• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• Unified Communications Analytics 8.8.1
• Unified Communications Analytics 8.8.1 - Deployment Guide

Unified Communications Analytics 8.8.1 - Deployment Guide

Table of Contents  

Prerequisites for your installation

Overview Supported environments

Supported browsers

Architecture

Information stored by the Storage Engine

Deployment options Hardware minimum requirements

Suggested hardware configurations for different size environments

Software prerequisites

Prerequisites for the UC Analytics services Web site prerequisites

Firewall configuration: ports for data collection Planning for deployment Determining where to install services What files need to communicate through software firewalls? What files should be excluded from anti-virus software? About UC Analytics configuration

Installing UC Analytics

Types of installations

Upgrading from 8.1 or later

Considerations before you install

About a pilot installation About a production installation

Accounts used during installation Performing a pilot installation Performing a production installation

Installing a second Storage Engine after installation Installing additional collector roles

Activating the UC Analytics license Setting up the web site for HTTPS

Configuring UC Analytics

About administration settings How do I set a user to be a product administrator? Configuration process overview Modifying the initial target environment Adding multiple Active Directory forests Configuring UC Analytics for resource forests Adding a target environment for native Office 365 Setting the time period for retaining data Setting the start date for data collection Adding and configuring data sources

Entering multiple values in a field Recommendations for collecting from Office 365

How often do collections update the data? Viewing the collection job status Forcing a data source collection to run now Renaming a data source

When would I use the Delete Data option?

Managing data sources through batch operations Managing credentials used by multiple data sources Identifying your internal domains Classifying domains for message traffic Setting where data calculation for insights is performed Excluding <none> values from insights Excluding today's data in insights Setting time zone usage for all users Granting full access to Admin Settings Granting users access to data Setting working hours for rooms Accessing the UC Analytics web site

Adding data sources for Active Directory or Azure Active Directory

Adding data sources for different target environments Permissions needed to collect Active Directory data Adding data sources for Active Directory / Office 365 (hybrid)

Creating an Domain Controller data source Creating a data source for Office 365 user subscription configuration

Adding data sources for native Office 365

Adding data sources, chargeback costs, and thresholds for Exchange and Exchange Online

Permissions needed to collect Exchange on-premises or hybrid data

Permissions needed for the Exchange Configuration data source Permissions needed for the Exchange Tracking Logs data source Permissions needed for Exchange Mailbox Contents, Exchange Mailbox Content Summary, or Exchange Calendar data sources Permissions needed for the Exchange IIS Logs (ActiveSync and OWA) data source Permissions needed for the Exchange Public Folders data source Permissions needed for the Exchange Online Hybrid User Configuration data source Permissions needed for the Exchange OnlineHybrid Mailbox Configuration data source Permissions needed for the Exchange OnlinePublic Folders data source Permissions needed for Exchange Online Mailbox Contents data Permissions needed for Exchange Online Mailbox Content Summary and Exchange Online Calendar data

Permissions needed to collect from native Exchange Online Creating an Exchange Configuration data source

Best practices for gathering performance Using dynamic distribution groups to select target mailboxes What types of mailboxes are excluded? Can I enter the Domain Users group as the target for the data collection? Troubleshooting the Exchange configuration collection

Creating an Exchange Tracking Logs data source Creating an Exchange Mailbox Contents data source

Tips for better performance for mailbox contents collection

Do I need both Exchange Tracking Logs and Exchange Mailbox Contents collections? Creating an Exchange IIS Logs data source Creating an Exchange Mailbox Content Summary data source Creating an Exchange Calendar data source Creating an Exchange Public Folders data source Adding Exchange Online hybrid data sources for hybrid Office 365

About AD synchronization methods for hybrid Exchange Online About PowerShell collection method options Creating an Exchange Online Hybrid User Configuration data source Creating an Exchange Online Hybrid Mailbox Configuration data source

Adding Exchange Online data sources for native Office 365

Creating an Exchange Online Native User Configuration data source Creating an Exchange Online Native Mailbox Configuration data source Creating an Exchange Online Mailbox Contents data source Creating an Exchange Online Mailbox Content Summary data source Creating an Exchange Online Calendar data source Creating an Exchange Online Public Folders data source

Setting chargeback costs for Exchange Setting thresholds for Exchange metrics Omitting words when filtering by subject or body

Adding data sources, chargeback costs, and thresholds for Skype for Business/Lync

Permissions needed to collect Skype for Business/Lync data

Permissions needed for Skype for Business/Lync configuration data source Permissions needed for Skype for Business/Lync CDR data source Permissions needed for Skype for Business/Lync QoE data source

