Download Certificate Files

From the Settings menu in the OfficeExpert web interface you can directly start the download of the certificate files for the Windows Proxy server and the OfficeExpert simulation bots:
 
You will need these files for setting up the Windows Proxy and the simulation bots (see below).

Windows Proxy Setup

The OfficeExpert Windows Proxy server is responsible for the execution of PowerShell cmdlets. A Windows Proxy is required for the Azure Sync Simulation and for server monitoring.

Before you start the set up, please make sure that internet access is given during the installation and that all system requirements for the Windows Proxy server are met! (see Windows Proxy - Requirements).

To start the Setup Wizard, please execute the OEWinProxy.msi file on the Windows server:


Follow the steps in the Setup Wizard: Accept the terms in the License Agreement & enter your customer information:

 


Afterwards, please click on the Install button and on Finish when the installation is completed:


Please copy the previously download TLS files to the folder C:\Program Files\panagenda\WindowsProxy\as on this Windows Proxy. These files are required:

  • client.jaas.conf
  • kafka.client.keystore.jks
  • kafka.truststore.jks

Finally, please start the OfficeExpert Windows Service from the Windows Services panel (services.msc):


Log files can be found in the C:\ProgramData\panagenda\WindowsProxy\logs directory.

OfficeExpert Simulation Bot Setup

panagenda OfficeExpert simulation bots collect the required end-to-end analytics data.

 Before you start the setup, please assure that all system requirements for the simulation bots are met! (see Client Simulation Bots - Requirements).


Installation

There are two setup options for OfficeExpert simulation bots:

  1. Run the bot as console application
  2. Run the bot as Windows service

The advantage of the latter is that the correct user credentials are stored in the Windows service properties. As a result there is no need for the correct user to be logged in. So even if, for example, administrators perform upgrades on the simulation machines, the bot services stay up and running. After every machine restart they are launched automatically.

 LIMITATION: Running the OfficeExpert bot as Window service has (at the moment) the limitation that the Skype for Business Client Sensor will not work! Microsoft does not support this option.

General Setup:

  • Create the folder C:\ProgramData\panagenda\OfficeExpert
  • Unzip the OfficeExpert.zip file and copy both the OfficeExpert.exe and configuration.json to this OfficeExpert folder
  • Finally, please copy the previously download TLS keys to this folder. The following files are required:
    • ca-cert
    • mc.key
    • nc.pem


Run as Console Application:

Just execute OfficeExpert.exe.

Note that configuration.json has to be configured BEFORE you start OfficeExpert.exe. Please refer to "Configuration" on page 22.

Also note if you want to configure the simulation bot with modern authentication please refer to the following knowledge base article: Modern Authentication.


Run as Windows Service:
Run the following command to register the Windows Service (including username and password that is used for OS authentication):

  • C:\ProgramData\panagenda\OfficeExpert>OfficeExpert.exe install start username "<username>" -password "<password>" -sudo

  • To start the bot application, select "OfficeExpert sensor service" in the Windows Service Manager and click on the play button:


The Startup Type is set to Automatic so the simulation bot is started automatically after every reboot of the machine.


To verify your user credentials, right click on the OfficeExpert sensor service in the Windows Service Manager, select Properties and open the Log On tab:


Configuration

To configure the OfficeExpert simulation bots, some edits in the configuration.json file are necessary.


"header" Section

In the "header" section, the name of the simulation bot can be defined in the line "botnames". For example:

  • "botnames": \["OE-US Bot"\],


"BotInfo" Section

In the line "botNames", please add the same bot name as used in the "header" section! For example:

  • "botNames": \["OE-US Bot"\],


"CoreInfo" Section

In the "CoreInfo" section, information about your Office 365 tenant, your Azure Active Directory application, your OfficeExpert application, and your TLS passwords have to be provided. 

Enter the domain of your O365 tenant in the line "tenant". For example:

Specify your Azure Active Directory application ID in the line "appid" (see Azure AD Application for Bots - Requirements). For example:

  • "appid": "1ab23456-c7d8-9012-34e5-67f89012gh34",

Sub Section "kafkaConfig":

In the line "bootstrap.servers", please type in the FQDN of your OfficeExpert appliance (port 29092). For example:

  • "bootstrap.servers": "officeexpert.acme.com:29092",

Please enter your TSL password in the lines "sasl.password" and "ssl.key.password" (the password you defined while running the setup script in the OfficeExpert appliance, see Run Setup Script). For example:

  • "sasl.password": "Your:Pa5$W0rD",
  • "ssl.key.password": "Your:Pa5$W0rD"


Sub Section "zookeeperConfig":

In the line "servers", type in the FQDN of your OfficeExpert appliance (port 22181). For example:


"authentication" Section:
Running simulation bots requires that you provide certain authentication information. In the authentication section of the configuration.json you can choose between 4 different types of authentications.

  • Basic Authentication
  • ADFS / SSO Authentication
  • Modern Authentication
  • Certificate Based Authentication

Depending on which authentication mechanism you want to use, please configure the necessary subsection.


Basic Authentication:

Requires username and password:

 


ADFS/SSO & Modern & Certificate Based Authentication:

Only the username is required.

Make sure that the simulation bot meets all requirements. Please refer to Client Simulation Bots - Requirements.

Please adjust the lines "name" & "type" as follows:

  • ADFS/SSO: 
    "name": "sso", 
    "content": {
             "type": "sso",
  • Modern Authentication: 
    "name": "modern", 
    "content": {
             "type": "modern",
  • Certificate Based Authentication: 
    "name": "cba", 
    "content": {
             "type": "cba", 

Example screenshot for ADFS/SSO authentication:



Manage Simulation Bots in User Interface

When the installation and configuration of a simulation bot is done, it sends heartbeat messages to the OfficeExpert appliance. In order to open the Bot Configuration view, click on the Settings button in the OfficeExpert user interface and select Bots Settings. 

 
If the simulation bot is not listed in this view, please check its configuration and whether the bot's system requirements are met (see Client Simulation Bots - Requirements and Network and Firewall - Requirements).

In the Bots Settings view, OfficeExpert Sensors can be created and assigned to the simulation bots. 

 
When you are done with setting up your bots and Sensors, the Sensor configurations have to be deployed to the bots by hitting the deploy button:

Further details about bot and Sensor configuration can be found here: Simulation Bot.


Simulations

Azure Sync Simulations

When configured, it

  • accesses the local AD server
  • modifies the configured user object
  • accesses the AD Connect server to read the sync cycle information
  • accesses the Azure Cloud AD to check if the object was/was not synced

Click on the Create new Azure Sync Simulation and enter the following information:

  • Name: Please enter a unique name for the simulation
  • (Task Inactive: Tick this box if the simulation should NOT be active right after the creation)
  • Active Directory Server:
    • Hostname: Enter hostname (FQDN) of the local AD server (used for the Azure AD Connect server - see Connect Server below)
    • Remote PowerShell Port: Enter the remote PowerShell port (5985 or 5986 for SSL)
    • Profile: If an appropriate account profile is configured for these type of host, select it; for details on Profiles see Account Profiles.
    • Username / Password: Enter username and password if no Profile can be used
    • Verify the connection and credentials by clicking on Test Connection
    • Hostname: Enter hostname (FQDN) of the Azure AD Connect server
    • Remote PowerShell Port: Enter the remote PowerShell port (5985 or 5986 for SSL)
    • Profile: If an appropriate account profile is configured for these type of host, select it; for details on Profiles see Account Profiles.
    • Username / Password: Enter username and password if no Profile can be used
    • Verify the connection and credentials by clicking on Test Connection
  • User Profile for accessing Azure AD:
    • Profile: If an appropriate account profile is configured for these type of host, select it; for details on Profiles see Account Profiles.
    • Username / Password: Enter username and password if no Profile can be used
  • Task Settings:
    • AD Object (Email): Enter an email address (AD Userobject) which can be used for the simulation
    • Cycle Count Threshold: Specifying the number of cycles until the alert/notification should be triggered (alert has to be configured manually in the alert settings, see Alerting/Notification.

Click the Create button to save your settings.


Mail Flow Simulations

With OfficeExpert you can monitor the mail flow duration between two mail systems. For instance you can monitor how long it takes for an email from Office365 towards Google Cloud. 
Click on the Create new Mail Flow Simulation and enter the following information:

  • Name: Please enter a unique name for the simulation
  • (Task Inactive: Tick this box if the simulation should NOT be active right after the creation)
  • SMTP (Sender):
    • Mail Gateway: This is the starting point of the Mail Flow Simulation; it can be ANY SMTP Server!
    • Port: Specify the SMTP Port (25, 587, etc.)
    • Authentication enabled: Select this checkbox if authentication is necessary (with the sender Address)
    • StartTLS enabled: Tick this checkbox if StartTLS is involved
    • Sender Address: The email address which is used as a sender address (and optional for the authentication process)
    • Password: Enter the password of the sender address account for authentication
  • IMAP (Recipient):
    • Server: This is the endpoint of the Mail Flow Simulation; it can be ANY IMAP Server where the mailbox is IMAP enabled!
    • Port: Specify the SMTP Port (25, 587, etc.)
    • SSL enabled: Select this checkbox if SSL is used
    • Recipient Address: The email address which is used as recipient address
    • Password: Enter the password for the recipient address account
  • Task Settings:
    • Max. Number of Checks: Maximal number of checks against the recipient mailbox within the Mail Cycle Timeout period (see below)
    • Mail Cycle Timeout: Maximal period of a mail cycle for this simulation
    • Interval: Period until a new mail cycle starts


Mail Flow Simulation Example:

If your simulation is set up as shown on the screenshot, every 10 minutes a new mail cycle will start. The recipient mailbox will be checked every minute, which results from Mail Cycle Timeout divided by Max. Number of Checks). If a mail is NOT delivered within 5 Minutes (Mail Cycle Timeout) the Mail Flow simulation fails.


Server Monitoring Settings

Configuring these settings enables OfficeExpert to retrieve pre-configured Windows Services and Performance Counters from the following server types:

  • MS Exchange
  • MS SharePoint
  • Azure AD Connect Server
  • Active Directory Federation Services

Server monitoring requires a Windows proxy! Please refer to Windows Proxy - Requirements.

Please click on Settings > Server monitoring > Add new server and enter

  • the Hostname (FQDN)
  • the Remote PowerShell Port - usually 5985 or 5986
  • (if required Use SSL can be checked)
  • select the Server Type - multiple types can be selected
  • provide a Username and Password
    (or select a profile, if available - for details see Account Profiles).

You can test your settings using the Test Connection button. 

After saving the server it will appear in the list (activated per default):