Lenovo Device Orchestration Requirements

Lenovo Device Orchestration Requirements

Lenovo Device Orchestration is a cloud-based solution, enabling customers to access detailed results without the need for infrastructure setup or upfront investment. Data collection is performed through lightweight agents.

LDO requires devices to meet the following minimum specifications.

Category

Requirements

Manufacturer

Currently any Lenovo device (Windows, Android and Linux) is supported.

Third party devices with the LDM UDC agent installed may also be supported, but all feature functionality support is not guaranteed.

Operating System

Windows

1.      Versions

  • Windows 10 version 1809 (October 2019 update) or higher
  • Windows 10 IOT Enterprise
  • Windows 11 (10.0.22621.1992) (July 11, 2023) or higher
  • Windows 11 IOT Enterprise

2.      64-bit OS.

3.      Windows ARM is supported.

4.      This includes both Lenovo products and non-Lenovo PCs.

5.      Special editions such as "10 S" or "10x" are not currently supported.

Linux

Ubuntu version 20.4 or higher.

  • ARM is supported.
  • This includes both Lenovo products and non-Lenovo PCs.

ChromeOS

  • The LDO platform supports ChromeOS via Google Cloud connection.
  • Google determines which ChromeOS devices can be added to Google Cloud.

 

Android

Version 10 or higher.

  • Includes Android Tablets, Edge Devices, and ARVR headsets.


LDO DEX also supports:
macOS
  • MacOS versions 10.9 and above
  • Intel-based CPUs
  • Apple Silicon CPUs

iOS

  • iOS Agent app requires iOS 13.2+.

    A Mobile Device Management (MDM) solution is recommended for App deployment and continuous data collection.

    These MDM solutions are supported:

    • Jamf

    • Workspace ONE

    • Microsoft Intune

-more info for macOS and iOS here.

Hardware

Trusted Platform Module (TPM) 2.0 enabled.

Processor supports x86 instruction set architecture.

Environment

Access to the Internet - specifically *.uds.lenovo.com on ports 8080, 443 & 8883.

Proxy is supported in some scenarios. Devices may require additional configuration to support.

UDC Agent

For support of all defined functionality within this document, the following UDC agent versions are required: 

Update UDC versions:

  1. Windows UDC 25.09.0.49
  2. Windows UDC ARM 25.09.0.49
  3. Android UDC 25.09.0.17
  4. Linux UDC 25.09.0.27
  5. Linux UDC ARM 25.09.0.27
  6. Intel vPro EMA version: 1.13.1

Info
Intel vPro® functionality may vary based on the version of vPro installed on the device. Devices with versions prior to Intel Gen 15 may not have full remote management capabilities.
Info
UDC uses a security feature called Certificate Pinning. UDC does not support the scenario where a proxy service in your environment performs TLS inspection (decrypting and re-encrypting traffic using an alternate certificate). You must completely exclude the traffic for *.uds.lenovo.com from the proxy or disable TLS inspection for that endpoint. Please refer to your proxy service documentation for how to achieve this.

SysTrack Required Network Endpoints

The following endpoints must be allowed on your network. Endpoints are grouped by region. If your organization is hosted in North America (NA), only NA endpoints apply. If your organization is hosted in Europe (EU), only EU endpoints apply.

If your organization does not use SysTrack LDO DEX, those endpoints can be ignored.

Consolidated:

*.lenovo.com : 443 (for primary Lenovo Device Orchestration downloads and functions)
*.lakesidesoftware.com : 443 (for primary SysTrack downloads and functions)
*.launchdarkly.com : 443 (for managing the rollout of new UI features)
*.cloudfront.net : 443 (for LDO's AWS CDN)

chifsr.lenovomm.com : 443 (for VantageService firmware and driver downloads)
checkip.dyndns.org : 443 (for SysTrack general IP location / region)

 