Creating a data source for Skype for Business/Lync configuration Creating a data source for Skype for Business/Lync CDR Database Creating a data source for Skype for Business/Lync QoE Database Setting call classifications for Skype for Business/Lync Setting chargeback costs for Skype for Business/Lync Setting thresholds for Skype for Business/Lync metrics

Adding new threshold classifications

Adding data sources, chargeback, and thresholds for Cisco

Permissions needed to collect Cisco data

Permissions needed for the Cisco configuration data source Permissions needed for the Cisco CDR logs data source

Creating a data source for Cisco configuration Creating a data source for Cisco CDR logs Setting call classifications for Cisco Setting chargeback costs for Cisco Setting thresholds for Cisco metrics

Managing which insights can seen by users

Enabling a Company Home Page Setting insight visibility settings

Configuring and managing subscriptions

What are insight subscriptions? Configuring settings for subscriptions Managing user subscriptions

Making changes to your deployment

Options available in the Deployment Manager Changing the service account Deploying a second Storage Engine Deploying additional collectors Using the Tools menu for support activities

Appendix A:Configuring Exchange and Office 365

Overview Setting impersonation for Exchange 2013/2016/2019 Configuring impersonation for Office 365 Registering UC Analytics with the Microsoft Azure portal Installing the Exchange Online PowerShell module Setting up a multi-forest environment with a one-way trust

Appendix B:Configuring the Skype for Business or Lync Server

Configuring Lync Server 2010

1. Adding the SQL store for monitoring 2. Installing the Monitoring role 3. Enabling Call Detail Recording (CDR) 4. Starting the monitoring services

Configuring Lync Server 2013 or Skype for Business 2015/2019

1. Associating the store with the Front-End pool 2. Updating the Lync or Skype for Business Server 3. Enabling and configuring monitoring 4. Starting the monitoring services

Appendix C:Configuring IIS Log Files to capture ActiveSync or OWA events

Configuring IIS Logging on the Exchange CAS and Mailbox servers

Configuring IIS if Exchange is hosted on Windows 2003 Server Configuring IIS Logging if Exchange is hosted on Windows Server 2008 or later

What ActiveSync events are collected and displayed in the insights?

Appendix D:PowerShell cmdlets used by data sources

Exchange Configuration data source Exchange and Exchange Online Public Folders data sources Skype for Business/Lync Configuration data source Exchange Online Hybrid and Native User Configuration data sources Exchange Online Hybrid and Native Mailbox Configuration data sources Exchange Online Mailbox Contents data source Office 365 User Subscription Configuration data source

Appendix E:Backup and recovery options

Backing up and restoring your data using scripts

Supported scenarios About the backup and restore batch files

Prerequisites

Step 1: Edit the backup.bat file parameters for your installation Step 2: Run the backup batch file Step 3: Edit the restore batch file Step 4a: Restore the storage data in an existing installation Step 4b: Restore the storage data to a new installation

Scheduling the backup batch file to run automatically Performing a manual backup of the storage folder before upgrade Moving your storage location Recommendations for disaster recovery

Appendix F:Custom configurations

Setting LDAP connections to use LDAPS (LDAP over SSL) Modifying the Data Query Availability job run Modifying collection days for data collections from log files Changing initial collection days for Exchange (Online) Mailbox Contents data sources Changing default values for formatted .csv or .tsv file exports Excluding insight date range and filters from subscription emails Changing the PowerShell wait time after transient errors Changing the PowerShell reconnect interval for Exchange Online Mailbox Configuration jobs Modifying timeout values for EWS collection jobs Setting a custom title page for exported or subscription insights Changing the interval time before job status is purged Configuring remote PowerShell to use the required proxy settings Overriding PowerShell credential winnowing Registry settings that affect service shutdown and startup

Appendix G: Questions and answers about UC Analytics

Introduction

How often do the data collections actually gather data and when do they run? When I view insights that show internal vs. external traffic, there is no data for internal traffic. Why? Why are my OWA insights not showing any data? Why did an insight show no data for a 30-day range though I initially set the data source to collect 30 days back? If I collect both Exchange Tracking Logs andExchange Mailbox Contents, are there duplicate items? If I collect message data only from the Exchange tracking logs, is the message Send Date and delivery time available? What are the differences between the ExchangeMailbox Contents and Exchange Tracking Logs data sources? Why do I get an error when collecting Exchangeconfiguration from multiple Exchange versions? Why do I have to specify domain name when doing a multi-forest collection? What insights are affected by the "Calculate insight data on server side" option?

• Viewing Topics 57 - 60 of 216

×

Setting time zone usage for all users

By default, UC Analytics uses the time zone set in each user profile when displaying data in the insights. Typically, the default is the time zone set for the computer operating system though, in the user profile, a user can set an individual time zone.

In the Queries tile under Admin Settings, you can specify a time zone setting that is used globally for all users. If a specific UTC time zone is set globally for all users, the individual time zone setting for each user profile is disabled.

To set a global time zone setting

1	Click the gear icon on the home page side bar.

2	Click Queries.

3	Under Time Zone, select For all users and select one of the following options.

•	Use time zone of the user's computer.

•	Use time zone of the user's computer without daylight saving time adjustment.

•	Use a specific UTC time zone (minimum -12; maximum +14). For example, you could enter -4.5.

To avoid fluctuations in historical data in insights that show continuous data such as Email Activity and Email Details, after daylight saving time starts or ends, you can set the time zone without daylight saving time adjustment.

For example, while daylight saving time is in effect, the Email Activity insight shows daily counts for midnight to midnight, daylight saving time. When daylight saving time ends, the Email Activity insight shows daily counts for midnight to midnight, standard time. If you set the time zone without the daylight saving time adjustment, the data will be presented using the same standard time midnight day boundaries, regardless of whether daylight saving time is currently in effect or not.

For large organizations that have users that span several time zones, you could use the specific time zone setting to force all user data to be displayed using the same time zone. For example, to keep data consistent, you could set the time zone to UTC +0. This will also turn off daylight saving time adjustment and result in data presented with the same midnight day boundaries for every user.

Granting full access to Admin Settings

In the Security settings, under the Access to Tenant Configuration heading, you can add a user to grant the account full access to the Admin Settings that are used to configure UC Analytics. This user is a product administrator. However, this option only grants access to the Admin Settings used to configure UC Analytics and does not grant access to the collected data.

For product administrator to have access to the collected data in insights, both aggregate and unrestricted, you must also grant the account access for each type of data. For information see Granting users access to data .

To add user as a product administrator

1	Click the gear icon on the home page side bar.

2	Click Security.

3	Under the Access to Tenant Configuration section, click Add Users.

4	Leave the Grant access to all users in all target environments check box empty.

5	Select the target environment.

6	Enter a specific user (email address or SAM account name) to be granted full access to the Admin Settings.

7	Click Add. and click Save.

Adding a tenant administrator

If you have a multiple tenant implementation, you might want to create a tenant administrator who would only have access to the configuration settings for a specific environment (tenant).

To set up an account as a tenant administrator

1	Click the gear icon on the home page side bar.

2	Click Security.

3	Under the Access to Tenant Configuration section, click Add Users.

4	Leave the Grant access to all users in all target environments check box empty.

5	Select the target environment for the tenant.

6	Enter a specific user (email address or SAM account name) or enter a distribution group for all the users to be granted access.

7	Click Add.and click Save.

Granting users access to data

The Security settings allow you to grant users access to data that is displayed in the insights. You can grant access (aggregate or unrestricted) to the different types of collected data such as:

•	cross platform usage

•	Exchange mail client connectivity data (ActiveSync and OWA)

•	Exchange message, public folder, and calendar data

•	Exchange DLP data

•	Skype for Business/Lync usage data

•	Skype for Business/Lync QoE data

•	Cisco usage data

You can grant access to all users in all target environments or grant access to specific users in a specific target environment.

NOTE: The user account must be enabled. In a scenario in which you have an account forest and a resource forest, you must use the user account that is enabled in the account forest instead of the disabled (stand-in) account in the resource forest. For details, see “Setting up a multi-forest environment with a one-way trust”.

About target environments

If you have configured additional forests or an Office 365 target environment (for a native Office 365 deployment), when you click Add Users to grant access to a specific type of data, you must select the target environment (an Active Directory forest or an Office 365 site) for the users.

For the users who are being granted access:

•	You can grant aggregate access and/or unrestricted access.

•	You can grant access to all users in all target environments or grant access to specific users in a specific target environment.

NOTE: When granting access to specific users, you can enter either an individual user or a distribution group. If you selected Office 365 as the target environment, it is not recommended that you enter a dynamic distribution group or a distribution group with a large number of members due to performance issues.

 

To grant data access to users

1	Click the gear icon on the home page side bar.

2	Click Security.

3	To grant access to a specific type of data, click Add Users in the section for that type of data.

 

TIP: When granting access to specific users, you can enter an individual user or a distribution group. If you selected Office 365 as the target environment, it is not recommended that you enter a dynamic distribution group or a distribution group with a large number of members due to performance issues.

