Deployment Guide
Table Of Contents
- Dell Security Management Server Installation and Migration Guide v10.2.13
- Introduction
- Requirements and Architecture
- Pre-Installation Configuration
- Install or Upgrade/Migrate
- Post-Installation Configuration
- Administrative Tasks
- Ports
- SQL Server Best Practices
- Certificates
The below services and ports are used for communication to the respective services internally by clients on the domain or
connected through VPN. Dell Technologies recommends that several of these services should not be forwarded outside of the
network, or the service is filtered in the Front-End Server’s configuration by default. Firewall or routing configuration must have
these ports set as inbound from the internal network to the Back-End Security Management Server.
● Management Console hosted on the Dell Security Server: HTTPS/8443
● Reports delivered through the Dell Compliance Reporter: HTTP(S)/8084
NOTE: This service is disabled by default. Instead, use Managed Reports, which is available in the Management Console
that is hosted by the Dell Security Server. For information about enabling the Dell Compliance Reporter for historical
reporting, see KB article SLN314792.
● Dell Core Server: HTTPS/8888
● Dell Device Server: HTTP(S)/8081
NOTE: This legacy service is only required for Dell Encryption clients pre-8.x. This service can be safely disabled if all
clients within the environment are 8.0 or later.
● Key Server: TCP/8050
● Dell Policy Proxy: TCP/8000
● Dell Security Server: HTTPS/8443
● Certificate-based Authentication, hosted through the Dell Security Server: HTTPS/8449
NOTE: Dell Encryption clients that are installed on Windows Server Operating Systems or clients that are installed in
Server mode use this function. For additional information about installing clients in this Server mode, see Encryption
Enterprise Advanced Installation Guide.
Infrastructure Communication
● Active Directory, leveraged for User Authentication with Dell Encryption TCP/389/636 (local domain controller), TCP/
3268/3269 (global catalog), TCP/135/49125+ (RPC)
● Email communication (optional): 25/587
● Microsoft SQL Server: 1433 (default port)
Microsoft SQL Database Creation and Management
Create the Dell Server Database:
These instructions are optional. If a database does not exist, the installer creates it by default. If you prefer to set up a database
before installing the Security Management Server, follow the instructions below to create the SQL database and SQL user in
SQL Management Studio. Ensure that appropriate permissions are set for SQL databases that are not automatically created
during installation of the Security Management Server. To see a list of required permissions, see Software Requirements.
When precreating the database, follow the instructions in Install Back-End Server with Existing Database.
The Security Management Server is configured for both SQL and Windows authentication.
NOTE:
The expected nondefault coalition that is supported for your SQL database or SQL instance is
"SQL_Latin1_General_CP1_CI_AS" collation. Collation must be case insensitive and accent sensitive.
Installation Prerequisites
Prerequisites are installed by default during the Security Management Server's installation on Windows Server operating
systems. The below prerequisites can optionally be installed before the Security Management Server installation to bypass
reboot requirements.
Install Visual C++ Redistributable Packages
If not already installed, install Visual C++ 2010, 2013, and 2015 (or later) Redistributable packages. Optionally, you can allow the
Security Management Server installer to install these components.
NOTE: Installing the Microsoft Visual C++ Redistributable packages may require a reboot.
Windows Server 2012 R2, Windows Server 2016, or Windows Server 2019 - https://support.microsoft.com/en-us/help/
2977003/the-latest-supported-visual-c-downloads
Install .NET Framework 4.5
.NET Framework 4.5 is preinstalled on Windows Server 2012 R2 and later as a feature of Server Manager.
Install SQL Native Client 2012
If using SQL Server 2012 or SQL Server 2016, install SQL Native Client 2012. Optionally, you can allow the Security Management
Server installer to install this component. http://www.microsoft.com/en-us/download/details.aspx?id=35580
Import the Server Installation License
Pre-Installation Configuration
15