立即与支持人员聊天
与支持团队交流

Foglight for Exchange 5.8.2 - Foglight for Office 365 Release Notes

Prerequisites

Prerequisites

The following prerequisite conditions must be in place in order to successfully initialize an Office 365 agent. Failure to meet these prerequisites may result in missing metrics in Foglight for Office 365 dashboards.

Important: All prerequisite steps must be completed on the ADFS server as well as the Active Directory® server because the Office365 agent collects information from the Active Directory server and requires access permissions.

Note: The Remote Access Diagnostics utility, provided with this cartridge, checks the connectivity between the Foglight Agent Manager (FglAM) and Active Directory and ADFS servers that are being monitored. It also tests for the prerequisite conditions that must be met in order to initialize an Office 365 agent. This utility requires .NET® 2.0 libraries to run. For more information on running the Remote Access Diagnostics utility, see the Remote Access Diagnostics User Guide.

Account privileges

Office 365 account privileges:

Note: Make sure to give minimum required privilege to your agent; otherwise this agent cannot start data collection.

ADFS account privileges:

  • ADFS server Local Administrator privilege (DCOM, WinRm)

Office 365® account privileges:

  • Global administrator when consent the application permission
  • Monitoring with the following privileges (Office 365 report):
    • Billing administrator
    • Password administrator
    • Service administrator
    • User management administrator
    • Exchange administrator

Note: The monitoring user for Office 365 can be a unlicensed user.

DCOM prerequisites for the ADFS server

  1. Enable the Distributed COM (DCOM) on the ADFS server:
    1. Click Start | Run.
    2. In the Run dialog, enter dcomcnfg and click OK.
    3. Expand Component Services and then Computers.
    4. Right-click the My Computer object and select Properties.
    5. On the Default Properties tab, check the Enable Distributed COM on this computer option.
      • Select "Default Authentication Level" as "Connect.
      • Select "Default Impersonation Level" as "Identify".
  2. The Remote Registry Service must be running on each ADFS server being monitored by Foglight for Office 365, to allow agents remote access to the registry.
  3. The ADFS account specified in the agent properties must have Full Control permissions on following registry keys:
    • HKEY_CLASSES_ROOT\CLSID 72C24DD5-D70A-438B-8A42-98424B88AFB8 (Windows Script Host Shell Object)
    • HKEY_CLASSES_ROOT\CLSID 76A64158-CB41-11d1-8B02-00600806D9B6 (WBEM Scripting Locator)
    • HKEY_CLASSES_ROOT\CLSID 0D43FE01-F093-11CF-8940-00A0C9054228 (Windows Script FileSystem Object)

      For a 64-bit OS, also grant the permissions for these two additional registry keys
    • HKEY_CLASSES_ROOT\Wow6432Node\CLSID 72C24DD5-D70A-438B-8A42-98424B88AFB8
    • HKEY_CLASSES_ROOT\Wow6432Node\CLSID 76A64158-CB41-11D1-8B02-00600806D9B6
    • HKEY_CLASSES_ROOT\Wow6432Node\CLSID 0D43FE01-F093-11CF-8940-00A0C9054228

      Note: For instructions on how to configure the registry keys, see the To grant permissions on the registry keys section.

 

To grant permissions on the registry keys:

  1. Log in to the ADFS server with an Administrator account that you are comfortable having ownership over these keys.
  2. Start the Windows Registry Editor (run regedit.exe).
  3. If asked to allow the Regedit program to make changes to the computer, click Yes.
  4. Navigate to the registry item: HKEY_CLASSES_ROOT\CLSID\{clsid} or HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{clsid}, as necessary.
  5. Right-click the registry key and select Permissions.
  6. Click Advanced.
  7. Open the Owner tab.
  8. In the Change Owner to box, select one of the following entries:
    • the user account that is used by the ADFS agent
    • the administrative group for the account you currently belong to
  9. Select the Replace the owner on subcontainers and objects check box.
  10. If the account is not listed, click Other user or groups to add the account.
  11. Click OK.
  12. Under Group or user names, select the account that will be specified in the agent properties. If the account is not listed, click Add to add the account.
  13. Under Permission for account, select the Allow Full Control check box and click OK.
  14. Close the Registry Editor.

