Chatta subito con l'assistenza
Chat con il supporto

Enterprise Reporter 3.2.1 - Quick Start Guide

Introducing Quest® Enterprise Reporter Key Features of Enterprise Reporter System Requirements An Overview of Enterprise Reporter Communications and Credentials Required Installing Enterprise Reporter Step-By-Step Walkthroughs

Permissions for Enterprise Reporter Discoveries on NAS Devices

The following table outlines the permissions required for Enterprise Reporter discoveries.

Table 9. Permissions required for Enterprise Reporter discoveries on NAS Devices
Discovery Type
Permissions Required for Discovery Credential

NetApp Cluster Mode

Multiple virtual machines belong to a single cluster. All of these virtual machines can be specified as discovery targets. These virtual machines must be part of a domain.

The NAS configuration must point to the cluster (name or IP address) with credentials that have read access to the cluster. These would typically be administrator credentials.

NetApp 7 Mode

In NetApp 7 mode, data can be collected on the storage controller or vFilers that are derived from the storage controller. Credentials with read access to the controller and vFiler are required.

NetApp Storage Controller

In NetApp 7 mode, data can be collected on the storage controller or vFilers that are derived from the storage controller. Credentials with read access to the controller and vFiler are required.

NetApp Filer

The vFiler can be a discovery target. In this case, the NAS configuration must point to the storage controller from which the vFilers are derived and the credentials must have read access to the storage controller.

Dell Fluid FS

The discovery target can be any Fluid FS VM. The NAS configuration must be the machine name or IP where Dell Enterprise Manager is installed and credentials must have access to Dell Enterprise Manager.

EMC Isilon

The discovery target can be any Isilon virtual machine. The NAS configuration must be the machine or IP that hosts the OneFS administration site and the credentials must have read access to it. By default, the connection is established using https and, if the connection is not deemed to be secure, the discovery will fail.

Permissions for Enterprise Reporter Tenant Applications

Enterprise Reporter requires Azure applications for the collection of Azure and Office 365 objects and attributes. These applications must be registered in the Azure portal and consent must be granted for delegated permissions. To manage tenant applications used by Enterprise Reporter please refer to in the System | Configuration | Application Tenant Management section in the Enterprise Reporter Configuration Manager User Guide.

OneDrive Azure Application Permissions

For the OneDrive discovery, an application with the name Quest Enterprise Reporter One Drive Discovery will be created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter One Drive Discovery application, the following delegated permissions are required:
Microsoft Graph: Read user files
Office 365 SharePoint Online: Read user files
Windows Azure Active Directory: Access the directory as signed-in user
Windows Azure Active Directory: Read directory data
Azure Active Directory Application Permissions

For the Azure Active Directory discovery, the Exchange Online discovery, and the collection of group members for the OneDrive discovery, an application with the name Quest Enterprise Reporter Azure Discovery will be created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter Azure Discovery application, the following delegated permissions are required:
Microsoft Graph: Access directory as the signed in user
Microsoft Graph: Read all groups
Microsoft Graph: Read all users’ basic profiles
Microsoft Graph: Read all users’ full profiles
Microsoft Graph: Read directory data
Microsoft Graph: Read identity risky user information
Microsoft Graph: Read your organization’s security events
Azure Active Directory Graph: Access the directory as signed-in user
Azure Active Directory Graph: Read all groups
Azure Resource Application Permissions

For the Azure Resource discovery, an application with the name Quest Enterprise Reporter Azure Resource Discovery will be created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter Azure Resource Discovery application, the following delegated permissions are required:
Windows Azure Service Management API: Access Azure Service Management as organization users
Windows Azure Active Directory: Access the directory as signed-in user
Windows Graph: Read all users’ basic profiles
Microsoft Teams Application Permissions

For the Microsoft Teams discovery, an application with the name Quest Enterprise Reporter Microsoft Teams Discovery will be created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter Microsoft Teams Discovery application, the following delegated permissions are required:
Microsoft Graph: Read all users’ basic profiles
Windows Azure Active Directory: Access the directory as signed-in user
Windows Azure Active Directory: Read all groups

 

 

Minimum Permissions for Initially Installing Enterprise Reporter

During your first installation, when you install the Enterprise Reporter server, there are two sets of credentials that you need to supply, as well as optional SQL credentials. This table outlines what the credentials are used for, and what permissions they require.

 
Table 10. Credential Use and Required Permissions
Credentials
Used For
Permissions Needed

Logged in user

Installing the components of Enterprise Reporter

Administrator access on the local computer.

Creating the Enterprise Reporter database, roles and logins on the SQL Server® (unless SQL credentials are provided)

Must have the right to create databases, logins and groups.

Creating the security groups

Depends on the type of groups that are chosen, but must have the right to create groups in the chosen environment.

Securing the Configuration Manager and the Report Manager. The logged in user is added to the Reporter_Discovery_Admins, Reporter_Reporting_Admins, Reporter_Reporting_Operators, and Reporter_Discovery_Nodes security groups as an administrator for both consoles when installing the server.

 

Service Account

Supplied during installation

Installing and running the Enterprise Reporter server

Login as service right is conferred on the service account by the logged in credentials during installation.

Connecting to the Enterprise Reporter database (unless SQL permissions are provided)

Read and write permissions are automatically granted during database creation.

Securing the Configuration Manager and Report Manager. The service account is automatically added to the Reporter_Discovery_Admins, Reporter_Reporting_Admins, Reporter_Reporting_Operators, and Reporter_Discovery_Nodes security groups when installing the server.

 

Optional SQL credentials

Supplied during installation

Can be used to create the Enterprise Reporter database

Must have the right to create databases, logins and groups.

If supplied, are used to connect the database by the Enterprise Reporter server.

Read and write permissions are automatically granted during database creation.

Port Requirements

For the Enterprise Reporter components to communicate, some ports must be open.
The default port used for communication between the server and the consoles is 7738. This port is also used by the nodes to access the server. The port is configured during installation of the server, and is required in the connection dialog box for both the Configuration Manager and the Report Manager.

You can view the port currently in use on the System | Information page in the Configuration Manager, and the System Information tab in the Report Manager.
The default port used for communication from the Enterprise Reporter server to the nodes is port 7737. This port may be configured during installation.

This figure outlines the ports used by the Enterprise Reporter components.

Figure 3. Ports used by Enterprise Reporter components.

*For more information on ports used when creating a discovery, see Table 11.

**For more information on ports used during data collections, see Table 12.

This table outlines the ports used by all of the Enterprise Reporter components.

Table 11. Ports used by Enterprise Reporter components
 
 
 
Configuration Manager1
Report Manager
SQL Server
ER Server
 
ER Nodes
 
Application
Port
Type
Components

FTP

20, 21

TCP

 

X

 

 

 

SMTP

25

TCP

X

X

 

X

 

WINS / NetBiOS Name Resolution

42

TCP
UDP

 

 

 

X

 

DNS FQDN Resolution

53

TCP
UDP

X

X

 

X

 

Kerberos

88

TCP
UDP

X

 

 

X

 

RPC Service & Endpoint Mapper / WMI

135

TCP
UDP

X

 

 

 

 

NetBIOS Name Service

137

UDP

 

 

 

X

 

NetBIOS Datagram (browsing)

138

UDP

X

 

 

 

 

LDAP

389

TCP
UDP

X

 

 

 

 

SQL

1433

TCP

 

X

X

X

X

SQL Server Browser Service

1434

TCP
UDP

X

X

 

 

 

Enterprise Reporter Node

7737

TCP

 

 

 

X

X

Enterprise Reporter Server

7738

TCP

X

X

 

X

X

1
For the Configuration Manager, also include the ports listed in Table 12.

This table outlines the ports used by all of the Enterprise Reporter discoveries.

Table 12. Ports used by Enterprise Reporter discoveries
 
 
 
Active Directory
Azure Active Directory
Azure Resource
Computer
Exchange
Exchange Online
File Storage Analysis
NTFS
OneDrive
Registry
SQL Server
Application
Port
Type
Discoveries

WINS / NetBiOS Name Resolution

42

TCP
UDP

X

 

 

X

X

 

X

X

 

X

X

DNS FQDN Resolution

53

TCP
UDP

X

 

 

X

X

 

X

X

 

X

X

HTTP

80

TCP

 

X

X

 

X*

X

 

 

X

 

X

Kerberos

88

TCP
UDP

X

 

 

X

X*

 

X

X

 

X

X

RPC Service & Endpoint Mapper / WMI

135

TCP
UDP

 

 

 

X

X**

 

X

X

 

X

X

NetBIOS Name Service

137

UDP

X

 

 

X

X

 

X

X

 

X

X

Remote Registry

139

TCP

 

 

 

X

X

 

X

X

 

X

 

ICMP

 

 

 

 

 

X

 

 

X

X

 

X

X

LDAP

389

TCP
UDP

X

 

 

X

X

 

X

X

 

X

X

HTTPS

443

TCP
UDP

 

X

X

 

 

 

 

 

X

 

X

SMB / Remote Registry

445

TCP

X

 

 

X

 

 

X

X

 

X

X

LDAP Secure

636

TCP

X

 

 

 

 

 

 

 

 

 

 

DCOM on XP/2003 and below
(uses an open port in this range)

1024
- 5000

TCP
UDP

 

 

 

X

X

 

X

X

 

 

X

SQL

1433

TCP

X

X

X

X

X

X

X

X

X

X

X

SQL Server Browser Service

1434

UDP

 

 

 

 

 

 

 

 

 

 

X

LDAP GC

3268

TCP

X

 

 

 

X

 

 

 

 

 

 

WinRM

5985
5986

TCP
UDP

 

 

 

 

 

X

 

 

 

 

X

Exchange PowerShell

12067

TCP

 

 

 

 

X**

 

 

 

 

 

 

DCOM on Vista/2008 and above
(uses an open port in this range)

49152
- 65535

TCP
UDP

 

 

 

X

X

 

X

X

 

 

X

*Exchange 2010 and higher, **Exchange 2007 only

The following figures outline the ports used by the Enterprise Reporter discoveries.

Figure 4. Ports used by Active Directory collections

Figure 5. Ports used by Azure and Office 365 collections (Exchange Online, MS Teams, and OneDrive)

Figure 6. Ports used by Computer collections

Figure 7. Ports used by Exchange collections

Figure 8. Ports used by File Storage Analysis collections

Figure 9. Ports used by NTFS collections

Figure 10. Ports used by Registry collections

Figure 11. Ports used by SQL collections

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione