Requirements
Requirements
- One separate Windows server for each Sophos Mobile server node.
- All nodes must be on the same network.
- One Microsoft SQL or MySQL database server or cluster.
- Sophos UTM or Apache Reverse Proxy (mod_proxy) for load balancing. Load balancer must support permanent session cookies and official SSL/TLS web server certificates.
For detailed information about the installation requirements see the Sophos Mobile release notes.
Architecture
For an example of a three-node Sophos Mobile cluster, see “Architecture examples” in the Sophos Mobile server deployment guide.
For multicast communication between the individual Sophos Mobile server nodes, optionally a separate network can be used. The network interface to be used can be selected during cluster configuration, as described in Set up the first node. It may also be a VLAN.
Note
If you want to operate a second Sophos Mobile cluster for test purposes, a separate network is needed.
Ports and protocols
The following table shows the required ports and protocols for communication between the individual nodes of a Sophos Mobile server cluster.
Protocol | Ports | Destination |
---|---|---|
TCP | 7600, 8181, 57600 | <Incoming> |
TCP | 7600, 8181, 57600 | <Outgoing> |
UDP | 45700 | <Incoming> |
Server certificates
When you set up Sophos Mobile, you configure an SSL/TLS web server certificate that allows the Sophos Mobile Control app to establish a secure connection to the Sophos Mobile server. We recommend that you use a certificate that is issued by a globally trusted certificate authority (CA). In a clustered environment with several Sophos Mobile server nodes behind a load balancer, this might not be practical. You might want to use a self-signed certificate instead.