Since Internet Explorer is no longer supported, you must install a third-party browser to properly access the Management Console.
If Internet Explorer is required to validate the Management Console, you must disable Internet Explorer Enhanced Security Configuration for the account type that corresponds to the logged-in administrator.
Port and Firewall Configuration
Client and Server Communication to the Public (Outbound)
The below services and ports are required for the Dell Server to communicate with managed endpoints. These ports and services must be capable of outbound communication. If SSL inspection and proxy services are in use, the URLs require exclusions from them.
On-the-Box Entitlement Validation
Destination URL
cloud.dell.com
Port
443
Outbound Device
Security Management Server or Security Management Server Virtual in Back-End configuration
Originating Service
Dell Security Server
Originating Port
8443
Advanced Threat Prevention client communication
Destination URLs
North America
login.cylance.com
protect.cylance.com
data.cylance.com
update.cylance.com
api.cylance.com
protect-api.cylance.com
download.cylance.com
South America
login-sae1.cylance.com
protect-sae1.cylance.com
data-sae1.cylance.com
update-sae1.cylance.com
api-sae1.cylance.com
protect-api-sae1.cylance.com
download-sae1.cylance.com
Europe
login-euc1.cylance.com
protect-euc1.cylance.com
data-euc1.cylance.com
update-euc1.cylance.com
api-euc1.cylance.com
protect-api-euc1.cylance.com
download-euc1.cylance.com
Middle East and Asia
login-au.cylance.com
protect-au.cylance.com
data-au.cylance.com
update-au.cylance.com
api-au.cylance.com
protect-api-au.cylance.com
download-au.cylance.com
Japan, Australia, and New Zealand
login-apne1.cylance.com
protect-apne1.cylance.com
data-apne1.cylance.com
update-apne1.cylance.com
api-apne1.cylance.com
protect-api-apne1.cylance.com
download-apne1.cylance.com
Port
443
Outbound Device
All managed endpoints
Outbound Service
CylanceSVC
Originating Port
443
Public Communication to Front-End Server (if needed)
This sees information traveling from the Internet to the Front-End server. Firewall or routing configuration must have ports set as inbound from a public or Internet connection to one or more Front-End servers or a load balancer.
Dell Core Server Proxy: HTTPS/8888
Dell Device Server: HTTPS/8081
Dell Policy Proxy: TCP/8000
Dell Security Server: HTTPS/8443
DMZ or Front-End Communication to Back-End Server (if needed)
The below services and ports communicate from any Security Management Server that is configured in Front-End mode to the Security Management Server configured in Back-End mode. Firewall or routing configuration must have ports set as inbound from one or more Front-End servers or load balancers to the Back-End server.
Front-End Dell Policy Proxy and Dell Beacon Server to Back-End Dell Message Broker: STOMP/61613
Front-End Dell Security Server Proxy to Back-End Dell Security Server: HTTPS/8443
Front-End Dell Core Server Proxy to Back-End Dell Core Server: HTTPS/8888
Front-End Dell Device Server to Back-End Dell Security Server: HTTPS/8443
Back-End Server to Internal Network
The below services and ports are used for communication to the respective services internally by clients on the domain or connected through VPN. Dell Technologies recommends that several of these services should not be forwarded outside of the network, or the service is filtered in the Front-End Server’s configuration by default. Firewall or routing configuration must have these ports set as inbound from the internal network to the Back-End Security Management Server.
Management Console hosted on the Dell Security Server: HTTPS/8443
Dell Core Server: HTTPS/8888
Dell Device Server: HTTP(S)/8081
NOTE:This legacy service is only required for Dell Encryption clients pre-8.x. This service can be safely disabled if all clients within the environment are 8.0 or later.
Key Server: TCP/8050
Dell Policy Proxy: TCP/8000
Dell Security Server: HTTPS/8443
Certificate-based Authentication, hosted through the Dell Security Server: HTTPS/8449
NOTE:Dell Encryption clients that are installed on Windows Server Operating Systems or clients that are installed in Server mode use this function. For additional information about installing clients in this Server mode, see
Encryption Enterprise Advanced Installation Guide.
Infrastructure Communication
Active Directory, leveraged for User Authentication with Dell Encryption TCP/389/636 (local domain controller), TCP/3268/3269 (global catalog), TCP/135/49125+ (RPC)
Email communication (optional): 25/587
Microsoft SQL Server: 1433 (default port)
Microsoft SQL Database Creation and Management
Create the Dell Server Database:
These instructions are optional. If a database does not exist, the installer creates it by default. If you prefer to set up a database before installing the Security Management Server, follow the instructions below to create the SQL database and SQL user in SQL Management Studio. Ensure that appropriate permissions are set for SQL databases that are not automatically created during installation of the Security Management Server. To see a list of required permissions, see
Software Requirements.
The Security Management Server is configured for both SQL and Windows authentication.
NOTE:The expected nondefault coalition that is supported for your SQL database or SQL instance is "SQL_Latin1_General_CP1_CI_AS" collation. Collation must be case insensitive and accent sensitive.
Installation Prerequisites
Prerequisites are installed by default during the Security Management Server's installation on Windows Server operating systems. The below prerequisites can optionally be installed before the Security Management Server installation to bypass reboot requirements.
Install Visual C++ Redistributable Packages
If not already installed, install Visual C++ 2010, 2013, and 2015 (or later) Redistributable packages. Optionally, you can allow the Security Management Server installer to install these components.
NOTE: Installing the Microsoft Visual C++ Redistributable packages may require a reboot.
.NET Framework 4.5 is preinstalled on Windows Server 2012 R2 and later as a feature of Server Manager.
Install SQL Native Client 2012
If using SQL Server 2012 or SQL Server 2016, install SQL Native Client 2012. Optionally, you can allow the Security Management Server installer to install the component.
Import the Server Installation License
For a new installation
- copy your Product Key (the name of the file is
EnterpriseServerInstallKey.ini) to
C:\Windows to automatically populate the 32-character Product Key in the
Security Management Server installer.
NOTE:The EnterpriseServerInstallKey.ini is present in the Security Management Server's download package, available
here.