Chat now with support
Chat with Support

Enterprise Reporter 3.2.1 - Installation and Deployment Guide

Product Overview Installation Considerations for Enterprise Reporter Installing and Configuring Enterprise Reporter Managing Your Enterprise Reporter Deployment Troubleshooting Issues with Enterprise Reporter Appendix: Database Content Wizard Appendix: Encryption Key Manager Appendix: Log Viewer

Optimize Node Setup

Two of the most common questions are, “What nodes do I deploy?’ and, “What computer specifications do I need?” To determine the answers to these questions, we typically look at the following criteria.

The following sections outline considerations when optimizing node setup for each type of discovery.

Active Directory collections are sequential and create heavy network traffic as they query the domain controller so the network connection to the domain controller is the primary concern. Locating the node close to the domain controller is recommended. Choose a domain controller close to your node when you configure the discovery. Technical Documentation. 

For more information, see Choosing your Active Directory Scopes.

The CPU benchmarks of the node computer affect the threading capability so it is a secondary concern.

Typically, an organization with one domain only needs one node. Additional nodes usually only help optimize concurrent collection when there are multiple domains.

 

Small

< 100K
1 domain

Primary
Concern

No
Concern

No
Concern

Secondary
Concern

1

 

Medium

100K - 500K
1 domain

Primary
Concern

No
Concern

No
Concern

Secondary
Concern

 

1

 

Large

500K - 1M
1 domain

Primary
Concern

No
Concern

No
Concern

Secondary
Concern

 

1

•break single discoveries by object type

•use one discovery per object type combined with schedules

Azure Active Directory collections are sequential and create heavy network traffic as they query Azure. Ensuring the node machine has optimal network bandwidth is the primary concern. The CPU benchmarks of the node computer affect the threading capability, so it is a secondary concern. Typically, an organization with one tenant only needs one node.

 

Small

< 100K
1 tenant

Primary
Concern

No
Concern

Tertiary
Concern

Secondary
Concern

1

Medium

100K - 500K
1 tenant

Primary
Concern

No
Concern

Tertiary
Concern

Secondary
Concern

1

Large

500K - 1M
1 tenant

Primary
Concern

No
Concern

Tertiary
Concern

Secondary
Concern

1

Computer collections are sequential and create heavy network traffic as they query each local computer. Ensuring the node machine has optimal network bandwidth is the primary concern.

 

Small

< 5K

Primary
Concern

No
Concern

Secondary
Concern

Tertiary
Concern

1 - 3

Medium

5K - 10K

Primary
Concern

No
Concern

Secondary
Concern

Tertiary
Concern

3 - 8

Large

> 10K

Primary
Concern

No
Concern

Secondary
Concern

Tertiary
Concern

8 - 10

 

Small
1 - 10
Computers

< 2M

Primary
Concern

Secondary
Concern

No
Concern

Secondary
Concern

1 - 3

Medium

1 - 10
Computers

< 20M

Primary
Concern

Secondary
Concern

No
Concern

Secondary
Concern

3 - 9

Large

> 10
Computers

> 20M

Primary
Concern

Secondary
Concern

No
Concern

Secondary
Concern

10

 

 

Small

1 - 3

Primary
Concern

Tertiary
Concern

Secondary
Concern

No
Concern

1

Medium

3 - 5

Secondary
Concern

Primary
Concern

Tertiary
Concern

No
Concern

2

Large

> 5

Secondary
Concern

Primary
Concern

Tertiary
Concern

No
Concern

> 3

 

The most important guideline is to collect only the information required. For example, most files have inherited permissions so, typically, collecting folder permissions is sufficient.

By default, NTFS discoveries, will create multiple tasks (one task per share) to improve performance. If disk speed is slow, network bandwidth is low, or there is only one node, disable this performance option.

 

Small

0 - 5M

Secondary
Concern

Tertiary
Concern

Primary
Concern

No
Concern

1 - 3

 

Medium

5M - 100M

Secondary
Concern

Tertiary
Concern

Primary
Concern

No
Concern

3 - 6

 

Large

100M - 1B
multiple shares

Secondary
Concern

Tertiary
Concern

Primary
Concern

No
Concern

6 - 101

•use multiple tasks option unless slow disk speed, low network bandwidth, or one node


1

These considerations apply to Exchange Online, Microsoft Teams, and OneDrive discoveries.

OneDrive can be divided into multiple discoveries to increase collection speed. If Microsoft throttling is often an issue, the use of multiple credentials can help minimize throttling.

 

Small

 

Primary
Concern

No
Concern

Tertiary
Concern

Secondary
Concern

1

Medium

 

Primary
Concern

No
Concern

Tertiary
Concern

Secondary
Concern

1

Large

 

Primary
Concern

No
Concern

Tertiary
Concern

Secondary
Concern

1

Plan Credential Use

There is granular control over the credentials that are used to perform various functions in Enterprise Reporter. For more information, see Role Based Security in Enterprise Reporter and Technical Documentation. 

See also:

Logged In User Details

You can use as many or as few credentials as you need. Many of the credentials used in Enterprise Reporter are stored in the Credential Manager, which makes it easy to replace or update credentials across your environment.

Credentials for the Configuration Manager are stored in a single Credential Manager, shared by all Configuration Manager users. If only certain employees know the passwords or are responsible for certain credentials, such as service credentials, one of those employees can add the credentials to the Credential Manager, and then all Enterprise Reporter administrators can use them.

Credentials in the Credential Manager are used in the following ways in the Configuration Manager:

Each Report Manager user has their own Credential Manager. Credentials in the Credential Manager are used in the following ways in the Report Manager:

The logged in user is used for:

Understanding Credentials Using Scenarios

The following scenarios outline how credentials can be used in different environments:

If you have a simple deployment, you can permission two sets of credentials to perform all functions. In this scenario, you have a single Enterprise Reporter administrator, who manages installation, discoveries, and reporting. The following table outlines the required permissions:

Administrator’s user account

Use these credentials to log in to the computer, and to schedule reports.

Launch consoles

Be a member of Reporter_Discovery_Admins and Reporter_Reporting_Admins groups

Enumerate scopes

Read access to all discovery targets

Deliver reports by email

Access to the SMTP server

Enumerate report delivery shares and deliver reports

Read and write access to the delivery share

 

 

Service credentials

Use these credentials for the Enterprise Reporter server and all nodes.

Use the shared data location, if configured for a cluster

Read and write access to the share

Writing to the database

Be a member of Reporter_Discovery_Nodes group

Collect data

Be a local administrator on all computer targets, and have read access to targeted domains, SQL servers, NTFS objects

A complex deployment may require some thought to determine what credentials you want to use in different situations. With effort, you can minimize the permissions you must add to accounts to use Enterprise Reporter. Keep in mind that some of the data collected is available only to privileged accounts. In most cases, accounts with inadequate privileges can collect partial data.

For this scenario:

For each domain you need:

Service credential

Use these credentials for the Enterprise Reporter server and all nodes.

Enterprise Reporter server service

 

Node service

Local administrator access to the node host

Shared Data Location for each cluster

Read and write access to the share

Administrator’s user account

Use these credentials to log in to the computer running the Configuration Manager.

Launch console

You also need:

SQL Account

When creating the database or modify using the Database Wizard

Communication between the server and database

Logging in to the Report Manager

Communication between the node and the database

Read and write access to the database

Report Administrator account

Log in to the Report Manager

Must be a member of the Reporter_Reporting_Admins group

Deliver reports by email

Access to the SMTP server

Enumerate report delivery shares and deliver reports

Read and write access to the delivery share

 

 

For browsing to your discovery targets and collecting the data you can choose the credentials that make sense for your environment. Set these credentials at the discovery level. For example:

For Active Directory® discoveries, you could use a domain admin account that has access to the targeted domain.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating