Download Certificate Files

From the Settings menu in the OfficeExpert web interface, you can directly start the download of the certificate files for the Windows Proxy server and the OfficeExpert simulation bots:
 
You will need these files for setting up the Windows Proxy and the simulation bots (see below).

Windows Proxy Setup

The OfficeExpert Windows Proxy server is responsible for the execution of PowerShell cmdlets. A Windows Proxy is required for the Azure Sync Simulation and for server monitoring.

Before you start the setup, make sure that internet access is given during the installation and that all system requirements for the Windows Proxy server are met! (see Windows Proxy - Requirements).

To start the Setup Wizard, on the Windows server, execute the OEWinProxy.msi file.


Follow the steps in the Setup Wizard: accept the terms in the License Agreement & enter your customer information:

 


Afterwards, click on Install and on Finish when the installation is completed:


Please copy the previously download TLS files to the folder C:\Program Files\panagenda\WindowsProxy\as on this Windows Proxy. These files are required:

  • client.jaas.conf
  • kafka.client.keystore.jks
  • kafka.truststore.jks

Finally, start the OfficeExpert Windows Service from the Windows Services panel (services.msc):


You can find the log files in the C:\ProgramData\panagenda\WindowsProxy\logs directory.

OfficeExpert Simulation Bot Setup

panagenda OfficeExpert simulation bots collect the required end-to-end analytics data.

 Before you start the setup, make sure all system requirements for the simulation bots are met. (see Client Simulation Bots - Requirements).

Installation

There are two setup options for OfficeExpert simulation bots:

  1. Run the bot as console application
  2. Run the bot as Windows service

The advantage of the latter is that the correct user credentials are stored in the Windows service properties. As a result, there is no need for the correct user to be logged in. So even if, for example, administrators perform upgrades on the simulation machines, the bot services stay up and running. After every machine restart they are launched automatically.

 Running the OfficeExpert bot as Window service has (at the moment) the limitation that the Skype for Business Client Sensor will not work. Microsoft does not support this option.

General Setup:

  • Create the folder C:\ProgramData\panagenda\OfficeExpert
  • Unzip the OfficeExpert.zip file and copy both the OfficeExpert.exe and configuration.json to this OfficeExpert folder
  • Finally, copy the previously download TLS keys to this folder. The following files are required:
    • ca-cert
    • mc.key
    • nc.pem


Run as Console Application:

Execute OfficeExpert.exe.

Note that configuration.json has to be configured BEFORE you start OfficeExpert.exe. Please refer to "Configuration" on page 22.

Also note if you want to configure the simulation bot with modern authentication, refer to the following knowledge base article: Modern Authentication.


Run as Windows Service:
Run the following command to register the Windows Service (including username and password that is used for OS authentication):

  • C:\ProgramData\panagenda\OfficeExpert>OfficeExpert.exe install start username "<username>" -password "<password>" -sudo

  • To start the bot application, in the Windows Service Manager, select "OfficeExpert sensor service" and click on the play button:


The startup type is set to Automatic so the simulation bot is started automatically after every reboot of the machine.


To verify your user credentials, right-click on the OfficeExpert sensor service in the Windows Service Manager, select Properties and open the Log On tab:

Configuration

To configure the OfficeExpert simulation bots, some edits in the configuration.json file are necessary.


"header" Section

In the "header" section, the name of the simulation bot can be defined in the line "botnames". For example:

  • "botnames": \["OE-US Bot"\],


"BotInfo" Section

In the line "botNames", please add the same bot name as used in the "header" section! For example:

  • "botNames": \["OE-US Bot"\],


"CoreInfo" Section

In the "CoreInfo" section, you need to provide the information about your Office 365 tenant, your Azure Active Directory application, your OfficeExpert application, and your TLS passwords. 

Enter the domain of your O365 tenant in the line "tenant". For example:

Specify your Azure Active Directory application ID in the line "appid" (see Azure AD Application for Bots - Requirements). For example:

  • "appid": "1ab23456-c7d8-9012-34e5-67f89012gh34",

Subsection "kafkaConfig":

In the line "bootstrap.servers", type in the FQDN of your OfficeExpert appliance (port 29092). For example:

  • "bootstrap.servers": "officeexpert.acme.com:29092",

In the lines "sasl.password" and "ssl.key.password", enter your TSL password (the password you defined while running the setup script in the OfficeExpert appliance, see Run Setup Script). For example:

  • "sasl.password": "Your:Pa5$W0rD",
  • "ssl.key.password": "Your:Pa5$W0rD"


Subsection "zookeeperConfig":

In the line "servers", type in the FQDN of your OfficeExpert appliance (port 22181). For example:


"authentication" Section:
Running simulation bots requires that you provide some authentication information. In the authentication section of the configuration.json, you can choose between four different authentication types.

  • Basic Authentication
  • ADFS / SSO Authentication
  • Modern Authentication
  • Certificate-Based Authentication

Depending on which authentication mechanism you want to use, please configure the necessary subsection.


Basic Authentication:

Requires username and password:

 


ADFS/SSO & Modern & Certificate Based Authentication:

Only the username is required.

Make sure the simulation bot meets all requirements. Please refer to Client Simulation Bots - Requirements.

Please adjust the lines "name" & "type" as follows:

  • ADFS/SSO: 
    "name": "sso", 
    "content": {
             "type": "sso",
  • Modern Authentication: 
    "name": "modern", 
    "content": {
             "type": "modern",
  • Certificate-Based Authentication: 
    "name": "cba", 
    "content": {
             "type": "cba", 

Example screenshot for ADFS/SSO authentication:


Manage Simulation Bots in User Interface

When the installation and configuration of a simulation bot is finished, it sends heartbeat messages to the OfficeExpert appliance. To open the Bot Configuration view, click on the Settings button in the OfficeExpert user interface and select Bots Settings. 

 
If the simulation bot is not listed in this view, check its configuration and whether the bot's system requirements are met (see Client Simulation Bots - Requirements and Network and Firewall - Requirements).

In the Bots Settings view, you can create and assign OfficeExpert Sensors to the simulation bots. 

 
When you are done with setting up your bots and sensors, the Sensor configurations have to be deployed to the bots by hitting the deploy button:

You can find further details about bot and sensor configuration here: Simulation Bot.


Simulations

Azure Sync Simulations

When configured, it

  • accesses the local AD server
  • modifies the configured user object
  • accesses the AD Connect server to read the sync cycle information
  • accesses the Azure Cloud AD to check if the object was/was not synced

Click on Create new Azure Sync Simulation and enter the following information:

  • Name: enter a unique name for the simulation
  • (Task Inactive: Tick this box if the simulation should NOT be active right after the creation)
  • Active Directory Server:
    • Hostname: enter the hostname (FQDN) of the local AD server (used for the Azure AD Connect server - see Connect Server below)
    • Remote PowerShell Port: enter the remote PowerShell port (5985 or 5986 for SSL)
    • Profile: if an appropriate account profile is configured for these type of host, select it; for details on Profiles, see Account Profiles.
    • Username / Password: enter username and password if no profile can be used
    • Verify the connection and credentials by clicking on Test Connection
    • Hostname: enter the hostname (FQDN) of the Azure AD Connect server
    • Remote PowerShell Port: enter the remote PowerShell port (5985 or 5986 for SSL)
    • Profile: if an appropriate account profile is configured for this type of host, select it; for details on profiles, see Account Profiles.
    • Username / Password: enter username and password if no profile can be used
    • Verify the connection and credentials by clicking on Test Connection
  • User Profile for accessing Azure AD:
    • Profile: if an appropriate account profile is configured for this type of host, select it; for details on Profiles see Account Profiles.
    • Username / Password: enter username and password if no profile can be used
  • Task Settings:
    • AD Object (Email): enter an email address (AD Userobject) that can be used for the simulation
    • Cycle Count Threshold: specify the number of cycles until the alert/notification should be triggered (you have to configure the alert manually in the alert settings, see Alerting/Notification.

Click Create to save your settings.


Mail Flow Simulations

With OfficeExpert, you can monitor the mail flow duration between two mail systems. For instance, you can monitor how long it takes for an email from Office365 to reach Google Cloud. 
Click on Create new Mail Flow Simulation and enter the following information:

  • Name: enter a unique name for the simulation
  • (Task Inactive: Tick this box if the simulation should NOT be active right after the creation)
  • SMTP (Sender):
    • Mail Gateway: this is the starting point of the Mail Flow Simulation; it can be ANY SMTP Server!
    • Port: specify the SMTP Port (25, 587, etc.)
    • Authentication enabled: select this checkbox if authentication is necessary (with the sender address)
    • StartTLS enabled: tick this checkbox if StartTLS is involved
    • Sender Address: the email address that is used as a sender address (and optional for the authentication process)
    • Password: enter the password of the sender address account for authentication
  • IMAP (Recipient):
    • Server: this is the endpoint of the Mail Flow Simulation; it can be ANY IMAP Server where the mailbox is IMAP enabled!
    • Port: specify the SMTP Port (25, 587, etc.)
    • SSL enabled: select this checkbox if SSL is used
    • Recipient Address: the email address which is used as recipient address
    • Password: enter the password for the recipient address account
  • Task Settings:
    • Max. Number of Checks: maximum number of checks against the recipient mailbox within the Mail Cycle Timeout period (see below)
    • Mail Cycle Timeout: maximum period of a mail cycle for this simulation
    • Interval: period until a new mail cycle starts


Mail flow simulation example:

If your simulation is set up as shown on the screenshot, a new mail cycle will start every 10 minutes. The recipient mailbox will be checked every minute, which results from Mail Cycle Timeout divided by max. number of checks). If a mail is NOT delivered within five minutes (Mail Cycle Timeout), the mail flow simulation fails.


Server Monitoring Settings

Configuring these settings enables OfficeExpert to retrieve pre-configured Windows Services and Performance Counters from the following server types:

  • MS Exchange
  • MS SharePoint
  • Azure AD Connect Server
  • Active Directory Federation Services

Server monitoring requires a Windows proxy! Please refer to Windows Proxy - Requirements.

Click on Settings > Server monitoring > Add new server and enter

  • the Hostname (FQDN)
  • the Remote PowerShell Port — usually 5985 or 5986
  • (if required, you can check Use SSL)
  • select the Server Type — you can select multiple types
  • provide a Username and Password
    (or select a profile, if available — for more details, see Account Profiles).

You can test your settings using the Test Connection button. 

After saving the server, it will appear in the list (activated by default):

Contact Support

Visit panagenda OfficeExpert on our website!