Permissions/Security
The PST Flight Deck service account requires local Administrator access to all PST Flight Deck servers, full read/write access to the BITS upload share and the storage location that the share points at, and also active SQL dbcreator permissions during the installation process.
For migrations to an Enterprise Vault target, the account used as the PST Flight Deck service account needs to be the Vault Service account used for the applicable Enterprise Vault server(s).
All accounts used during the operation of a PST Flight Deck project require the ability to access applicable servers, and to have full read/write access to the PST Flight Deck SQL database. Any account used during the operation of PST Flight Deck must be configured as an Expert in PST Flight Deck to have full control over Console functions.
Accounts running services that provide supplemental functionality, such as the Share Scanner or Central Upload Agent, require permission sufficient to access the resources they are acting against. For some of the more advanced features of the Central Upload Agent, this may include access to local workstation administrative shares. Typically these components run under accounts other than the service account.
Ports
The following ports must be open for communication between PST Flight Deck and its dependencies.
|
Source |
Destination |
Port |
Description |
|---|---|---|---|
|
Workstation |
PST Flight Deck Server |
80/443 |
Agent communication |
|
PST Flight Deck Core |
SQL Server |
1433 |
SQL access |
|
Module Node |
PST Flight Deck Core |
80/443, 445 (SMB) |
Module to core communication |
|
Ingest Node |
PST Flight Deck Core, and target system |
80/443, 445 (SMB) |
Module to core communication |
|
Workstation |
Upload location server |
81/444 |
File transfer (BITS)* |
* In addition to the Default Web Site, PST Flight Deck uses a separate PST Flight Deck BITS Website. The Default Web Sites communication passes via port 80/443, whereas the BITS website is preconfigured to use port 81/444. Having this as separate website makes it possible to limit bandwidth immediately when the server is in OFF STATE (because of a full disk for upload) while communication to the Default Web Site continues. All ports can be changed manually, if needed.
Additional Requirements
PST Flight Deck has a highly extendable architecture. As this is the case, the requirements per deployment may change. The following section stipulates the additional requirements needed for supplemental components used within a deployment.
For Ingestion into Exchange or Office 365
Two types of accounts are required in PST Flight Deck when ingesting. Any account used for these targets will need to be assigned application impersonation rights. To use some of the advanced functionality available to Exchange or Office 365 targets,
To migrate data for people who have left the organization to an Office 365 target, an account with additional permissions is required. In addition to having application impersonation rights assigned, the Exchange Administrator and User Management Administrator roles are also required in order to apply the licenses necessary for this type of migration.
|
|
NOTE: GCC and GCC High tenants are supported. |
