Skip to content
Last update: 2022-04-14

Install and set up the Sophos Mobile server

Requirements

  • If you plan to connect Sophos Mobile to an existing database, make sure you have the logon credentials for the database available before starting the installation, and that you have sufficient permissions to create new data stores, user accounts and data records.
  • If the database is not held locally, you need access to the connection port of the database server. Default ports are TCP 1433 for Microsoft SQL Server and TCP 3306 for MySQL. You also need an admin account that the Sophos Mobile server can use to access the database.
  1. Sign in to Windows with a user account that has local administrator rights.
  2. Start the Sophos Mobile installer.
  3. On the System Property Checks page, click Check to run the tests to verify that your system environment meets all the necessary requirements for Sophos Mobile. See System environment requirements.

    You can click Report to generate a report of the test results.

  4. On the Choose Install Location page, choose the destination folder for Sophos Mobile server.

  5. On the Database Type Selection page, select the database type you want to use:

    • Install and use Microsoft SQL Server Express: Installs Microsoft SQL Server Express and configures it to be used with Sophos Mobile.
    • Use existing Microsoft SQL Server installation: Uses your existing installation of Microsoft SQL Server and creates a new database for Sophos Mobile.
    • Use existing MySQL installation: Uses your existing installation of MySQL and creates a new database for Sophos Mobile.
  6. On the Database Settings page, enter the logon credentials for the database.

    Note

    If you select the Use SQL Server Authentication option, you need to make sure that the SQL login language is set to English. For details, see Change the SQL login language.

  7. On the Database Selection page, click Create a new database named and enter a name for the database to be created, for example SMCDB.

  8. On the Database Configuration page, progress messages are displayed during the database creation. When the database has been successfully created and populated, click Next to continue.
  9. If you have selected Windows authentication for the database access, there is a page Set service credentials where you set the Windows account under which the Sophos Mobile service runs.

    You can use the Local System account or a user account. In the latter case, enter the user account either as <computer name>\<user name> or as <domain>\<user name>.

    The installer will assign the database access rights to that account.

    Warning

    For security reasons, we recommend that you run the Sophos Mobile service as a user with limited access rights. The user account should have the following properties:

    • User account is a local Windows account on the computer on which Sophos Mobile is installed.
    • User is not a member of any group, not even of the users group.
    • User can access your SQL database with the necessary change rights. For an MS-SQL database, this means that the user must be a member of the db_datareader and db_datawriter roles.
  10. On the Configure super admin account page, configure the account details of the super administrator.

    The super administrator is primarily intended for customer management and should not be used for routine device management. The super administrator logs in to the super administrator customer and can, for example, predefine settings for new customers and push settings and configurations to existing customers.

    The super administrator credentials are required for the first login to Sophos Mobile Admin. After installation, additional super administrators can be added in Sophos Mobile Admin.

  11. On the Configure external server name page, enter a Sophos Mobile server name (for example smc.mycompany.com).

    The server name must be resolvable by the managed devices.

  12. On the Configure server certificate page, import a certificate for secure (HTTPS) access to the web server.

    • If you have a trusted certificate, click Import a certificate from a trusted issuer and select an option from the drop-down list.
    • If you do not have a trusted certificate yet, select Create self-signed certificate.

    Your Sophos product delivery includes the SSL Certificate Wizard to request your SSL/TLS certificate for Sophos Mobile. See Request an SSL/TLS certificate.

  13. On the next page, enter the relevant certificate information, depending on the type of certificate that you selected.

    For a self-signed certificate, you need to specify a server that is accessible from the managed devices.

  14. On the Server Information page, verify the server information, then click Next to confirm the server and configuration process.

  15. After installation has finished, the Sophos Mobile Control - Installation finished dialog box is displayed. Make sure that the Start Sophos Mobile server now check box is selected and click Finish to start the Sophos Mobile service for the first time.

    After the service has been started it can take a few minutes before the Sophos Mobile web interface is available.

After the installation there are a few initial configuration steps that you need to perform:

Back to top