Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Enterprise Reporter 3.5 - Installation and Deployment Guide

Table of Contents

Product Overview

Introducing Quest® Enterprise Reporter Key Features of Enterprise Reporter Enterprise Reporter Components

Enterprise Reporter Architecture

Installation Considerations for Enterprise Reporter

Before You Install Enterprise Reporter Reporter server and database considerations

Failover recovery using SQL clusters

System Requirements Overview of Enterprise Reporter communications and required credentials

Node credential and alternate credential details for on-premises discoveries Detailed permissions for Enterprise Reporter discoveries Permissions for Enterprise Reporter discoveries on NAS devices Permissions for Enterprise Reporter tenant applications Minimum permissions for installing Enterprise Reporter Minimum permissions for installing Enterprise Reporter Port Requirements Firewall Requirements

Database Requirements

Configuring the Database and Security Groups

Installing and Configuring Enterprise Reporter

Installing Enterprise Reporter

Installing the Components

Installing and Configuring Individual Components

Installing and Configuring the Configuration Manager Installing and Configuring the Report Manager Installing and Configuring the Database Wizard Installing and Configuring the Log Viewer Installing and Configuring the Encryption Key Manager Creating a Database Prior to Enterprise Reporter Server Installation Installing and Configuring SSRS Installing and Configuring IT Security Search

Upgrading Enterprise Reporter

Preparing to Upgrade Enterprise Reporter Upgrading Enterprise Reporter Components Upgrading Enterprise Reporter Nodes Upgrading Manually-Configured Enterprise Reporter Nodes After Upgrading Enterprise Reporter

Licensing Enterprise Reporter

Activating or Updating Your License

Security Groups in Enterprise Reporter Role-Based Security in Enterprise Reporter Managing Your Database Using the Database Wizard

Using the Database Wizard to Create or Connect a Database Upgrading a Database Deleting a Database Changing the Security Mode Changing the Connection to the Enterprise Reporter Database Performing Database Maintenance

Managing Your Enterprise Reporter Deployment

Optimizing Enterprise Reporter Enterprise Reporter server and database considerations

Failover recovery using SQL clusters

Cluster Deployment Considerations

Consider the Data to Collect Before Deploying Nodes Fine Tune Each Cluster and Node Optimize Node Setup Plan Credential Use

Logged-In User Details Understanding Credentials Using Scenarios

Effectively Deploy Remote Nodes

Deploying a Node to a Trusted Domain

Optimize Data Transfer

Discovery Considerations

Divide Discovery Targets According to Cluster Structure Collect Only the Data Needed Plan Discovery and Reporting Schedules Optimize Nested Group Membership Collection Optimize Nested Group Membership Collection for Azure and Office 365 Discoveries

Discovery Permission Requirements

Detailed permissions for Enterprise Reporter discoveries Permissions for Enterprise Reporter discoveries on NAS devices Permissions for Enterprise Reporter tenant applications Minimum Permissions for Enterprise Reporter Discoveries IDG Managing Your Deployment.4.26.html

Troubleshooting Issues with Enterprise Reporter

Troubleshooting Installation Issues

Connecting to a SQL Server Issues with Multi-Domain Controller Environments

Problems Opening the Consoles Database Configuration Issues Troubleshooting connectivity issues

Restoring a connection to the Enterprise Reporter Server Restoring a connection to the Enterprise Reporter database Troubleshooting Connection Timeouts

Troubleshooting credential change failures Resolving Issues in the Configuration Manager

Node Deployment Issues Dealing with unassociated nodes Problems deleting a node Creating a Node Debug Log File

Data Collection Issues

Troubleshooting features in Enterprise Reporter

Exporting logs from the Configuration Manager Viewing information about your Enterprise Reporter configuration Viewing errors and statistics for tasks

Moving the Enterprise Reporter database Disaster Recovery

Backing up Enterprise Reporter Deploying Enterprise Reporter to another computer after a disaster Checking the Enterprise Reporter configuration after recovery

Appendix: Database Content Wizard

Software Requirements Starting and Configuring the Enterprise Reporter Database Content Wizard Transferring an Enterprise Reporter Database Backing Up an Enterprise Reporter Database Restoring an Enterprise Reporter Database Cleaning an Enterprise Reporter Database Merging Two Enterprise Reporter Databases Running Custom Enterprise Reporter Scripts PowerShell cmdlets

Requirements Database Content Wizard cmdlets Loading the Database Content Wizard cmdlet Backing Up An Enterprise Reporter Database Cleaning an Enterprise Reporter Database Merging Two Enterprise Reporter Databases Restoring an Enterprise Reporter Database Transferring an Enterprise Reporter Database

Appendix: Encryption Key Manager

Starting the Encryption Key Manager Generating a key file Importing a key file Exporting a key file Resetting credentials

Appendix: Log Viewer

Starting the Enterprise Reporter Log Viewer Finding and opening log files Viewing and searching log file entries Filtering log file entries

Permissions for Enterprise Reporter discoveries on NAS devices

The following table outlines the permissions required for Enterprise Reporter discoveries.

Table 31. Permissions required for Enterprise Reporter discoveries on NAS Devices
Discovery Type	Permissions Required for Discovery Credential
NetApp Cluster Mode	Multiple virtual machines belong to a single cluster. All of these virtual machines can be specified as discovery targets. These virtual machines must be part of a domain. The NAS configuration must point to the cluster (name or IP address) with credentials that have read access to the cluster. These would typically be administrator credentials.
NetApp 7 Mode	In NetApp 7 mode, data can be collected on the storage controller or vFilers that are derived from the storage controller. Credentials with read access to the controller and vFiler are required.
NetApp Storage Controller	In NetApp 7 mode, data can be collected on the storage controller or vFilers that are derived from the storage controller. Credentials with read access to the controller and vFiler are required.
NetApp Filer	The vFiler can be a discovery target. In this case, the NAS configuration must point to the storage controller from which the vFilers are derived and the credentials must have read access to the storage controller.
Dell Fluid FS	The discovery target can be any Fluid FS VM. The NAS configuration must be the machine name or IP where Dell Enterprise Manager is installed and credentials must have access to Dell Enterprise Manager.
EMC Isilon	The discovery target can be any Isilon virtual machine. The NAS configuration must be the machine or IP that hosts the OneFS administration site and the credentials must have read access to it. By default, the connection is established using https and, if the connection is not deemed to be secure, the discovery will fail.

Permissions for Enterprise Reporter tenant applications

Enterprise Reporter requires Azure applications for the collection of Azure and Office 365 objects and attributes. These applications must be registered in the Azure portal and consent must be granted for delegated permissions. To manage tenant applications used by Enterprise Reporter, you use the Configuration | Application Tenant Management option.

OneDrive Azure application permissions

For the OneDrive discovery, an application with a name that begins with “Quest Enterprise Reporter OneDrive Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter OneDrive Discovery application, the following delegated permissions are required:

•

Microsoft Graph: Read user files

•

Office 365 SharePoint Online: Read user files

•

Windows Azure Active Directory: Access the directory as signed-in user

•

Windows Azure Active Directory: Read directory data

•

Microsoft Graph: Have full control of all site collections

Azure Active Directory application permissions

For the Azure Active Directory discovery, the Exchange Online discovery, and the collection of group members for the OneDrive discovery, an application with a name that begins with “Quest Enterprise Reporter Azure Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Enterprise Reporter Azure discovery application, the following delegated permissions are required:

•

Microsoft Graph: Access directory as the signed in user

•

Microsoft Graph: Read all groups

•

Microsoft Graph: Read all users’ basic profiles

•

Microsoft Graph: Read all users’ full profiles

•

Microsoft Graph: Read directory data

•

Microsoft Graph: Read identity risky user information

•

Microsoft Graph: Read your organization’s security events

•

Microsoft Graph: Access the directory as signed-in user

•

Microsoft Graph: Read all groups

Azure Resource application permissions

For the Azure Resource discovery, an application with a name that begins with “Quest Enterprise Reporter Azure Resource Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Enterprise Reporter Azure Resource discovery application, the following delegated permissions are required:

•

Windows Azure Service Management API: Access Azure Service Management as organization users

•

Windows Azure Active Directory: Access the directory as signed-in user

•

Windows Graph: Read all users’ basic profiles

Microsoft Teams application permissions

For the Microsoft Teams discovery, an application with a name that begins with “Quest Enterprise Reporter Microsoft Teams Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter Microsoft Teams Discovery application, the following delegated permissions are required:

•

Microsoft Graph: Read all users’ basic profiles

•

Windows Azure Active Directory: Access the directory as signed-in user

•

Windows Azure Active Directory: Read all groups

SharePoint Online application permissions

For the SharePoint Online discovery, an application with a name that begins with “Quest Enterprise Reporter SharePoint Online Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter SharePoint Online Discovery application, the following delegated permissions are required:

•

Microsoft Graph: Have full control of all site collections

•

Microsoft Graph: Read directory data

Minimum Permissions for Enterprise Reporter Discoveries

The following table outlines the minimum permissions required for some of the cloud discoveries.

Table 32. Minimum Permissions for some of the cloud discoveries

Minimum Permissions Required for Discovery Credential

Azure Active Directory

An account with Global Reader or Global Admin role is required.

NOTE:

•

If you encounter errors, you may need to install PowerShell module for Azure Active Directory.

•

Accounts with Azure Active Directory Premium P2 license can collect all data.

An account with Reader (NOT Global Reader) or Global Admin role is required to collect all options selected in a discovery.

Exchange Online

An account with Global Reader (Azure), Security Reader, and Recipient Management roles collects all options in a discovery.

Global Reader collects all options except “Mailbox Delegates,” Global Reader and Security collect only “Mailbox Delegates,” and Global Admin collects all discovery options.

An account with an Office 365 license and access to folders being discovered is required to collect all options in a discovery.

IDG Managing Your Deployment.4.26.html

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center