Onsite Manager
Onsite Manager is not typically resource-intensive, but can be depending on the number of devices under management and monitoring configuration. Dedicated Onsite Manager servers are recommended for larger sites to avoid resource contention impacting the performance of Onsite Manager or other roles the server performs.
Hardware
Memory and disk space requirements listed in this section must be dedicated to Onsite Manager, so additional resources are required for the server operating system and any other roles performed.
All Onsite Manager configurations require the following:
- 10 GB free space in the system volume for the application and database files
- 30 GB free space for storing Microsoft updates if storing patches locally
- System hardware requirements as listed in the table below:
| Size of Site | Hardware Requirements | Additional RAM Required for Patch Management |
|---|---|---|
Small (up to 15 devices, including 1 server) | Dual core processor with 4 GB RAM | 4 GB |
Medium (up to 75 devices, including 15 servers) | Dual core processor with 6 GB RAM | 4 GB |
Large (up to 256 devices, including 30 servers) | Dual core processor with 8 GB RAM | 4 GB |
Enterprise 1 (up to 500 devices, including 50 servers) | Contact technical support for assistance in optimizing configuration. Multiple Onsite Managers or combinations of Onsite Managers and Device Managers may be used. | |
Enterprise 2 (up to 1000 devices including 100 servers) |
Notes:
- To allow for growth, it is recommended that you dedicate between 4 and 8 GB of RAM for the Onsite Manager for optimal performance regardless of site size.
- If you choose to use patch management in Barracuda Managed Workplace, the Onsite Manager machine must have at least 4GB of RAM.
- It is not recommended to install software on Exchange servers or Hyper-V hosts, as these systems are typically extremely busy, and an installation could result in resource contention.
- Additionally, it is not recommended that you install Onsite Manager on domain controllers, which can pose a security risk.
- For Barracuda Managed Workplace 11 SP2 MR1 and later, the Onsite Manager installer download for Windows is in .zip format instead of .exe and must be extracted during the default and advanced install processes.
All the software listed in this section has passed performance testing with Barracuda Managed Workplace 10.0. While it may be possible to install on other versions of Windows or other required applications, it is not recommended because support may be limited for any products not explicitly listed.
Installation
The following installer is required:
- Windows Installer 4.5
Operating System
Barracuda Managed Workplace must be installed on a 64-bit operating system. Note that all required software components must be installed in 64-bit mode. The following operating systems are supported:
- Microsoft Windows Server 2019 (Standard and Enterprise)
- Microsoft Windows Server 2016 (Essentials, Standard, and Datacenter)
- Microsoft Windows Server 2012 R2 (Foundation, Essentials, Standard, and Datacenter)
- Microsoft Windows Server 2012 (Foundation, Essentials, Standard, and Datacenter)
- Microsoft Windows Server 2011 (Small Business Server)
- Windows Server 2008 R2 SP1 (Web, Standard, Small Business Server, Enterprise)
- Microsoft Windows 10 Pro or Enterprise Edition
- Microsoft Windows Home Server 8
- Microsoft Windows 8.1 Pro
- Microsoft Windows 7 SP1 Professional or Ultimate
- Windows Home Server 2011
Notes:
- Windows 7, 8, and 10 are limited to a single user session. Installing Onsite Manager requires that it be dedicated to Barracuda Managed Workplace to prevent remote desktop protocol (RDP) sessions from logging out a user. Only one RDP session can take place at any time.
Naming Conventions
The computer name of machines must adhere to the following RFC for patch caching to work correctly: https://tools.ietf.org/html/rfc952
Database Server
Onsite Manager installs a dedicated instance of Microsoft SQL Server 2014 Express.
Notes:
- Previous versions of Onsite Manager supported other SQL versions. When upgrading a legacy version installed on another SQL version, the original database server is retained.
- Previous versions of Onsite Manager supported the use of remote database servers. Barracuda Managed Workplace now requires the database be local to the Onsite Manager.
Best Practice: Installing Microsoft SQL Management Studio Express provides an interface to take back ups and interact with the database. This install also requires Microsoft PowerShell 1.0, also available.
Application Framework
The following application frameworks are required:
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 4.6.0 or higher (4.6.1 or higher is recommended)
External Network Requirements
The following table lists the networking requirements for Onsite Manager.
| Default Port | Purpose |
|---|---|
80 TCP outbound | Communicating with Service Center over HTTP and using BITS |
443 TCP outbound | Communicating with Service Center over HTTPS and using BITS |
Internal Mandatory Network Requirements
These ports must be open between Onsite Manager and the managed devices for discovery and monitoring. If SNMP or Syslog monitoring is not taking place, the associated ports do not need to be open. Inbound and outbound qualify the direction between Onsite Manager and the managed devices, not the Internet.
| Default Port | Purpose |
|---|---|
53 UDP inbound and outbound | Domain Name System (DNS) resolution |
135 and 445 TCP inbound and outbound | WMI monitoring |
161 TCP and UPDP inbound and outbound | SNMP monitoring |
162 UDP inbound | Receiving SNMP traps |
514 UDP inbound | Receiving Syslog messages |
3389 TCP outbound | OM Utilities, AMT console, and Web Console remote sessions operating via RDP |
6996 TCP inbound on the Onsite Manager and outbound on the Device Manager | Receiving communications from Device Managers |
8989 TCP inbound | Communication between MWExpertSystem and OMNetworkServices Windows Services, for Onsite Manager |
16992 TCP outbound | Connection to Intel® vPro™ AMT consoles |
16994 TCP outbound | Connection to Intel® vPro™ AMT consoles using iKVM |
Internal Optional Network Requirements
These ports must be open between Onsite Manager and the managed devices for the corresponding features to function correctly. If a specific remote control solution is not being used for the site, its port does not have to be opened. Inbound and outbound qualify the direction between Onsite Manager and the managed devices, not the Internet.
| Port | Purpose |
|---|---|
22 TCP outbound | Secure Shell (SSH) remote control |
23 TCP outbound | Telnet remote control |
80 and 8350 TCP outbound | Connection to web consoles |
3389 TCP outbound | Remote Desktop Protocol (RDP) remote control |
5900 TCP outbound | Virtual Network Computing (VNC) remote control |
7204 TCP inbound on the Onsite Manager machine | Patch management |
7205 TCP inbound on the Onsite Manager machine | Patch management, if storing patches locally |
| 7206 - 7207 inbound | Integrated AntiVirus |
16992 TCP outbound | Intel® Active Management Technology management traffic for Intel® vPro™ |
Site Security Assessment Requirements
Several domain-related site security assessment tests require a functioning Onsite Manager to be assessed. The requirements for these tests to be assessed are:
- Onsite Manager with Remote Server Administration tools is installed.
- The Group Policy Management Console is enabled on the Onsite Manager.
- The device hosting the Onsite Manager is attached to the domain.
- The MWService account must be a domain Admin account, and not a local account.
Required External Sites for Onsite Manager
For the external sites required by Onsite Manager, see Required External Sites for Barracuda Managed Workplace.
Device Manager and Support Assistant
Hardware
Device Manager requires the following:
- P4 CPU or better
- 100 MB free in the system partition
Software
Barracuda Managed Workplace will install natively for either 32- or 64-bit versions of the server operating system. All versions of the following operating systems are supported, unless otherwise noted:
- Mac OS X 10.8, 10.9, 10.10, 10.11, 10.12, and 10.13
- Microsoft Windows Server 2016 (Essentials, Standard, and Datacenter)
- Microsoft Windows Server 2012 R2 (Essentials, Standard, and Datacenter)
- Microsoft Windows Server 2012 (Foundation, Essentials, Standard, and Datacenter)
- Microsoft Windows Server 2011 (Small Business Server)
- Microsoft Windows Server 2008 SP2 (Web, Standard, Small Business Server, Enterprise and Datacenter)
- Windows Server 2008 R2 SP1 (Web, Standard, Small Business Server, Enterprise and Datacenter)
- Microsoft Windows 10 Pro or Enterprise Edition
- Microsoft Windows Home Server 8
- Microsoft Windows 8.1 Pro and Enterprise
- Microsoft Home Server 2011
- Microsoft Windows 7 SP1 Professional or Ultimate
- Microsoft Windows Vista SP2 Business or Ultimate
Application Framework
The following application frameworks are required:
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 4.6.0 or higher (4.6.1 or higher is recommended)
Internal Mandatory Network Requirements
These ports must be available on the managed device where Device Managers and/or Support Assistants are installed.
| Port | Purpose |
|---|---|
51000+ TCP local | Creates a local connection to OMDesktop from the MW service, and blocks any connection attempts from external sources. Ports above 51000 are used in sequence matching the user session in Windows. So, for the first logged in user, port 51001 is used for communications. For the second, 51002 will be used, and so on. |
80 or 443 (depending on whether you are using HTTP or HTTPS for SCMessaging) outbound | Required for ticket creation |
Note:
- As a safety precaution, the DM installer inserts a rule in the firewall rule to block all inbound TCP traffic to the OMDesktop from any external source. When a Device Manager is uninstalled, this firewall rule is also removed.
- For Barracuda Managed Workplace 11 SP2 MR1 and later, the Device Manager installer download is in .zip format instead of .exe or .pkg and must be extracted during the default and advanced install processes.
Required External Sites for Device Managers and Support Assistant
For the external sites required by Device Managers and Support Assistant, see Required External Sites for Barracuda Managed Workplace.