified Domain Name (FQDN) is used for all outgoing ports. If you decide to use specific IP addresses instead of FQDNs for these addresses you are doing so at your own risk, and the functionality and stability of your EMM environment cannot be guaranteed.
 
Port Description
2195

Apple Push Notification: Outbound from the Server that hosts the EMM Push Notifier Component  to: gateway.push.apple.com

2196

Apple Feedback Service: Outbound from the Server that hosts the EMM Push Notifier Component  to: feedback.push.apple.com

 443 Android GCM - Outbound from the Server that hosts the EMM Push Notifier Component  to: android.apis.google.com and google.com
389

LDAP service: from EMM Hub to LDAP server (internal network) for authentication

1433  EMM Hub to SQL server (internal network)

IMPORTANT: The following ports should be opened when devices are connected to the Internet through a corporate WiFi router that is behind a company firewall. For those devices to reach the Apple/Google Push Notification and C2DM servers, these ports must also be allowed outbound on the firewall.

Port Description
5223

From internal Corporate WiFi router outbound  to Apple Push Notification servers: gateway.push.apple.com, feedback.push.apple.com

5228 From internal Corporate WiFi router outbound to Google GCM servers: android.apis.google.com and google.com


Account Permissions

Basic Security Configuration (Single Server) Enhanced Security Configuration (Dual Servers)
Installation Service Accounts:
  • Windows Auth
    • Service account must be local admin and a Domain account. 
      Server must be joined to the Domain.
      • Log in to server with this account prior to installing EMM.
    • Service account must have permissions for installation of EMM Database.*
       
  • SQL Auth
    • Service Account must have permissions for installation of the EMM Database.*
    • SQL must be configured to allow SQL Auth through SQL Management Studio.
       
  • LDAP Settings
    • Domain Account

Installation Service Accounts:

EMM Hub (Internal) Server

  • Windows Auth
    • Service account must be local admin and a Domain account.
      Server must be joined to the Domain.
      • Log in to server with this account prior to installing EMM Hub.
    • Service account must have permissions for installation of EMM Database*
       
  • SQL Auth
    • Service Account must have permissions for installation of the EMM Database.*
    • SQL must be configured to allow SQL Auth through SQL Management Studio.
       
  • LDAP Settings
    • Domain Account

EMM Proxy (External) Server

  • Windows Auth
    • Must be a local admin
* See KB79251 for additional details on permissions for installation of the EMM database.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.
United States - English
© 2003-2013 McAfee, Inc.