SmbServerNameHardeningLevel in ADFS Server should be 0 (the default)

ADFS servers that have to be accessed by clients not supporting GSS authentication must have SmbServerNameHardeningLevel set to 0 (the default). For more information, see http://support.microsoft.com/kb/2345886.

Firewall settings for the ADFS Server

Rule #1: need local ports 135, 139, 389 (or 636) and 445 opened.

Rule #2: need "Dynamic RPC" local ports opened.

For more information, see the following article: https://support.quest.com/kb/SOL85903.

Configure Windows Remote Management (WinRM)

For details about this topic, refer to the "Configuring Windows Remote Management (WinRM)" section in the Foglight Agent Manager Guide.  

Kerberos settings for the Agent Manager

The Kerberos configuration file specifies the KDC from which tickets are obtained. Operating systems sometimes have their own Kerberos configuration files. If present, the Agent Manager uses them by default. They can be found in the following locations:

  •  Windows: %WINDIR%\krb5.ini which typically translates to C:\Windows\krb5.ini
  •  UNIX:
    /etc/krb5.conf
    Or:
    /etc/krb5/krb5.conf

If none of these files are found, the Agent Manager attempts to create its own kerberos configuration file, based on the detected settings. The detection can only be done on Windows, so on Unix, the file is not generated. On Unix platforms, you need to create your own Kerberos configuration files to establish WinRM connections using Negotiate authentication.

The krb5.ini or krb5.conf file should contain the realm info and hostname of the KDC for this realm. For example:

[libdefaults]
default_realm = <REALM_NAME_IN_CAPS>
[realms]
<REALM_NAME_IN_CAPS> = {
kdc = <fully_qualified_kdc_name>
}
[domain_realm]
.<domain_in_lower_case> = <REALM_NAME_IN_CAPS>

Agent must be able to reach the target host

Server objects do not appear until at least one piece of data has been collected and recorded. If communication fails completely, you will not see objects.

Configuration steps:

  1. Test Ping by IP. You must be able to ping the collection target from the FglAM hosting the agent instance. If ping by IP fails, there are routing issues.
  2. Test Ping by host name. A DNS server or Hosts file must be available to the FMS server in order to resolve names. If ping by host name fails, there are DNS or Hosts file issues.
  3. If a Hosts file is used, it should contain an entry for each domain where hosts reside. For example:
    10.10.10.100 domain.local
    10.10.10.200 childdomain.domain.local
  4. In addition, individual servers must resolve to the NetBIOS names and the FQDN. For example:
    10.10.10.101 server server.domain.local
    The Hosts file is located at %windir%\system\drivers\etc.

Additional descriptions for ADFS server host data

ADFS agents delegate Windows agents, VMware agents, or Hyper-V agents to collect host data.  ADFS agents collect host details to decide whether it is a VMware Virtual machine or a Hyper-V Virtual machine. By default, the host type is a physical machine.

  • For VMware virtual machine, agents delegate VMware agents to collect host data.

  • For Hyper-V virtual machine, agents delegate Hyper-V agents to collect host data.

  • For physical machine, agents delegate IC agents to collect host data.

 


Product licensing

Product licensing

Foglight includes a licensing capability that restricts access to those features that are defined in the license. Any Management Server installation requires a license that grants access to server-specific parts of the browser interface and the features associated with them. Foglight cartridges are also license-protected. While some cartridges are covered by the base Foglight license (such as Foglight Agent Manager cartridges and the Cartridge for Infrastructure), others may require an additional license. Foglight for Office 365 is covered by the Foglight Evolve Monitor, Operate, and Flex license.

