Requirements and Prerequisites

Pre-requisites are requirements essential to be met for onboarding success, which includes successful installation of the agent and Syxsense software’s further functioning. Pre-requisites are the first thing you should check before installing Syxsense as failure to review and implement pre-requisite configuration recommendations will lead to the product not functioning either fully or partially.

It is essential that all the prerequisites are configured properly! If you follow, for instance, the vRep installation instructions but won't whitelist BLOB storage in the antivirus and firewall, you will be able to see the console but won't be able to distribute software or patch. And if you don't whitelist CloudManagementSuite, the system won't function at all.

In this section, you will find out how to prepare your system for Syxsense agent installation, device discovery, and further management, what locations your firewall should whitelist, which directories should be configured, and which ports should be opened internally to provide flawless functioning of Syxsense.

We organized all the requirements in an easy-to-read form for your convenience. So, don't forget to double-check that all the requirements are met, and all the needed exclusions are in place.

The Syxsense application is hosted via Microsoft Azure and easily accessible with any web browser over HTTPS; however, due to browser differences and optional plugins, Syxsense recommends Chromium-based browsers such as: 

  • Google Chrome
  • Microsoft Edge

 Operating System vs. Browser Zoom Setting Note:

Some displays may scale the Syxsense console differently and it’s generally recommended that the operating system apps and text on the main display are set to default zoom of 100%. Any larger operating system zoom settings may involve compensation from the native browser zoom settings for a better perspective.

 Visit Get Started section for more information.

Windows devices support all features of Syxsense Manage, Secure and EnterpriseWindows devices support all features of Syxsense Manage, Secure and Enterprise

Devices below are supported for vRep, MicroAgent, standard discovery, and agentless installations:

  • Windows 7 (patching only with ESU activation until January 10, 2023)
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 (Self-hosted - Patching only successful with ESU activation until January 10th, 2023, Azure-hosted - Patching only successful with ESU activation until January 9th, 2024 )
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022

OS Requirements for Windows Devices

  • Net Framework 2.0
  • Net Framework 4.0 Full Version (not Client Profile)

Linux devices support discovery, inventory, and patching with Syxsense Manage and EnterpriseLinux devices support discovery, inventory, and patching with Syxsense Manage and Enterprise

Linux devices support discovery, inventory, patching, software deployment, and remote tools with Syxsense Manage; additional Cortex actions with Syxsense Secure and Enterprise. Linux OS variants below are supported with the Syxsense Linux Agent installation:

  • CentOS (version 7 or above)
  • Debian (version 9 or above)
  • Oracle Linux (version 7 or above)
  • RedHat (version 7 or above)
  • RedHat (version 7.9)
  • SUSE (version 12 SP2 or above)
  • openSUSE (version 15 or above)
  • Ubuntu (version 16.04 (LTS) or above)
  • Ubuntu (version 20.04 LTS)
  • Rocky Linux (all versions)
  • Alma Linux (all versions)
  • Amazon Linux (version 2)

For Linux patching only, agentless is available via SSH from the vRep client (requires at least 1 Windows device for vRep). Any authorized SSH account will suffice; however, ensure that the account is part of the ‘sudoers’ file, or simply has ‘sudo’ access. This will ensure that the account can run the necessary install commands with root privileges. If using the vRep discovery and SSH capabilities, this is required for all variants of Linux.

Mac devices support discovery, inventory, patching, software deployment with Syxsense Manage and EnterpriseMac devices support discovery, inventory, patching, software deployment with Syxsense Manage and Enterprise

macOS devices support discovery, inventory, patching, software deployment with Syxsense Manage; additional Cortex actions and pre-built 3rd party playbooks with Syxsense Secure and Enterprise. macOS versions below are support for the Syxsense Mac Agent installation:

  • OS X Mojave
  • OS X Big Sur
  • OS X Catalina
  • OS X Monterrey

Discovery and ManagementDiscovery and Management

To discover and manage other devices on your network the following requirements must be met:

  • Install a vRep and approve the vRep from the Devices vReps section 
  • Add administrator account(s)
  • The vRep will need to be able to connect to devices over TCP ports 135 (RPC with service started), 139 and 445 (file sharing Administrative/C$ Shares). These are the typical Windows SMB ports used for remote administration and with Active Directory. If you use the Windows Firewall, you can enable File and Printer Sharing to open these ports. For Workgroup devices, simply install the MicroAgent software manually (easier method than making significant environmental changes to local admin rights and Windows Registry).
  • Create a Discover Task and target site IP Address Range(s), administrator account(s), and appropriate scheduled time to run the discovery.

Whitelisted Locations Whitelisted Locations

The following locations must be whitelisted by the firewall (or refer to vRep Relay functionality):

Location Reason
(your-site-name).cloudmanagementsuite.com To ensure devices can reach cloud console and for console email notifications
verismic.blob.core.windows.net Clustered content repository within Microsoft Azure
Ciscobinary.openh264.org  On-demand codec for Syxsense Remote Control if integrated/dedicated graphics cannot be leveraged on endpoint

Antivirus / HIPS ExceptionsAntivirus / HIPS Exceptions

Before any installation occurs, please ensure that all existing solutions have exceptions for Syxsense communication. The following directories must be excluded from any endpoint protection software:

OS Directory Location Reason
Windows C:\$VCMSTEMP$\ Standard installation directory for vRep and MicroAgent
C:\Program Files (x86)\Verismic\ Standard installation directory for vRep
C:\Windows\System32\config\systemprofile\ Appdata\Roaming\Verismic CMS\ Standard installation directory for vRep and MicroAgent certificates and task logs
Linux \usr\share\SyxsenseResponder Standard installation directory for Linux Agent 
MacOS \System\Library\Application Support\Syxsense\ Standard installation directory for macOS Agent
\System\Library\LaunchDaemons\ Standard plist directory for macOS services

Network Port RequirementsNetwork Port Requirements

Standard service ports to open internally:

Port Direction Recommendation Reason
Port 80 Local to Internet Required Download of patches from software vendor download sites. Download of Patches from Syxsense Content Server.
TCP Port 443 (HTTPS) Internal/External Required All communication to the cloud console
TCP Port 135 Internal Optional Discovery: vRep to Windows devices
TCP Port 139 Internal

Recommended; Required for Discovery

 Discovery: vRep to Windows devices
TCP Port 445 Internal Recommended; Required for Discovery Discovery: vRep to Windows devices
TCP Port 22 Internal Optional; Required for Discovery and Linux/Mac Discovery: vRep to Linux/Mac devices

Custom service ports to open internally:

Port Direction Recommendation Reason
TCP Port 51341 Internal Required (for Syxsense Secure/ Enterprise) Patch and Vulnerability Scanning
TCP/UDP Port 51342 Internal Required for P2P vRep to Managed Device
TCP Port 51343 Internal Required for P2P MicroAgent Primary Port
TCP/UDP Port 51344 Internal Required Software Deployment (secure P2P sharing)
TCP/UDP Port 51345 Internal Optional (Required for vRep Relay) vRep Relay Functionality

vRep Proxy Relay Configuration (if required)vRep Proxy Relay Configuration (if required)

For private network devices without Internet access, Syxsense can manage these devices using our vRep.  The vRep acts as a centralized proxy and discovery agent, relaying data to/from the private network to the perimeter and back to the cloud services.

Sample environment diagram:

How to implement the Proxy Relay:

  • Install a vRep in the perimeter (or subnet where it will have Internet access)
  • In the Syxsense console, create a Site to represent the private network/subnet
  • Assign the intended vRep device to the site (right-click the Site and choose Config vReps)
  • Before leaving the Site Config, place all required IP Address Ranges in the IP Address Ranges section
  • Run a Discovery Task on the new Site and all ranges applicable. During the Discovery Task Wizard, administrative/service account details will be required.
  • Repeat the process for each private network

During the discovery process, the vRep will automatically assign itself as the proxy to manage these devices. These devices will send traffic through the vRep, so that Internet access is not required on the private network. The discovering vRep will amend the RelayURLs.json file, within the agent directory, with its respective hostname and IP Address.