LDO DEX (SysTrack) NA (only if your organization is using SysTrack):

api.naea1.uds.lenovo.com : 443  (for device registration)
api-mtls.naea1.uds.lenovo.com : 443  (for normal API messaging)
mqtt-mtls.naea1.uds.lenovo.com : 443  (for mqtt messaging between agent and cloud)
cdn-file-store.naea1.uds.lenovo.com : 443  (for package downloads)
mqtt-mtls.naea1.uds.lenovo.com : 8883 (mqtt communication)
mqtt.naea1.uds.lenovo.com : 8883 (mqtt communication)
account.naea1.uds.lenovo.com (used for authentication / keycloak)
ema-swarm.naea1.uds.lenovo.com : 8080 (ema swarm server for remote desktop)
download.lenovo.com : 443 (for VantageService firmware and driver downloads)
filedownload.lenovo.com (for VantageService firmware and driver downloads)
supportapi.lenovo.com (for VantageService firmware and driver downloads)
chifsr.lenovomm.com (for VantageService firmware and driver downloads)
*.cloudfront.net (for AWS CDN)

lenovo-usa.lakesidesoftware.com : 443  (for SysTrack)
cloud-cdn.lakesidesoftware.com : 443  (for SysTrack package downloads)
checkip.dyndns.org : 443  (for SysTrack to gain general IP location region)

docs.lakesidesoftware.com : 443 (for access to SysTrack documentation portal)
documentation.lakesidesoftware.com : 443 (for access to SysTrack documentation portal)
customers.lakesidesoftware.com : 443 (for access to SysTrack customer portal)
uploads.lakesidesoftware.com : 443 (for access to Lakeside support ticketing upload portal)
download.lakesidesoftware.com : 443 (for SysTrack downloads)
academy.lakesidesoftware.com : 443 (for access to SysTrack customer training portal)

clientstream.launchdarkly.com : 443 (for managing the rollout of new UI features)
clientsdk.launchdarkly.com : 443 (for managing the rollout of new UI features)
app.launchdarkly.com : 443 (for managing the rollout of new UI features)
events.launchdarkly.com : 443 (for managing the rollout of new UI features)

 

LDO DEX (SysTrack) EU (only if your organization is using SysTrack):

api.euwe1.uds.lenovo.com : 443  (for device registration)
api-mtls.euwe1.uds.lenovo.com : 443  (for normal API messaging)
mqtt-mtls.euwe1.uds.lenovo.com : 443  (for mqtt messaging between agent and cloud)
cdn-file-store.euwe1.uds.lenovo.com : 443  (for package downloads)
mqtt-mtls.euwe1.uds.lenovo.com : 8883 (mqtt communication)
mqtt.euwe1.uds.lenovo.com : 8883 (mqtt communication)
account.euwe1.uds.lenovo.com (used for authentication / keycloak)
ema-swarm.euwe1.uds.lenovo.com : 8080 (ema swarm server for remote desktop)
download.lenovo.com : 443 (for VantageService firmware and driver downloads)
filedownload.lenovo.com (for VantageService firmware and driver downloads)
supportapi.lenovo.com (for VantageService firmware and driver downloads)
chifsr.lenovomm.com (for VantageService firmware and driver downloads)
*.cloudfront.net (for AWS CDN)

lenovo-eu.lakesidesoftware.com : 443  (for SysTrack)
cloud-de-cdn.lakesidesoftware.com : 443  (for SysTrackpackage downloads)
checkip.dyndns.org : 443  (for SysTrack to gain general IP location region)

docs.lakesidesoftware.com : 443 (for access to SysTrack documentation portal)
documentation.lakesidesoftware.com : 443 (for access to SysTrack documentation portal)
customers.lakesidesoftware.com : 443 (for access to SysTrack customer portal)
uploads.lakesidesoftware.com : 443 (for access to Lakeside support ticketing upload portal)
download.lakesidesoftware.com : 443 (for SysTrack downloads)
academy.lakesidesoftware.com : 443 (for access to SysTrack customer training portal)

clientstream.launchdarkly.com : 443 (for managing the rollout of new UI features)
clientsdk.launchdarkly.com : 443 (for managing the rollout of new UI features)
app.launchdarkly.com : 443 (for managing the rollout of new UI features)
events.launchdarkly.com : 443 (for managing the rollout of new UI features)

 

LDO DEX (SysTrack) ANZ - where country code is Australia or New Zealand:

lenovo-anz.lakesidesoftware.com : 443  (for SysTrack)
cloud-au-cdn.lakesidesoftware.com : 443  (for SysTrackpackage downloads)
checkip.dyndns.org : 443  (for SysTrack to gain general IP location region)

docs.lakesidesoftware.com : 443 (for access to SysTrack documentation portal)
documentation.lakesidesoftware.com : 443 (for access to SysTrack documentation portal)
customers.lakesidesoftware.com : 443 (for access to SysTrack customer portal)
uploads.lakesidesoftware.com : 443 (for access to Lakeside support ticketing upload portal)
download.lakesidesoftware.com : 443 (for SysTrack downloads)
academy.lakesidesoftware.com : 443 (for access to SysTrack customer training portal)

clientstream.launchdarkly.com : 443 (for managing the rollout of new UI features)
clientsdk.launchdarkly.com : 443 (for managing the rollout of new UI features)
app.launchdarkly.com : 443 (for managing the rollout of new UI features)
events.launchdarkly.com : 443 (for managing the rollout of new UI features) 

LDO NA:

api.naea1.uds.lenovo.com : 443  (for device registration)
api-mtls.naea1.uds.lenovo.com : 443  (for normal API messaging)
mqtt-mtls.naea1.uds.lenovo.com : 443  (for mqtt messaging between agent and cloud)
cdn-file-store.naea1.uds.lenovo.com : 443  (for package downloads)
mqtt-mtls.naea1.uds.lenovo.com : 8883 (mqtt communication)
mqtt.naea1.uds.lenovo.com : 8883 (mqtt communication)
account.naea1.uds.lenovo.com (used for authentication / keycloak)
ema-swarm.naea1.uds.lenovo.com : 8080 (ema swarm server for remote desktop)
download.lenovo.com : 443 (for VantageService firmware and driver downloads)
filedownload.lenovo.com (for VantageService firmware and driver downloads)
supportapi.lenovo.com (for VantageService firmware and driver downloads)
chifsr.lenovomm.com (for VantageService firmware and driver downloads)
*.cloudfront.net (for AWS CDN) 

LDO EU:

api.euwe1.uds.lenovo.com : 443  (for device registration)
api-mtls.euwe1.uds.lenovo.com : 443  (for normal API messaging)
mqtt-mtls.euwe1.uds.lenovo.com : 443  (for mqtt messaging between agent and cloud)
cdn-file-store.euwe1.uds.lenovo.com : 443  (for package downloads)
mqtt-mtls.euwe1.uds.lenovo.com : 8883 (mqtt communication)
mqtt.euwe1.uds.lenovo.com : 8883 (mqtt communication)
account.euwe1.uds.lenovo.com (used for authentication / keycloak)
ema-swarm.euwe1.uds.lenovo.com : 8080 (ema swarm server for remote desktop)
download.lenovo.com : 443 (for VantageService firmware and driver downloads)
filedownload.lenovo.com (for VantageService firmware and driver downloads)
supportapi.lenovo.com (for VantageService firmware and driver downloads)
chifsr.lenovomm.com (for VantageService firmware and driver downloads)
*.cloudfront.net (for AWS CDN)

    • Related Articles

    • Viewing Device Information – Android Operating System

      Once an Android device is added to the software, administrators can view its details and perform basic actions via the Device Tray. To access the Device Tray, go to Device Management > Devices, and select the device. Device Tray When you open the ...

    • Viewing Device Information – Windows Operating System

      Once a Windows device is added to Device Management, admins can view the device information and perform basic actions through the Device Tray. You can navigate to the Device Tray by following this path: Device Management > Device List > (Select the ...

    • Viewing Device Information – Linux (Ubuntu) Operating System

      Once a Linux (Ubuntu) device is added to the Device Management, administrators can view its details and perform basic actions via the Device Tray. To access the device tray, go to Device Management > Devices and select a device. If a device has not ...

    • UDC Agent Plugins in Device Management

      The UDC agent supports multiple plugins that enable various functionalities within Device Management. These plugins manage telemetry, system updates, power management, docking station integration, and more. Below is a list of plugins included with ...

    • Deploying Lenovo Device Orchestration Agent in Intune

      This article provides instructions for creating an Intune application to deploy the Lenovo Device Orchestration Agent. Download the LDO Agent and set the expiry date of the agent. In the LDO console, go to Device Management > Devices. Click on the ...