4	Specify if the users have aggregate access or unrestricted access to each type of data.

For information about the differences between aggregate or unrestricted access to data, see Differences between aggregate and unrestricted access .

5	If you want to grant access to all users, select the Grant access to all users in all target environments check box.

- OR -

Enter a specific user (email address or SAM account name) or enter a distribution group for all the users to be granted access.

 

IMPORTANT: For deployments with multiple target environments, if you are specifying a specific user or distribution group, ensure that the displayed target environment is the environment for which the user or group has rights. If necessary, select the correct environment from the dropdown list.

6	Click Add.

7	Click Save.

Unlike a product administrator who has access to the configuration settings for all environments (tenants), a tenant administrator can only configure settings for a specific environment.

 

IMPORTANT: If you add an Active Directory (AD) user in email address format when the user that does not have an associated mailbox, the security access is not set. For example, if you grant unrestricted access to the AD user, the user would see the error "You do not have the required access rights to view the insight” when attempting to view an insight such as the Mailboxes - Inactive insight. Workaround You can add the user by entering the user SAM account name.

To grant access to specific types of data

Security settings allow you to grant users access to specific types of collected data. The types of data are grouped into separate categories which reflect the insights in which the data is shown.

By default, all aggregate access is granted to everyone for all types of data. For information about the difference between aggregate and unrestricted access to data, see Differences between aggregate and unrestricted access .

 

 

TIP: If you do not have access to a certain insight (appears dimmed in the insight library) and you want to know what type of access is required to see the insight, click the Launch Default button for the insight. A message is displayed that indicates what type of data access is required to view data in the insight.

Cross-Platform Data

For cross-platform data, you can grant the following access to the aggregated and unrestricted data:

 

Table 16. Types of access that can be granted for Cross-Platform data.

If I have this type of access	I can see
Aggregate	Summary (aggregate) information about the collected messages from Exchange and about the Skype for Business/Lync peer-to-peer sessions and conferences. This access does not include details about individual messages or about individual sessions and conferences.
Unrestricted	Unrestricted access to the details of all the messages that everyone has sent or received in all the targeted mailboxes, and details about all the sessions and conferences in which the targeted users participated. It is recommended that this access be granted only to select personnel.

Exchange Mail Client Connectivity (ActiveSync and OWA)

For Exchange mail client connectivity data, you can grant users access to information about how users are connecting to Exchange using ActiveSync and OWA. You can set aggregate or unrestricted access.

 

Table 17. Types of access that can be granted for Exchange Mail Client Connectivity (ActiveSync and OWA) Data.

If I have this type of access	I can see
Aggregate	Summary information about ActiveSync and OWA activity such as shown in the ActiveSync - Server Activity, ActiveSync - User Activity, Outlook on the Web (OWA) - Activity. or Outlook on the Web (OWA) vs. ActiveSync Unique Usage insights.
Unrestricted	Unrestricted grants access to detailed information about ActiveSync and OWA activity, such as shown in the Outlook on the Web (OWA) - Logon Details and the ActiveSync - Event Details insights. It is recommended that this access be granted only to select personnel.

What insights are affected by the Exchange Mail Client Connectivity security settings?

The Exchange Mail Client Connectivity security setting is used to grant access to all OWA insights and to ActiveSync insights that show ActiveSync event activity. These insights are as follows:

•	ActiveSync - Event Details

•	ActiveSync - Server Activity

•	ActiveSync - User Activity

•	Exchange ActiveSync / Servers / Server Activity

•	Exchange ActiveSync / Servers / Server Sync Times

•	Exchange ActiveSync / Users / Email Activity / Attachments

•	Exchange ActiveSync / Users / Top Email Senders and Receivers

•	Outlook on the Web (OWA) - Logon Details

•	Outlook on the Web (OWA) - Activity

•	Outlook on the Web (OWA) vs. ActiveSync Unique Usage

Not all ActiveSync insights are affected by the Exchange Mail Client Connectivity security settings. Security for some ActiveSync insights is set using the Exchange Message Data settings. For example, access to insights that show ActiveSync inventory or message data is granted using the Exchange Message Data settings. These insights are as follows:

•	Mobile Devices - Inactive

•	Mobile Devices - Inventory

•	Mobile Devices - Summary

•	Exchange ActiveSync / Devices / Active Devices

•	Exchange ActiveSync / Devices / Inactive Devices

•	Exchange ActiveSync / Devices / Inventory / Device Inventory

•	Exchange ActiveSync / Users / Email Activity / Departmental Summary

•	Exchange ActiveSync / Users / Email Activity / Summary

Exchange Data

For Exchange messaging, public folder, and calendar data, you can allow users to see only aggregated information or also the detailed data about the messages and other Exchange data.

