• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• Unified Communications Analytics 8.6.1
• Unified Communications Analytics 8.6.1 - Deployment Guide

Unified Communications Analytics 8.6.1 - Deployment Guide

Table of Contents  

Prerequisites for your installation

Overview Supported environments

Supported browsers

Architecture

Information stored by the Storage Engine

Deployment options Hardware minimum requirements

Suggested hardware configurations for different size environments

Software prerequisites

Prerequisites for the UC Analytics services Web site prerequisites

Planning for deployment Determining where to install services What files should be excluded from anti-virus software? What files need to communicate through software firewalls? About UC Analytics configuration

Installing UC Analytics

Types of installations

Upgrading from 8.1 or later

Considerations before you install

About a pilot installation About a production installation

Accounts used during installation Performing a pilot installation Performing a production installation

Installing additional Storage Engine services after installation Installing additional collector roles

Activating the UC Analytics license Setting up the web site for HTTPS

Configuring UC Analytics

About administration settings How do I set a user to be a product administrator? Configuration process overview Modifying the initial target environment Adding multiple Active Directory forests Configuring UC Analytics for resource forests Adding a target environment for native Office 365 Setting the time period for retaining data Setting the start date for data collection Adding and configuring data sources

Recommendations for collecting from Office 365 When would I use the Delete Data option?

How often do collections update the data? Viewing the collection job status Forcing a data source collection to run now Renaming a data source Identifying your internal domains Classifying domains for message traffic Setting where data calculation for insights is performed Setting time zone usage for all users Granting full access to Admin Settings Granting users access to data Accessing the UC Analytics web site

Adding data sources for Active Directory or Azure Active Directory

Adding data sources for different target environments Permissions needed to collect Active Directory data Adding data sources for Active Directory / Office 365 (hybrid)

Creating an Domain Controller data source Creating a data source for Office 365 user subscription configuration

Adding data sources for native Office 365

Adding data sources, chargeback costs, and thresholds for Exchange and Exchange Online

Permissions needed to collect Exchange on-premises or hybrid data

Permissions needed for the Exchange Configuration data source Permissions needed for the Exchange Tracking Logs data source Permissions needed for Exchange Mailbox Contents, Exchange Mailbox Content Summary, or Exchange Calendar data sources Permissions needed for the Exchange IIS Logs (ActiveSync and OWA) data source Permissions needed for the Exchange Public Folders data source Permissions needed for the Exchange Online Hybrid User Configuration data source Permissions needed for the Exchange OnlineHybrid Mailbox Configuration data source Permissions needed for the Exchange OnlinePublic Folders data source Permissions needed for Exchange Online Mailbox Contents data Permissions needed for Exchange Online Mailbox Content Summary and Exchange Online Calendar data

Permissions needed to collect from native Exchange Online Creating an Exchange Configuration data source

Best practices for gathering performance Using dynamic distribution groups to select target mailboxes What types of mailboxes are excluded? Can I enter the Domain Users group as the target for the data collection? Troubleshooting the Exchange configuration collection

Creating an Exchange Tracking Logs data source Creating an Exchange Mailbox Contents data source

Tips for better performance for mailbox contents collection

Do I need both Exchange Tracking Logs and Exchange Mailbox Contents collections? Creating an Exchange IIS Logs data source Creating an Exchange Mailbox Content Summary data source Creating an Exchange Calendar data source Creating an Exchange Public Folders data source Adding Exchange Online hybrid data sources for hybrid Office 365

About AD synchronization methods for hybrid Exchange Online About PowerShell collection method options Creating an Exchange Online Hybrid User Configuration data source Creating an Exchange Online Hybrid Mailbox Configuration data source

Adding Exchange Online data sources for native Office 365

Creating an Exchange Online Native User Configuration data source Creating an Exchange Online Native Mailbox Configuration data source Creating an Exchange Online Mailbox Contents data source Creating an Exchange Online Mailbox Content Summary data source Creating an Exchange Online Calendar data source Creating an Exchange Online Public Folders data source

Setting chargeback costs for Exchange Setting thresholds for Exchange metrics Omitting words when filtering by subject or body

Adding data sources, chargeback costs, and thresholds for Skype for Business/Lync

Permissions needed to collect Skype for Business/Lync data

Permissions needed for Skype for Business/Lync configuration data source Permissions needed for Skype for Business/Lync CDR data source Permissions needed for Skype for Business/Lync QoE data source

Creating a data source for Skype for Business/Lync configuration Creating a data source for Skype for Business/Lync CDR Creating a data source for Skype for Business/Lync QoE Setting call classifications for Skype for Business/Lync Setting chargeback costs for Skype for Business/Lync Setting thresholds for Skype for Business/Lync metrics

Adding new threshold classifications

Adding data sources, chargeback, and thresholds for Cisco

Permissions needed to collect Cisco data

Permissions needed for the Cisco configuration data source Permissions needed for the Cisco CDR logs data source

Creating a data source for Cisco configuration Creating a data source for Cisco CDR logs Setting call classifications for Cisco Setting chargeback costs for Cisco Setting thresholds for Cisco metrics

Managing which insights can seen by users

Enabling a Company Home Page Setting insight visibility settings

Configuring and managing subscriptions

What are insight subscriptions? Configuring settings for subscriptions Managing user subscriptions

Making changes to your deployment

Options available in the Deployment Manager Changing the service account Deploying additional Storage Engines Deploying additional collectors Using the Tools menu for support activities Modifying the Data Query Availability job run Modifying collection days for IIS log and Exchange tracking log collections Changing default values for formatted .csv or .tsv file exports Changing the PowerShell wait time after transient errors Modifying timeout values for EWS collection jobs

Appendix A:Configuring Impersonation

Setting impersonation for Exchange 2013/2016/2019 Setting impersonation for Office 365

Appendix B:Configuring the Skype for Business or Lync Server

Configuring Lync Server 2010

1. Adding the SQL store for monitoring 2. Installing the Monitoring role 3. Enabling Call Detail Recording (CDR) 4. Starting the monitoring services

Configuring Lync Server 2013 or Skype for Business 2015/2019

1. Associating the store with the Front-End pool 2. Updating the Lync or Skype for Business Server 3. Enabling and configuring monitoring 4. Starting the monitoring services

Appendix C:Configuring IIS Log Files to capture ActiveSync or OWA events

Configuring IIS Logging on the Exchange CAS and Mailbox servers

Configuring IIS if Exchange is hosted on Windows 2003 Server Configuring IIS Logging if Exchange is hosted on Windows Server 2008 or later

What ActiveSync events are collected and displayed in the insights?

Appendix D:PowerShell cmdlets used by data sources

Exchange Configuration data source Exchange and Exchange Online Public Folders data sources Skype for Business/Lync Configuration data source Exchange Online Hybrid and Native User Configuration data sources Exchange Online Hybrid and Native Mailbox Configuration data sources Exchange Online Mailbox Contents data source Office 365 User Subscription Configuration data source

Appendix E:Custom configurations and backup and recovery options

Setting up a multi-forest environment with a one-way trust Firewall configuration: ports for data collection Backing up and restoring your data using scripts

Supported scenarios About the backup and restore batch files

Prerequisites

Step 1: Edit the backup.bat file parameters for your installation Step 2: Run the backup batch file Step 3: Edit the restore batch file Step 4a: Restore the storage data in an existing installation Step 4b: Restore the storage data to a new installation

Scheduling the backup batch file to run automatically Performing a manual backup of the storage folder before upgrade Moving your storage location Recommendations for disaster recovery Setting a custom title page for exported or subscription insights Changing the interval time before job status is purged Configuring remote PowerShell to use the required proxy settings Overriding PowerShell credential winnowing Registry settings that affect service shutdown and startup

Appendix F: Questions and answers about configuration

Introduction

How often do the data collections actually gather data and when do they run? When I view insights that show internal vs. external traffic, there is no data for internal traffic. Why? Why are my OWA insights not showing any data? Why did an insight show no data for a 30-day range though I initially set the data source to collect 30 days back? If I collect both Exchange Tracking Logs andExchange Mailbox Contents, are there duplicate items? If I collect message data only from the Exchange tracking logs, is the message Send Date and delivery time available? What are the differences between the ExchangeMailbox Contents and Exchange Tracking Logs data sources? Why do I get an error when collecting Exchangeconfiguration from multiple Exchange versions? Why do I have to specify domain name when doing a multi-forest collection? What insights are affected by the "Calculate insight data on server side" option?

• Viewing Topics 53 - 56 of 202

×

Granting users access to data

The Security settings allow you to grant users access to data that is displayed in the insights. You can grant access (aggregate or unrestricted) to the different types of collected data such as:

•	cross platform usage

•	Exchange mail client connectivity data (ActiveSync and OWA)

•	Exchange message, public folder, and calendar data

•	Exchange DLP data

•	Skype for Business/Lync usage data

•	Skype for Business/Lync QoE data

•	Cisco usage data

You can grant access to all users in all target environments or grant access to specific users in a specific target environment.

About target environments

If you have configured additional forests or an Office 365 target environment (for a native Office 365 deployment), when you click Add Users to grant access to a specific type of data, you must select the target environment (an Active Directory forest or an Office 365 site) for the users.

For the users who are being granted access:

•	You can grant aggregate access and/or unrestricted access.

•	You can grant access to all users in all target environments or grant access to specific users in a specific target environment.

When granting access to specific users, you can enter either an individual user or a distribution group. If you selected Office 365 as the target environment, it is not recommended that you enter a dynamic distribution group or a distribution group with a large number of members due to performance issues.

 

To grant data access to users

1	Click the gear icon on the home page side bar.

2	Click Security.

3	To grant access to a specific type of data, click Add Users in the section for that type of data.

 

TIP: When granting access to specific users, you can enter an individual user or a distribution group. If you selected Office 365 as the target environment, it is not recommended that you enter a dynamic distribution group or a distribution group with a large number of members due to performance issues.

4	Specify if the users have aggregate access or unrestricted access to each type of data.

For information about the differences between aggregate or unrestricted access to data, see Differences between aggregate and unrestricted access .

5	If you want to grant access to all users, select the Grant access to all users in all target environments check box.

- OR -

Enter a specific user (email address or SAM account name) or enter a distribution group for all the users to be granted access.

 

IMPORTANT: For deployments with multiple target environments, if you are specifying a specific user or distribution group, ensure that the displayed target environment is the environment for which the user or group has rights. If necessary, select the correct environment from the dropdown list.

6	Click Add.

7	Click Save.

Unlike a product administrator who has access to the configuration settings for all environments (tenants), a tenant administrator can only configure settings for a specific environment.

 

IMPORTANT: If you add an Active Directory (AD) user in email address format when the user that does not have an associated mailbox, the security access is not set. For example, if you grant unrestricted access to the AD user, the user would see the error "You do not have the required access rights to view the insight” when attempting to view an insight such as the Mailboxes - Inactive insight. Workaround You can add the user by entering the user SAM account name.

To grant access to specific types of data

Security settings allow you to grant users access to specific types of collected data. The types of data are grouped into separate categories which reflect the insights in which the data is shown.

By default, all aggregate access is granted to everyone for all types of data. For information about the difference between aggregate and unrestricted access to data, see Differences between aggregate and unrestricted access .

 

 

TIP: If you do not have access to a certain insight (appears dimmed in the insight library) and you want to know what type of access is required to see the insight, click the Launch Default button for the insight. A message is displayed that indicates what type of data access is required to view data in the insight.

Cross-Platform Data

For cross-platform data, you can grant the following access to the aggregated and unrestricted data:

 

Table 15. Types of access that can be granted for Cross-Platform data.

If I have this type of access	I can see
Aggregate	Summary (aggregate) information about the collected messages from Exchange and about the Skype for Business/Lync peer-to-peer sessions and conferences. This access does not include details about individual messages or about individual sessions and conferences.
Unrestricted	Unrestricted access to the details of all the messages that everyone has sent or received in all the targeted mailboxes, and details about all the sessions and conferences in which the targeted users participated. It is recommended that this access be granted only to select personnel.

Exchange Mail Client Connectivity (ActiveSync and OWA)

For Exchange mail client connectivity data, you can grant users access to information about how users are connecting to Exchange using ActiveSync and OWA. You can set aggregate or unrestricted access.

 

Table 16. Types of access that can be granted for Exchange Mail Client Connectivity (ActiveSync and OWA) Data.

If I have this type of access	I can see
Aggregate	Summary information about ActiveSync and OWA activity such as shown in the ActiveSync - Server Activity, ActiveSync - User Activity, Outlook on the Web (OWA) - Activity. or Outlook on the Web (OWA) vs. ActiveSync Unique Usage insights.
Unrestricted	Unrestricted grants access to detailed information about ActiveSync and OWA activity, such as shown in the Outlook on the Web (OWA) - Logon Details and the ActiveSync - Event Details insights. It is recommended that this access be granted only to select personnel.

What insights are affected by the Exchange Mail Client Connectivity security settings?

The Exchange Mail Client Connectivity security setting is used to grant access to all OWA insights and to ActiveSync insights that show ActiveSync event activity. These insights are as follows:

•	ActiveSync - Event Details

•	ActiveSync - Server Activity

•	ActiveSync - User Activity

•	Exchange ActiveSync / Servers / Server Activity

•	Exchange ActiveSync / Servers / Server Sync Times

•	Exchange ActiveSync / Users / Email Activity / Attachments

•	Exchange ActiveSync / Users / Top Email Senders and Receivers

•	Outlook on the Web (OWA) - Logon Details

•	Outlook on the Web (OWA) - Activity

•	Outlook on the Web (OWA) vs. ActiveSync Unique Usage

Not all ActiveSync insights are affected by the Exchange Mail Client Connectivity security settings. Security for some ActiveSync insights is set using the Exchange Message Data settings. For example, access to insights that show ActiveSync inventory or message data is granted using the Exchange Message Data settings. These insights are as follows:

•	Mobile Devices - Inactive

•	Mobile Devices - Inventory

•	Mobile Devices - Summary

•	Exchange ActiveSync / Devices / Active Devices

•	Exchange ActiveSync / Devices / Inactive Devices

•	Exchange ActiveSync / Devices / Inventory / Device Inventory

•	Exchange ActiveSync / Users / Email Activity / Departmental Summary

•	Exchange ActiveSync / Users / Email Activity / Summary

Exchange Data

For Exchange messaging, public folder, and calendar data, you can allow users to see only aggregated information or also the detailed data about the messages and other Exchange data.

 

Table 17. Types of access that can be granted for Exchange messaging and other Exchange data.

If I have this type of access	I can see
Aggregate	Summary (aggregate) information about the collected messages and public folder statistics. This access does not include details about individual messages or information that is considered “private”.
Unrestricted	Unrestricted access to the details of all messages sent or received in targeted mailboxes. Also includes the details for individual meetings that are scheduled in Outlook (Exchange meetings). It is recommended that this access be granted only to select personnel.

Exchange DLP Data

For Exchange DLP policy rule match data, you can provide separate access for users:

 

Table 18. Access that can be granted for Exchange DLP data.

If I have this type of access	I can see
Unrestricted	Unrestricted access to all the individual DLP policy rule matches. It is recommended that this access be granted only to select personnel.

Cisco Data

For Cisco usage data, you can provide separate access to users:

 

Table 19. Access that can be granted for Cisco data.

If I have this type of access	I can see
Aggregate	Summary (aggregate) information about Cisco usage data. This access does not include details about individual peer-to-peer sessions and conferences.
Unrestricted	Unrestricted access to all the detailed Cisco information for the individual peer-to-peer sessions and conferences. It is recommended that this access be granted only to select personnel.

Skype for Business/Lync Data

For Skype for Business/Lync configuration and Skype for Business/Lync session, enterprise voice, and conference data, there are different types of access that can be granted to users:

 

Table 20. Types of access that can be granted for Skype for Business/Lync data.

If I have this type of access	I can see
Aggregate	Summary (aggregate) information about Skype for Business/Lync sessions and conferences. This security access does not include details about individual sessions and conferences.
Unrestricted	Unrestricted access to the details of all the Skype for Business/Lync sessions and conferences in the data collected from the CDR database. It is recommended that this access be granted only to select personnel.

Skype for Business/Lync Quality of Experience (QoE) Data

For Skype for Business/Lync Quality of Experience (QoE) data, you can provide separate access to users:

 

Table 21. Access that can be granted for Skype for Business/Lync Quality of Experience (QoE) data.

If I have this type of access	I can see
Aggregate	Summary (aggregate) information about Skype for Business/Lync QoE data. This access does not include details about individual calls, sessions, and conferences.
Unrestricted	Unrestricted access to all the detailed QoE information for the individual calls, sessions, and conferences. It is recommended that this access be granted only to select personnel.

Differences between aggregate and unrestricted access

If you have aggregate access to data, you can view “public” information in insights. Public information is information that does not specifically identify both individuals in a messaging transaction or does not include “private” information such as message subject, file attachment name, or message ID. If you are collecting message body information, the message body is also considered private.

