System Requirements

DSM modules require a shared directory on the file server. Both the DSM program files and the DSM packages (the so called repository) are placed on this depot.

Every user account needs Full control on the depot share.

The actual file system permissions must be configured as follows:

• Read access for all users

• Read and Write access for the Distribution Service account and for the DSM administrators

We do not recommend assigning permissions with one of the built-in administrator groups.

Refer to User Accounts and File System Permissions in the online help for detailed information on the required file system permissions.

The share on the server on which you install Ivanti DSM must not be changed at a later time.

The first depot of an DSM environment is the central depot, where the program files are installed and updated. Other depots are the region depots, site depots or local depots.

You can also use Network Attached Storages (NAS) shares for such depots which support the Common Internet File System (CIFS) protocol.

Microsoft client operating systems only support a limited number of parallel inbound connections.

Software

If SMB is used, no additional software is needed. If the share is located on a NAS file server, please contact Support for details.

If HTTP depot is used, additional software is required. See section below for details.

In general, the same requirements apply whether you operate a depot based on an HTTP protocol (for example a site in a DMZ) or on a SMB protocol.

A Management Point always uses the SMB protocol when accessing its master depot. For this reason, all master depots of a site must support SMB.

Supported Operating Systems

• Windows Server 2012

• Windows Server 2012 R2

• Windows Server 2016

• Windows Server 2019

• Windows Server 2022

• Windows 10

• Windows 11

Microsoft client operating systems only support a limited number of parallel inbound connections.

To use an http depot, a web server is required on the computer that hosts the depot files. It is generally recommended to use a computer with installed server operating system.

The following server features must be installed on a Windows Server 2012 (R2) / 2016 / 2019 / 2022 with HTTP depot and Management Point:

Display Name	Name	NumericId
[X] Web Server (IIS)	Web-Server	2
. . . [X] Web Server	Web-WebServer	140
. . . . . . [X] Common HTTP Features	Web-Common-Http	141
. . . . . . . . . [X] Default Document	Web-Default-Doc	143
. . . . . . . . . [X] Directory Browsing	Web-Dir-Browsing	144
. . . . . . . . . [X] HTTP Errors	Web-Http-Errors	145
. . . . . . . . . [X] Static Content	Web-Static-Content	142
. . . . . . . . . [X] WebDAV Publishing	Web-DAV-Publishing	314
. . . . . . [X] Health and Diagnostics	Web-Health	155
. . . . . . . . . [X] HTTP Logging	Web-Http-Logging	156
. . . . . . . . . [X] Request Monitor	Web-Request-Monitor	158
. . . . . . [X] Performance	Web-Performance	171
. . . . . . . . . [X] Static Content Compression	Web-Stat-Compression	172
. . . . . . [X] Security	Web-Security	162
. . . . . . . . . [X] Request Filtering	Web-Filtering	169
. . . . . . . . . [X] URL Authorization	Web-Url-Auth	168
. . . . . . . . . [X] Windows Authentication	Web-Windows-Auth	164
. . . . . . [ ] Application Development
. . . . . . . . . [X] .NET Extensibility 4.5/4.6	Web-Net-Ext45	414
. . . . . . . . . [X] ASP	Web-ASP	150
. . . . . . . . . [X] ASP.NET 4.5/4.6	Web-Asp-Ext45	413
. . . . . . . . . [X] ISAPI Extensions	Web-ISAPI-Ext	152
. . . . . . . . . [X] ISAPI Filters	Web-ISAPI-Filters	153
. . . [X] Management Tools	Web-Mgmt-Tools	174
. . . . . . [X] IIS Management Console	Web-Mgmt-Console	175
. . . . . . [X] IIS 6 Management Compatibility	Web-Mgmt-Compat	178
. . . . . . . . . [X] IIS 6 Metabase Compatibility	Web-Metabase	179
. . . . . . . . . [X] IIS 6 Management Console	Web-Lgcy-Mgmt-Console	182
. . . . . . . . . [X] IIS 6 Scripting Tools	Web-Lgcy-Scripting	181
. . . . . . . . . [X] IIS 6 WMI Compatibility	Web-WMI	180
. . . . . . [X] IIS Management Scripts and Tools	Web-Scripting-Tools	176
[ ] .NET Framework 3.5.1 Features
[ ] .NET Framework 4.8 Features
. . . [ ] WCF Services
. . . . . . [X] HTTP Activation	NET-WCF-HTTP-Activation	421
[X] Remote Server Administration Tools	RSAT	67
. . . [X] Role Administration Tools	RSAT-Role-Tools	256

Software

The following software must be installed for an HTTP depot:

• IIS 6.0, 7.5, 8.0 or 10.0

• activated Microsoft WebDAV (if not using DSM WebDAV Server)

• NET 4.6 / 4.8 (if using the DSM WebDAV Server)

The IIS is automatically configured on the target system with WMI and ADSI. Alternatively, you may also use Apache 2.2.x or 2.4.x as a web server. In this case, specify the configuration of the Apache Server for WebDAV and the permissions for the distribution account manually.