To activate a trial or a purchased commercial license:

  1. On the navigation panel, under Dashboards, click Administration > Setup > Manage Licenses.
  2. Click Install.
  3. In the Install License dialog box, click Browse.
  4. In the file browser that appears, specify the location of the license file.
  5. In the Install License dialog box, click Install License.

 


Getting started with Foglight for Office 365

Getting started with Foglight for Office 365

Contents of the release package

The Foglight for Office 365 release package contains the following:

  1. Foglight for Office 365 version 5.8.2 files:
    • Office365Monitoring-5_8_2.car
  2. Product Documentation, including:
    • Foglight for Office 365 User Guide (PDF and online help)
    • Remote Access Diagnostics User Guide (PDF)

Installation instructions

Foglight for Office 365 can be installed as a stand-alone cartridge on a Foglight platform. In this configuration, all Office 365 metrics are collected as well as basic host metrics from both physical and virtual Office 365 Servers. Before installing the cartridge, ensure that your Foglight Management Server is properly installed and configured. For information on how to install and configure the Foglight Management Server, refer to the Foglight Installation and Setup Guide set.

 

Foglight for Office 365 can also be installed on a Foglight Evolve or a Foglight for Virtualization, Enterprise Edition platform. In this configuration, it is used to gain in-depth insight into the health of the virtual machine, the virtual host, and the virtual environment as a whole. Before installing the cartridge, ensure that Foglight Evolve or Foglight for Virtualization, Enterprise Edition is properly installed and configured. For information on how to install and configure Foglight Evolve or Foglight for Virtualization, Enterprise Edition, refer to the Foglight Installation and Setup Guide set.

Installation best practices

You can use one Foglight Agent Manager (FglAM) with the following settings to support 25 to 30 agent instances: 6 GB memory and 2 CPU.

It is recommended that you perform the following steps before you begin the installation procedure:

  1. If you do not have a Foglight for Office 365 cartridge, you can download it from our Support Portal at https://support.quest.com/.
    1. Before you download the product, you must register with Quest. If you are a registered Quest user, log on using your email address and password.
    2. Once you have registered or logged in, locate the product and version that you want to download from the product list.
    3. In the download window, click the link and save the file to an appropriate directory (for example, C:\temp).
  2. Verify that prerequisites are met as listed in the Upgrade and compatibility and System requirements sections of this document.

Installation and setup

Foglight for Office 365 is distributed as a .car file: Office365Monitoring-5_8_2.car.

To install Foglight for Office 365:

Use the Administration > Cartridges > Cartridge Inventory dashboard to install the Office365Monitoring-5_8_2.car cartridge.
For full installation instructions, refer to the topic "Installing Foglight cartridges" in the Foglight Administration and Configuration Help.

In order for Office 365 data to appear on the Foglight browser interface, once the cartridge has been successfully installed, you need to deploy the agent package, configure the agent properties, create and activate agents, and start the data collection. For detailed information about these procedures, refer to Foglight for Office 365 User Guide.

Additional resources

Additional information is available from the following:

Globalization

This section contains information about installing and operating this product in non-English configurations, such as those needed by customers outside of North America. This section does not replace the materials about supported platforms and configurations found elsewhere in the product documentation.

This release is Unicode-enabled and supports any Unicode character set. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Central and Eastern Europe, Far-East Asia, Japan. It supports bidirectional writing (Arabic and Hebrew). The release supports Complex Script (Central Asia – India, Thailand).

 


About Us

About Us

We are more than just a name

We are on a quest to make your information technology work harder for you. That is why we build community-driven software solutions that help you spend less time on IT administration and more time on business innovation. We help you modernize your data center, get you to the cloud quicker and provide the expertise, security and accessibility you need to grow your data-driven business. Combined with Quest’s invitation to the global community to be a part of its innovation, and our firm commitment to ensuring customer satisfaction, we continue to deliver solutions that have a real impact on our customers today and leave a legacy we are proud of. We are challenging the status quo by transforming into a new software company. And as your partner, we work tirelessly to make sure your information technology is designed for you and by you. This is our mission, and we are in this together. Welcome to a new Quest. You are invited to Join the Innovation™.