Other information is considered “sensitive” and may be available for aggregate access depending on the filters you have set in the insight. Sensitive information can include information such as: file attachment extensions, subject keywords, participants, send and received time of day, and importance.

Though you can view sensitive information with aggregate access, sensitive information is not available for specific individuals unless you have unrestricted access. Generally, with aggregate access, you can view insights that contain one sensitive item but not two or more sensitive items.

For example, if you have aggregate access to data, you can view insights that contain information to answer questions such as:

•	How many emails were sent and received by your organization and who are the top senders?

•	Which mail-enabled groups have not been active lately?

•	How many emails were sent with file attachments of specific extensions and how big were they?

However, you cannot view an insight that shows private information that answers questions such as:

•	What are the number of messages sent from one specific person to another specific person?

•	What is the size of a specific mailbox and its last logon date?

•	What are the number of messages from a department that contained a specific message subject? However, you can see the number of messages from a department that contain a specific subject keyword.

•	Which sent messages had a specific file attachment (such as “purchase.docx”)?

•	What are the details of each Exchange meeting that was scheduled (organizer, attendees, duration, subject, etc.)?

To see detailed and private information in insights, you must have a security access of Unrestricted for the type of data reported in the insight.

For information about hiding certain insights from users, or only showing certain insights to some users, see Setting insight visibility settings .

Accessing the UC Analytics web site

You access the insights through the UC Analytics home page at the following web site:

http://<ServerName>/Analytics/

 

NOTE: If UC Analytics is configured for a native Office 365 environment, you will be prompted for your credentials. You can specify either your Windows credentials or your Office 365 credentials, depending on how UC Analytics was configured to for user authentication. For more information, see Adding a target environment for native Office 365.

On the Welcome page, you have the option of either

•	viewing a set of recommended insights

•	accessing the insight library so you can select the insights you want

To view the list of all available insights, click the library icon . home page side bar.

Changing your formats for date, time, and digit separators

By default, the UC Analytics date and time formats are set to month/day/year (M/d/yyyy) and hour:minute:seconds am or pm (h:mm:ss tt) for each user. When displaying numeric values, UC Analytics uses a period (.) for decimal values and a comma (,) as digit separators for thousands.

Each user can modify these settings to match their locale. These settings are configured per user. An administrator cannot set these values for all users.

To modify format settings

1	On the UC Analytics web site, click your user name that is displayed in top right corner.

2	Select User Profile.

3	Beside the Date Format or Time Format field, click and select the format you want.

4	Enter the values you want for the Decimal Separator and the Thousand Separator fields.

5	Click Save.

Overriding the time zone offset

UC Analytics determines the time zone that is used for scheduling and insights from the regional settings of the computer that is running the user browser. You can override the time zone that is used through your user profile.

To override the time zone setting

1	On the UC Analytics web site, click your user name that is displayed in top right corner.

2	Select User Profile.

3	Click the Use Specific button in the Time zone section.

4	In the field below, enter the value for the specific time zone offset that you want. For example, you might enter -5 or +2.

5	Click Save.

These settings are configured per user. An administrator cannot set these values for all users.

Adding data sources for Active Directory or Azure Active Directory

•	Adding data sources for different target environments

•	Permissions needed to collect Active Directory data

•	Adding data sources for Active Directory / Office 365 (hybrid)

•	Creating an Domain Controller data source

•	Creating a data source for Office 365 user subscription configuration

•	Adding data sources for native Office 365

Adding data sources for different target environments

Depending on the target environment, you can add different data sources to collect information from either on-premise Active Directory or Azure Active Directory.

•	If you are collecting from on-premise Active Directory or a hybrid Office 365 deployment in an Active Directory Forest / Office 365 (hybrid) target environment, you can add the following data sources:

•	Domain Controller

•	Office 365 User Subscription Configuration

•	If you are collecting from a Azure Active Directory in an Office 365 (native) target environment, you can add the following data sources:

•	Office 365 User Subscription Configuration

For information about adding target environments, see Adding multiple Active Directory forests and Adding a target environment for native Office 365 .

•  Previous
• Viewing Topics 53 - 56 of 202
• Next 

Search this document Search all documents for this product-version Search all documents for this product Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center