 

Table 18. Types of access that can be granted for Exchange messaging and other Exchange data.

If I have this type of access	I can see
Aggregate	Summary (aggregate) information about the collected messages and public folder statistics. This access does not include details about individual messages or information that is considered “private”.
Unrestricted	Unrestricted access to the details of all messages sent or received in targeted mailboxes. Also includes the details for individual meetings that are scheduled in Outlook (Exchange meetings). It is recommended that this access be granted only to select personnel.

Exchange DLP Data

For Exchange DLP policy rule match data, you can provide separate access for users:

 

Table 19. Access that can be granted for Exchange DLP data.

If I have this type of access	I can see
Unrestricted	Unrestricted access to all the individual DLP policy rule matches. It is recommended that this access be granted only to select personnel.

Cisco Data

For Cisco usage data, you can provide separate access to users:

 

Table 20. Access that can be granted for Cisco data.

If I have this type of access	I can see
Aggregate	Summary (aggregate) information about Cisco usage data. This access does not include details about individual peer-to-peer sessions and conferences.
Unrestricted	Unrestricted access to all the detailed Cisco information for the individual peer-to-peer sessions and conferences. It is recommended that this access be granted only to select personnel.

Skype for Business/Lync Data

For Skype for Business/Lync configuration and Skype for Business/Lync session, enterprise voice, and conference data, there are different types of access that can be granted to users:

 

Table 21. Types of access that can be granted for Skype for Business/Lync data.

If I have this type of access	I can see
Aggregate	Summary (aggregate) information about Skype for Business/Lync sessions and conferences. This security access does not include details about individual sessions and conferences.
Unrestricted	Unrestricted access to the details of all the Skype for Business/Lync sessions and conferences in the data collected from the CDR database. It is recommended that this access be granted only to select personnel.

Skype for Business/Lync Quality of Experience (QoE) Data

For Skype for Business/Lync Quality of Experience (QoE) data, you can provide separate access to users:

 

Table 22. Access that can be granted for Skype for Business/Lync Quality of Experience (QoE) data.

If I have this type of access	I can see
Aggregate	Summary (aggregate) information about Skype for Business/Lync QoE data. This access does not include details about individual calls, sessions, and conferences.
Unrestricted	Unrestricted access to all the detailed QoE information for the individual calls, sessions, and conferences. It is recommended that this access be granted only to select personnel.

Differences between aggregate and unrestricted access

If you have aggregate access to data, you can view “public” information in insights. Public information is information that does not specifically identify both individuals in a messaging transaction or does not include “private” information such as message subject, file attachment name, or message ID. If you are collecting message body information, the message body is also considered private.

Other information is considered “sensitive” and may be available for aggregate access depending on the filters you have set in the insight. Sensitive information can include information such as: file attachment extensions, subject keywords, participants, send and received time of day, and importance.

Though you can view sensitive information with aggregate access, sensitive information is not available for specific individuals unless you have unrestricted access. Generally, with aggregate access, you can view insights that contain one sensitive item but not two or more sensitive items.

For example, if you have aggregate access to data, you can view insights that contain information to answer questions such as:

•	How many emails were sent and received by your organization and who are the top senders?

•	Which mail-enabled groups have not been active lately?

•	How many emails were sent with file attachments of specific extensions and how big were they?

However, you cannot view an insight that shows private information that answers questions such as:

•	What are the number of messages sent from one specific person to another specific person?

•	What is the size of a specific mailbox and its last logon date?

•	What are the number of messages from a department that contained a specific message subject? However, you can see the number of messages from a department that contain a specific subject keyword.

•	Which sent messages had a specific file attachment (such as “purchase.docx”)?

•	What are the details of each Exchange meeting that was scheduled (organizer, attendees, duration, subject, etc.)?

To see detailed and private information in insights, you must have a security access of Unrestricted for the type of data reported in the insight.

For information about hiding certain insights from users, or only showing certain insights to some users, see Setting insight visibility settings .

Setting working hours for rooms

If you plan to use insights that show room usage for Exchange meetings such as the Exchange Meetings - Room Usage, you should specify the working hours for rooms.

To set the working hours for Exchange meeting rooms

1	Click the gear icon on the home page side bar.

2	Click Room Working Hours.

3	Ensure that Enable room working hours is selected.

4	Select the days of the week for the work week.

5	Select the start and end time for the work day.

6	Enter the offset for your time zone.

•  Previous
• Viewing Topics 57 - 60 of 216
• Next 

Search this document Search all documents for this product-version Search all documents for this product Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center