Our brand, our vision. Together.

Our logo reflects our story: innovation, community and support. An important part of this story begins with the letter Q. It is a perfect circle, representing our commitment to technological precision and strength. The space in the Q itself symbolizes our need to add the missing piece — you — to the community, to the new Quest.

Contacting Quest

For sales or other inquiries, visit http://quest.com/company/contact-us.aspx or call +1-949-754-8000.

Technical support resources

Technical support is available to Quest customers with a valid maintenance contract and customers who have trial versions. You can access the Quest Support Portal at https://support.quest.com.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. The Support Portal enables you to:

  • Submit and manage a Service Request.
  • View Knowledge Base articles.
  • Sign up for product notifications.
  • Download software and technical documentation.
  • View how-to-videos.
  • Engage in community discussions.
  • Chat with support engineers online.
  • View services to assist you with your product.

 


Copyright© 2020 Quest Software Inc.

Quest, the Quest logo, Foglight, and Join the Innovation are trademarks and registered trademarks of Quest Software Inc. in the U.S.A. and other countries. For a complete list of Quest Software trademarks, please visit our website at www.quest.com/legal. Red Hat, JBoss, the JBoss logo, and Red Hat Enterprise Linux are registered trademarks of Red Hat, Inc. in the U.S. and other countries. CentOS is a trademark of Red Hat, Inc. in the U.S. and other countries. Fedora and the Infinity design logo are trademarks of Red Hat, Inc. Microsoft, .NET, Active Directory, Internet Explorer, Hyper-V, Office 365, SharePoint, Silverlight,SQL Server, Visual Basic, Windows, Windows Vista and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. AIX, IBM, PowerPC, PowerVM, and WebSphere are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Java, Oracle, Oracle Solaris, PeopleSoft, Siebel, Sun, WebLogic, and ZFS are trademarks or registered trademarks of Oracle and/or its affiliates in the United States and other countries. SPARC is a registered trademark of SPARC International, Inc. in the United States and other countries. Products bearing the SPARC trademarks are based on an architecture developed by Oracle Corporation. OpenLDAP is a registered trademark of the OpenLDAP Foundation. HP is a registered trademark that belongs to HewlettPackard Development Company, L.P. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. MySQL is a registered trademark of MySQL AB in the United States, the European Union and other countries. Novell and eDirectory are registered trademarks of Novell, Inc., in the United States and other countries. VMware, ESX, ESXi, vSphere, vCenter, vMotion, and vCloud Director are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. Sybase is a registered trademark of Sybase, Inc. The X Window System and UNIX are registered trademarks of The Open Group. Mozilla and Firefox are registered trademarks of the Mozilla Foundation. IOS is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. Apple, iPad, iPhone, Mac OS, Safari, Swift, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. Ubuntu is a registered trademark of Canonical Ltd. Symantec and Veritas are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. OpenSUSE, SUSE, and YAST are registered trademarks of SUSE LCC in the United States and other countries. Citrix, AppFlow, NetScaler, XenApp, and XenDesktop are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. PostgreSQL is a registered trademark of the PostgreSQL Global Development Group. MariaDB is a trademark or registered trademark of MariaDB Corporation Ab in the European Union and United States of America and/or other countries. Intel, Itanium, Pentium, and Xeon are trademarks of Intel Corporation in the U.S. and/or other countries. Debian is a registered trademark of Software in the Public Interest, Inc. OpenStack is a trademark of the OpenStack Foundation. Amazon Web Services, the "Powered by Amazon Web Services" logo, and "Amazon RDS" are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries. Infobright, Infobright Community Edition and Infobright Enterprise Edition are trademarks of Infobright Inc. POLYCOM®, RealPresence® Collaboration Server, and RMX® are registered trademarks of Polycom, Inc. All other marks and names mentioned herein may be trademarks of their respective companies.

 

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级