Make sure to always use the distribution account for the initial distribution of DSM program files to the depot.

The DSM Database (DSMDB) belongs to the management application Business Logic Server. In principle, it is possible to install the database system for the Management Database and the other components of the Management Point all on the same server. However, on larger networks we recommend using a separate server for the database.

Supported database systems

• MS SQL Server 2012 incl. Express
• MS SQL Server 2014 incl. Express
• MS SQL Server 2016 incl. Express
• MS SQL Server 2017 incl. Express
• MS SQL Server 2019 incl. Express

Special features such as Database Mirroring, AlwaysOn or Availability Groups are not part of the standard Quality Assurance. Their functionality can therefore not be guaranteed when used with Ivanti DSM.

Select the Appropriate SQL Server Edition

If you are working in a small environment or if you are only testing, you can install SQL Server 2012 Express. You can use the database system in test environments or smaller environments up to 2000 clients.

In productive environments we recommend applying database systems with full functionality.

SQL Server 2019 Express is provided on the DSM product DVD.

Network

The following requirement must be satisfied:

• The database server and the Management Point Server (with the Business Logic applications) must be linked via a network connection with low latency and high bandwidth.

• All database and web servers in the DSM environment must be synchronized in time.

Configuration

In addition to the manufacturer's requirements, the following requirements must also be satisfied for use together with the Management Point:

• As DSM supports only SQL Server authentication it is absolutely essential that the authentication mode 'SQL Server and Windows Authentication mode' is enabled in your database server’s security settings.
  
  To do this on the SQL Server, select the option SQL Server and Windows Authentication mode in the Microsoft SQL Server Management Studio (Security tab in the server’s properties dialog box). This setting is the SQL Server default setting.

• For the client NamedPipes and TCPIP protocol must be enabled

• The service SQL Server Browser must be started

• The setting Allow Remote Connection in the server’s security settings has to be active

• SQL Server should not be used with the Case-sensitive option. Otherwise problems may occur when importing data or searching for data in the DSMC!

• The name of the used database must not be master.

You can create several databases in one database system.

HEAT Software recommends optimizing the DSMDB at regular intervals to improve performance. To this end, HEAT software provides the Database Tuning Advisor. You can find it in the DSM share under ...\SSI\DSMDatabaseTuningAdvisor.

For instructions on using the Database Tuning Advisor, see the Knowledge Base (https://forums.ivanti.com/s/article/How-to-handle-fragmented-indexes-of-the-DSMDB-CMDB).

User Accounts

When creating the Management Point, a database user is required who will be assigned read and write permissions for the database. This database user must already exist before the Management Point is created. The Management Point stores this user and uses it for all database accesses.

The option SQL Server authentication must be selected for the database user.

If the database is to be created automatically when the Management Point is being created, the Management Point Wizard also needs a database user who has permission to create a database. This user is used only once and is not stored.

The Management Point used by various management applications is installed on this server. In this context, Business Logic applications represent the central services for the access to the data of the DSM Database (DSMDB).

The first Management Point of an DSM environment is the Central Management Point; this is where the Business Logic Server is installed together with the DSM Database (DSMDB).

Other Management Points are referred to as Management Point only. In distributed environments, these Management Point may also have Business Logic applications.

You cannot use a Management Point server with an underscore in its name.

Business Logic Applications

For management applications with business logic a server operating system is absolutely required. This applies for the following management applications:

• Business Logic Server (BLS)

• Auxiliary Service

Business Logic Server and Auxiliary Service are using the same database.

The database is generally installed on a separate database server. It is only in the case of very small networks that we recommend also installing the database on the Management Point server.

Supported Operating Systems

For Business Logic applications one of the following server operating systems is absolutely required:

• Windows Server 2012 Standard, Datacenter Windows*

• Windows Server 2012 R2 Standard, Datacenter*

• Windows Server 2016

• Windows Server 2019

• Windows Server 2022

* These operating systems need to be fully patched to work with the latest encryption used in DSM.

Hardware

The minimum RAM size for a Business Logic Server should be 2 GB.

The required disk capacity on the Management Point server depends on the installed management applications. These have different requirements which need to be added when combining several applications.

The requirements are listed in the system requirements of the individual application.

Software

• IIS 6.0 or higher (except for the Auxiliary Service)

• .NET Framework 4.8 as a minimum

• Power Shell 2.0 (for Auxiliary Service, only when using the Virtualization feature)

The Internet Information Services (IIS) are a prerequisite for transmitting data between Management Points and managed computers via HTTP.

Network

Management applications are set up and configured using the DSM infrastructure. As a result, the requirements for the DSM infrastructure apply to the Management Points as well.

The following requirements must also be satisfied:

• When using several Management Points, the servers for the various Management Points on the LAN or WAN must be linked to each other.

• The database server and the Management Point Server (with the Business Logic applications) must be linked via a network connection with low latency and high bandwidth.

• All database and web servers in the DSM environment must be synchronized in time.

Configuration

Please configure the Windows Servers according to the list in the topic Configuration of Different Windows Server Versions for Management Points.

For Management Points which contain specific management applications only, a computer with a client operating system may also be used.

Management Applications

You can also install the following management applications on Management Points with a client operating system:

• OSD Proxy

• Client Proxy

• Service Installation Service (SIS)

• Distribution Service

• Event Dispatcher

• Transport Layer

• Patch Management Service

You can only install the following management applications on Management Points with a server operating system:

• Relay Proxy

Supported Operating Systems

• Windows Server 2012 Standard, Datacenter, Core*

• Windows Server 2012 R2 Standard, Datacenter, Core*

Support for Windows Core editions is experimental and can be subject to future changes; it is not part of the standard Quality Assurance. When using Windows Core editions, any feedback is highly appreciated.

• Windows Server 2016

• Windows Server 2019

• Windows Server 2022

• Windows 10 Professional, Enterprise (incl. LTSB und WTG), Education

• Windows 11

* These operating systems need to be fully patched to work with the latest encryption used in DSM.

Software

This software is required on all Management Points:

• .NET Framework 4.8 as a minimum

This software is only required for OSD Proxy, Client Proxy, Event Dispatcher and Relay Proxy:

• IIS 6.0 or higher

Configuration

Please configure the Windows Servers according to the list in chapter Configuration of different Windows Server versions for Management Points.

Computers that are to be managed with DSM modules and have the DSM Client installed.

The listed operating systems can be managed in Ivanti DSM, Windows and Linux operating systems can be installed using DSM OS Deployment. HEAT Remote and DSM Patch Management do not support all of these operating systems, detail requirements are specified in the online help of the respective product.

Supported Windows Operating Systems

• Windows 10 Professional, Enterprise (incl. LTSB und WTG), Education

• Windows 10 1909 Enterprise IOT

• Windows 10 and 11 Multi-Session (VDI systems typically available in Azure)

• Windows 11

• Windows Server 2012 Standard, Datacenter, Hyper-V, Core*

• Windows Server 2012 R2 Standard, Datacenter, Hyper-V, Core*

• Windows Server 2016

• Windows Server 2019

• Windows Server 2022

* These operating systems need to be fully patched to work with the latest encryption used in DSM.

In DSM, a managed computer is clearly identified based on its hardware information (e.g. SMBIOS GUID and Initial MAC Address). An exception are "computers" on USB sticks with Windows To Go operating system, which are offered for Windows 8/8.1. Since there is no identification of such computer objects based on the hardware, SID and FQDN of the operating system are used instead. Thus, a unique identification is possible even if the USB stick is connected to different computers. In the Basic Inventory Windows To Go is reported as Installed Operating System Flavor.

Supported Linux Operating Systems (incl. Linux systems available at release date)

• CentOS from version 5

• Debian

• Fedora from version 9

• OpenSUSE from version 10.3

• Red Hat Enterprise Linux Server from version 5

• Red Hat Enterprise Linux Client from version 5

• SUSE Linux Enterprise Server from version 10

• SUSE Linux Enterprise Desktop from version 10

• Ubuntu

Make sure to install the x32 libraries (“libc6-i386”) so that you can install and run the DSM Unix Client on x64 systems. Also “cifs-utils” needs to be installed.

All other Linux operating systems are recognized as Unknown Linux (x64) or Unknown Linux (x86).

Other Supported Operating Systems

• MacOS X

Note: MacOS 10.15 Catalina doesn’t support 32bit Applications. Therefore, it won’t be possible to install the current DSM Client.

Configuration

A computer that is to be managed by the DSM modules must be able to communicate with the Management Point via HTTP.

The administration of your DSM environment is done via the DSM Console (DSMC). To administer your DSM environment in the DSMC you will need an administrator workstation.

You can operate the DSMC directly on the Management Point server or from any workstations that fulfill the requirements below.

Software

The following MUST be running on the workstation:

• Internet Explorer Version 7.x or higher

Configuration

Management Point websites that are opened in the Internet Explorer need to be registered in the Local Intranet zone of the Internet Properties. In this case, the default settings are presumably kept for Security (Medium).

DSM modules automatically enter Management Point websites in Local Intranet when the DSMC or the Installer are started on the computer. This needs to be done manually if neither DSMC nor Installer have been started; or you need to log on additionally each time you open the website.