Chat now with support
Chat with Support

Enterprise Reporter 3.5 - Installation and Deployment Guide

Product Overview Installation Considerations for Enterprise Reporter Installing and Configuring Enterprise Reporter Managing Your Enterprise Reporter Deployment Troubleshooting Issues with Enterprise Reporter Appendix: Database Content Wizard Appendix: Encryption Key Manager Appendix: Log Viewer

Understanding Credentials Using Scenarios

The following scenarios outline how credentials can be used in different environments:

If you have a simple deployment, you can permission two sets of credentials to perform all functions. In this scenario, you have a single Enterprise Reporter administrator, who manages installation, discoveries, and reporting. The following table outlines the required permissions:

Administrator’s user account

Use these credentials to log in to the computer, and to schedule reports.

Launch consoles

Be a member of Reporter_Discovery_Admins and Reporter_Reporting_Admins groups

Enumerate scopes

Read access to all discovery targets

Publish to SSRS

Write access to the SSRS server

Deliver reports by email

Access to the SMTP server

Enumerate report delivery shares and deliver reports

Read and write access to the delivery share

Service credentials

Use these credentials for the Enterprise Reporter server and all nodes.

Use the shared data location, if configured for a cluster

Read and write access to the share

Writing to the database

Be a member of Reporter_Discovery_Nodes group

Collect data

Be a local administrator on all computer targets, and have read access to targeted domains, SQL servers, NTFS objects

A complex deployment may require some thought to determine what credentials you want to use in different situations. With effort, you can minimize the permissions you must add to accounts to use Enterprise Reporter. Keep in mind that some of the data collected is available only to privileged accounts. In most cases, accounts with inadequate privileges can collect partial data.

For this scenario:

For each domain you need:

Service credential

Use these credentials for the Enterprise Reporter server and all nodes.

Enterprise Reporter server service

 

Node service

Local administrator access to the node host

Shared Data Location for each cluster

Read and write access to the share

Administrator’s user account

Use these credentials to log in to the computer running the Configuration Manager.

Launch console

Be a member of Reporter_Discovery_Admins group

SharePoint Online

An account with access to the discovery target tenant.

Collection of all SharePoint Online site collections

Administrator permissions, including tenant settings and policies, site information, and permissions are required.

A SharePoint administrator role is recommended.

You also need:

SQL Account

When creating the database or modify using the Database Wizard

Communication between the server and database

Logging in to the Report Manager

Communication between the node and the database

Read and write access to the database

Report Administrator account

Log in to the Report Manager

Must be a member of the Reporter_Reporting_Admins group

Publish to SSRS

Write access to the SSRS server

Deliver reports by email

Access to the SMTP server

Enumerate report delivery shares and deliver reports

Read and write access to the delivery share

SharePoint Online

Collection of all SharePoint Online site collections

The discovery credentials must have site collection administrator rights to each site collection that is being collected.

If additional credentials are being specified to minimize Azure throttling limitations, these credentials must have the same permissions.

Refer to credentials required to create and consent to the Enterprise Reporter SharePoint Online application required for this discovery.

For browsing to your discovery targets and collecting the data you can choose the credentials that make sense for your environment. Set these credentials at the discovery level. For example:

For Active Directory® discoveries, you could use a domain admin account that has access to the targeted domain.

Effectively Deploy Remote Nodes

You can deploy nodes from the Configuration Manager or manually. When you are deploying a node to a remote computer, factors such as firewall configuration and network latency can cause problems. In this case, you can deploy a node manually on the host computer. For more information, see Node Deployment Issues . You can also supply alternate credentials to be used for Node service deployment. This account must have permission to copy files in the Admin$ share folder and to install and run services.

Deploying a Node to a Trusted Domain

When deploying a node to a trusted domain, the remote domain must trust the domain where the Enterprise Reporter Server is installed because the account that runs the node service has to authenticate to the Enterprise Reporter Server.

We strongly recommend deploying the Enterprise Reporter Node software on a computer that is local to the discovery targets - in this case, in the remote domain.

The Enterprise Reporter Service Account requires Local Administrator access to the remote node computers to deploy the node using the Configuration Manager.

The Enterprise Reporter Node service account has the following requirements.

When deploying a node to a trusted domain, the port requirements are the same as when deploying a node to a local domain. For more information, see Port Requirements .

Optimize Data Transfer

When you run a discovery for the first time, all of the data is collected and written to the database. For subsequent runs, only the changes are written. Determining the changes requires some processing, and you can choose the data source against which to compare the new data. You have two choices, and you may need to experiment to find the best setting for each cluster:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating