Dell Security Management Server Installation and Migration Guide v11.9

Configuration

Access the Management Console

Since Internet Explorer is no longer supported, you must install a third-party browser to properly access the Management Console.

If Internet Explorer is required to validate the Management Console, you must disable Internet Explorer Enhanced Security Configuration for the account type that corresponds to the logged-in administrator.

Port and Firewall Configuration

Client and Server Communication to the Public (Outbound)

The below services and ports are required for the Dell Server to communicate with managed endpoints. These ports and services must be capable of outbound communication. If SSL inspection and proxy services are in use, the URLs require exclusions from them.

On-the-Box Entitlement Validation
- Destination URL
  - cloud.dell.com
- Port
  - 443
- Outbound Device
  - Security Management Server or Security Management Server Virtual in Back-End configuration
- Originating Service
  - Dell Security Server
- Originating Port
  - 8443
Advanced Threat Prevention client communication
- Destination URLs
  - North America
    - login.cylance.com
    - protect.cylance.com
    - data.cylance.com
    - update.cylance.com
    - api.cylance.com
    - protect-api.cylance.com
    - download.cylance.com
  - South America
    - login-sae1.cylance.com
    - protect-sae1.cylance.com
    - data-sae1.cylance.com
    - update-sae1.cylance.com
    - api-sae1.cylance.com
    - protect-api-sae1.cylance.com
    - download-sae1.cylance.com
  - Europe
    - login-euc1.cylance.com
    - protect-euc1.cylance.com
    - data-euc1.cylance.com
    - update-euc1.cylance.com
    - api-euc1.cylance.com
    - protect-api-euc1.cylance.com
    - download-euc1.cylance.com
  - Middle East and Asia
    - login-au.cylance.com
    - protect-au.cylance.com
    - data-au.cylance.com
    - update-au.cylance.com
    - api-au.cylance.com
    - protect-api-au.cylance.com
    - download-au.cylance.com
  - Japan, Australia, and New Zealand
    - login-apne1.cylance.com
    - protect-apne1.cylance.com
    - data-apne1.cylance.com
    - update-apne1.cylance.com
    - api-apne1.cylance.com
    - protect-api-apne1.cylance.com
    - download-apne1.cylance.com
- Port
  - 443
- Outbound Device
  - All managed endpoints
- Outbound Service
  - CylanceSVC
- Originating Port
  - 443

Public Communication to Front-End Server (if needed)

This sees information traveling from the Internet to the Front-End server. Firewall or routing configuration must have ports set as inbound from a public or Internet connection to one or more Front-End servers or a load balancer.

Dell Core Server Proxy: HTTPS/8888
Dell Device Server: HTTPS/8081
Dell Policy Proxy: TCP/8000
Dell Security Server: HTTPS/8443

DMZ or Front-End Communication to Back-End Server (if needed)

The below services and ports communicate from any Security Management Server that is configured in Front-End mode to the Security Management Server configured in Back-End mode. Firewall or routing configuration must have ports set as inbound from one or more Front-End servers or load balancers to the Back-End server.

Front-End Dell Policy Proxy and Dell Beacon Server to Back-End Dell Message Broker: STOMP/61613
Front-End Dell Security Server Proxy to Back-End Dell Security Server: HTTPS/8443
Front-End Dell Core Server Proxy to Back-End Dell Core Server: HTTPS/8888
Front-End Dell Device Server to Back-End Dell Security Server: HTTPS/8443

Back-End Server to Internal Network

The below services and ports are used for communication to the respective services internally by clients on the domain or connected through VPN. Dell Technologies recommends that several of these services should not be forwarded outside of the network, or the service is filtered in the Front-End Server’s configuration by default. Firewall or routing configuration must have these ports set as inbound from the internal network to the Back-End Security Management Server.

Management Console hosted on the Dell Security Server: HTTPS/8443
Dell Core Server: HTTPS/8888
Dell Device Server: HTTP(S)/8081
NOTE:This legacy service is only required for Dell Encryption clients pre-8.x. This service can be safely disabled if all clients within the environment are 8.0 or later.
Key Server: TCP/8050
Dell Policy Proxy: TCP/8000
Dell Security Server: HTTPS/8443
Certificate-based Authentication, hosted through the Dell Security Server: HTTPS/8449
NOTE:Dell Encryption clients that are installed on Windows Server Operating Systems or clients that are installed in Server mode use this function. For additional information about installing clients in this Server mode, see Encryption Enterprise Advanced Installation Guide.

Infrastructure Communication

Active Directory, leveraged for User Authentication with Dell Encryption TCP/389/636 (local domain controller), TCP/3268/3269 (global catalog), TCP/135/49125+ (RPC)
Email communication (optional): 25/587
Microsoft SQL Server: 1433 (default port)

Microsoft SQL Database Creation and Management

Create the Dell Server Database:

These instructions are optional. If a database does not exist, the installer creates it by default. If you prefer to set up a database before installing the Security Management Server, follow the instructions below to create the SQL database and SQL user in SQL Management Studio. Ensure that appropriate permissions are set for SQL databases that are not automatically created during installation of the Security Management Server. To see a list of required permissions, see Software Requirements.

When precreating the database, follow the instructions in Install Back-End Server with Existing Database.

The Security Management Server is configured for both SQL and Windows authentication.

NOTE:The expected nondefault coalition that is supported for your SQL database or SQL instance is "SQL_Latin1_General_CP1_CI_AS" collation. Collation must be case insensitive and accent sensitive.

Installation Prerequisites

Prerequisites are installed by default during the Security Management Server's installation on Windows Server operating systems. The below prerequisites can optionally be installed before the Security Management Server installation to bypass reboot requirements.

Install Visual C++ Redistributable Packages

If not already installed, install Visual C++ 2010, 2013, and 2015 (or later) Redistributable packages. Optionally, you can allow the Security Management Server installer to install these components.

NOTE: Installing the Microsoft Visual C++ Redistributable packages may require a reboot.

Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, or Windows Server 2022 - https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads

Install .NET Framework 4.5

.NET Framework 4.5 is preinstalled on Windows Server 2012 R2 and later as a feature of Server Manager.

Install SQL Native Client 2012

If using SQL Server 2012 or SQL Server 2016, install SQL Native Client 2012. Optionally, you can allow the Security Management Server installer to install the component.

Import the Server Installation License

For a new installation - copy your Product Key (the name of the file is EnterpriseServerInstallKey.ini) to C:\Windows to automatically populate the 32-character Product Key in the Security Management Server installer.

NOTE:The EnterpriseServerInstallKey.ini is present in the Security Management Server's download package, available here.

The preinstallation configuration of the server is complete. Continue to Install or Upgrade/Migrate.

Bienvenue

Bienvenue dans l’univers Dell

Dell Security Management Server Installation and Migration Guide v11.9

Configuration

Évaluez ce contenu