Lenovo Device Orchestration Requirements

Lenovo Device Orchestration Requirements

Lenovo Device Orchestration is a cloud-based solution, enabling customers to access detailed results without the need for infrastructure setup or upfront investment. Data collection is performed through lightweight agents.

LDO requires devices to meet the following minimum specifications.

 

Category

Requirements

Manufacturer

Currently any Lenovo device (Windows, Android and Linux) is supported.

Third party devices with the LDM UDC agent installed may also be supported, but all feature functionality support is not guaranteed.

Operating System

Windows

1.      Versions

  • Windows 10 version 1809 (October 2019 update) or higher
  • Windows 10 IOT Enterprise
  • Windows 11 (10.0.22621.1992) (July 11, 2023) or higher
  • Windows 11 IOT Enterprise

2.      64-bit OS.

3.      Windows ARM is supported.

4.      This includes both Lenovo products and non-Lenovo PCs.

5.      Special editions such as "10 S" or "10x" are not currently supported.

Linux

Ubuntu version 20.4 or higher.

  • ARM is supported.
  • This includes both Lenovo products and non-Lenovo PCs.

ChromeOS

  • The LDO platform supports ChromeOS via Google Cloud connection.
  • Google determines which ChromeOS devices can be added to Google Cloud. 

Android

Version 10 or higher.

  • Includes Android Tablets, Edge Devices, and ARVR headsets.

LDO DEX also supports:

macOS

  • MacOS versions 10.9 and above
  • Intel-based CPUs
  • Apple Silicon CPUs

iOS

  • iOS Agent app requires iOS 13.2+.
  • A Mobile Device Management (MDM) solution is recommended for App deployment and continuous data collection.
  • These MDM solutions are supported:
  • Jamf
  • Workspace ONE
  • Microsoft Intune

* More info for macOS and iOS here.

Hardware

Trusted Platform Module (TPM) 2.0 enabled.

Processor supports x86 instruction set architecture.

Environment

Access to the Internet - specifically *.uds.lenovo.com on ports 8080, 443.

Proxy is supported in some scenarios. Devices may require additional configuration to support.

UDC Agent

For support of all defined functionality within this document, the following UDC agent versions are required: 

Update UDC versions:

·        UDC Windows 26.2.0.11

·        UDC Windows ARM 26.2.0.11

·        UDC Linux 26.1.0.20

·        UDC Linux ARM 26.1.0.20

·        UDC Android 25.9.0.17

·        Intel vPro version: 1.13.1

Info
Intel vPro® functionality may vary based on the version of vPro installed on the device. Devices with versions prior to Intel Gen 15 may not have full remote management capabilities.
Info
UDC uses a security feature called Certificate Pinning. UDC does not support the scenario where a proxy service in your environment performs TLS inspection (decrypting and re-encrypting traffic using an alternate certificate). You must completely exclude the traffic for *.uds.lenovo.com from the proxy or disable TLS inspection for that endpoint. Please refer to your proxy service documentation for how to achieve this.

Agent Folders

The following agent folders require Antivirus exclusion and PowerShell allow-listing:

UDS Folder
  1. C:\ProgramData\Lenovo\Udc\
    1. UDC work folder used for local DB, config, logging, app deploy, etc
  2. C:\Windows\System32\drivers\lenovo\UDC
    1. Driver folder
SysTrack Folder (if LDO DEX)
  1. C:\Program Files (x86)\SysTrack\LsiAgent
    1. Used for local DB, config, logging, automation deploy, etc

Required Network Endpoints

The following endpoints must be allowed on your network and excluded from SSL / TLS Inspection due to secure network traffic encryption. 
Endpoints are grouped by region. If your organization is hosted in North America (NA), only NA endpoints apply. If your organization is hosted in Europe (EU), only EU endpoints apply.
If your organization does not use SysTrack with LDO DEX, those endpoints can be ignored.

Consolidated

*.lenovo.com : 443 (for primary Lenovo Device Orchestration downloads and functions)

*.launchdarkly.com : 443 (for managing the rollout of new UI features)

*.cloudfront.net : 443 (for LDO's AWS CDN)

chifsr.lenovomm.com : 443 (for VantageService firmware and driver downloads)

*.lakesidesoftware.com : 443 (for primary SysTrack downloads and functions)

checkip.dyndns.org : 443 (for SysTrack general IP location / region)

 

LDO DEX NA (only if your organization is using SysTrack)

api.naea1.uds.lenovo.com : 443  (for device registration)

api-mtls.naea1.uds.lenovo.com : 443  (for normal API messaging)

mqtt-mtls.naea1.uds.lenovo.com : 443  (for mqtt messaging between agent and cloud)

mqtt.naea1.uds.lenovo.com : 443  (mqtt communication)

cdn-file-store.naea1.uds.lenovo.com : 443  (for package downloads)

ema-swarm.naea1.uds.lenovo.com : 8080 (ema swarm server for remote desktop)

download.lenovo.com : 443 (for VantageService firmware and driver downloads)

filedownload.lenovo.com (for VantageService firmware and driver downloads)

supportapi.lenovo.com (for VantageService firmware and driver downloads)

chifsr.lenovomm.com (for VantageService firmware and driver downloads)

 

downloads.uds.lenovo.com => d3d1fttqc7h8vh.cloudfront.net

downloads.*.uds.lenovo.com => d3d1fttqc7h8vh.cloudfront.net

portal.ldo.lenovo.com => dlqwlvr76fatx.cloudfront.net

callhome.uds.lenovo.com => d3jc3tecbpue8w.cloudfront.net

portal-cdn.naea1.uds.lenovo.com => d2b31kl1s9wr00.cloudfront.net

cdn-file-store.naea1.uds.lenovo.com => d3hwjplxwbeo3l.cloudfront.net

app-download.naea1.uds.lenovo.com => ddowrpfgpf3pf.cloudfront.net

portal.naea1.uds.lenovo.com => d17echy1pewvlz.cloudfront.net

 

lenovo-usa.lakesidesoftware.com : 443  (for SysTrack)

cloud-cdn.lakesidesoftware.com : 443  (for SysTrack package downloads)

checkip.dyndns.org : 443  (for SysTrack to gain general IP location region)


LDO DEX (SysTrack) EU (only if your organization is using SysTrack)

api.euwe1.uds.lenovo.com : 443  (for device registration)

api-mtls.euwe1.uds.lenovo.com : 443  (for normal API messaging)

mqtt-mtls.euwe1.uds.lenovo.com : 443  (for mqtt messaging between agent and cloud)

cdn-file-store.euwe1.uds.lenovo.com : 443  (for package downloads)

mqtt.euwe1.uds.lenovo.com : 443 (mqtt communication)

ema-swarm.naea1.uds.lenovo.com : 8080 (ema swarm server for remote desktop)

download.lenovo.com : 443 (for VantageService firmware and driver downloads)

filedownload.lenovo.com (for VantageService firmware and driver downloads)

supportapi.lenovo.com (for VantageService firmware and driver downloads)

chifsr.lenovomm.com (for VantageService firmware and driver downloads)

 

downloads.uds.lenovo.com => d3d1fttqc7h8vh.cloudfront.net

downloads.*.uds.lenovo.com => d3d1fttqc7h8vh.cloudfront.net

portal.ldo.lenovo.com => dlqwlvr76fatx.cloudfront.net

callhome.uds.lenovo.com => d3jc3tecbpue8w.cloudfront.net

portal-cdn.euwe1.uds.lenovo.com => d24aar924ywepb.cloudfront.net

cdn-file-store.euwe1.uds.lenovo.com => d9njarf7jo7tm.cloudfront.net

app-download.euwe1.uds.lenovo.com => d2zv1gf9rk9sjl.cloudfront.net

portal.euwe1.uds.lenovo.com => du2o7c6o9tgov.cloudfront.net

 

lenovo-eu.lakesidesoftware.com : 443  (for SysTrack)

cloud-de-cdn.lakesidesoftware.com : 443  (for SysTrackpackage downloads)

checkip.dyndns.org : 443  (for SysTrack to gain general IP location region)


LDO DEX (SysTrack) ANZ - where country code is Australia or New Zealand

lenovo-anz.lakesidesoftware.com : 443  (for SysTrack)

cloud-au-cdn.lakesidesoftware.com : 443  (for SysTrackpackage downloads)

checkip.dyndns.org : 443  (for SysTrack to gain general IP location region)

LDO NA

api.naea1.uds.lenovo.com : 443  (for device registration)

api-mtls.naea1.uds.lenovo.com : 443  (for normal API messaging)

mqtt-mtls.naea1.uds.lenovo.com : 443  (for mqtt messaging between agent and cloud)

cdn-file-store.naea1.uds.lenovo.com : 443  (for package downloads)

mqtt.naea1.uds.lenovo.com : 443 (mqtt communication)

ema-swarm.naea1.uds.lenovo.com : 8080 (ema swarm server for remote desktop)

download.lenovo.com : 443 (for VantageService firmware and driver downloads)

filedownload.lenovo.com (for VantageService firmware and driver downloads)

supportapi.lenovo.com (for VantageService firmware and driver downloads)

chifsr.lenovomm.com (for VantageService firmware and driver downloads)

downloads.uds.lenovo.com => d3d1fttqc7h8vh.cloudfront.net

downloads.*.uds.lenovo.com => d3d1fttqc7h8vh.cloudfront.net

portal.ldo.lenovo.com => dlqwlvr76fatx.cloudfront.net

callhome.uds.lenovo.com => d3jc3tecbpue8w.cloudfront.net

portal-cdn.naea1.uds.lenovo.com => d2b31kl1s9wr00.cloudfront.net

cdn-file-store.naea1.uds.lenovo.com => d3hwjplxwbeo3l.cloudfront.net

app-download.naea1.uds.lenovo.com => ddowrpfgpf3pf.cloudfront.net

portal.naea1.uds.lenovo.com => d17echy1pewvlz.cloudfront.net
 

LDO EU

api.euwe1.uds.lenovo.com : 443  (for device registration)

api-mtls.euwe1.uds.lenovo.com : 443  (for normal API messaging)

mqtt-mtls.euwe1.uds.lenovo.com : 443  (for mqtt messaging between agent and cloud)

cdn-file-store.euwe1.uds.lenovo.com : 443  (for package downloads)

mqtt.euwe1.uds.lenovo.com : 443 (mqtt communication)

account.euwe1.uds.lenovo.com (used for authentication / keycloak)

ema-swarm.naea1.uds.lenovo.com : 8080 (ema swarm server for remote desktop)

download.lenovo.com : 443 (for VantageService firmware and driver downloads)

filedownload.lenovo.com (for VantageService firmware and driver downloads)

supportapi.lenovo.com (for VantageService firmware and driver downloads)

chifsr.lenovomm.com (for VantageService firmware and driver downloads)

downloads.uds.lenovo.com => d3d1fttqc7h8vh.cloudfront.net

downloads.*.uds.lenovo.com => d3d1fttqc7h8vh.cloudfront.net

portal.ldo.lenovo.com => dlqwlvr76fatx.cloudfront.net

callhome.uds.lenovo.com => d3jc3tecbpue8w.cloudfront.net

portal-cdn.euwe1.uds.lenovo.com => d24aar924ywepb.cloudfront.net

cdn-file-store.euwe1.uds.lenovo.com => d9njarf7jo7tm.cloudfront.net

app-download.euwe1.uds.lenovo.com => d2zv1gf9rk9sjl.cloudfront.net

portal.euwe1.uds.lenovo.com => du2o7c6o9tgov.cloudfront.net

    • Related Articles

    • UDC Agent Plugins in Device Management

      The UDC agent supports multiple plugins that enable various functionalities within Device Management. These plugins manage telemetry, system updates, power management, docking station integration, and more. Below is a list of plugins included with ...

    • Viewing Device Information – Android Operating System

      Device Details provides comprehensive information about a device and allows administrators to perform a variety of management actions. To access this page, navigate to Device Management > Devices and select a device. Please note that the device must ...

    • Using Intel vPro® Agent in Device Management

      Device Management support Intel vPro® EMA functionality with the installation of the Intel vPro® agent during Device Management provisioning. Certain Device Management features may be available differently for devices with Intel vPro® Essentials and ...

    • Deploying Lenovo Device Orchestration Agent in Intune

      This article provides instructions for creating an Intune application to deploy the Lenovo Device Orchestration Agent. Download the LDO Agent and set the expiry date of the agent. In the LDO console, go to Device Management > Devices. Click on the ...

    • Lenovo Device Orchestration Release Notes v.26.4

      Components Release Version Availability Date Lenovo Device Orchestration 26.4 NA: April 26, 2026 EU: April 25, 2026 User Device Services (UDS) Cloud Portal/Frontend 26.4 April 23, 2026 Universal Device Client (UDC) Agent UDC Windows 26.2.0.11 UDC ...