Virtual appliances are available for:
On Premises deployment:
- VMWare vSphere (recommended for production)
VMWare Workstation (for evaluation purposes)
For compatibility reasons, our appliances are configured for ESXi 6.0 and Workstation 11. If you run a newer version, we recommend to upgrade the virtual machine hardware version.
Azure tenant deployment:
- Azure tenant deployment (incl. virtual appliance and all necessary azure resources)
The underlying hardware and OS need to have VT-x support enabled (in BIOS). This is mainly relevant in scenarios where Workstation act as host software. Detailed information about operating system requirements can be found on the respective product pages: www.vmware.com/products/
Please use the following table for reference:
|# of Users||CPU||Memory||Harddisk (additional disk)|
|up to 1.000||4vCpus||8 - 16 GB||200 GB|
|up to 10.000||4vCpus||min 16 GB|
|up to 100.000||8vCpus||min 32 GB||400 GB|
|> 100.000||8vCpus||min 48 GB||500 GB|
For On Prem deployment please add an additional disk to the VM to fit your harddisk requirement (please do not extend the existing disk)
For Azure deployment you can define the harddisk size in the up.sh script (Data Disk) before you deploy
Additional resources may be required under all above described conditions, depending on data collection intervals, number of sensors enabled, and number of servers being monitored. panagenda and selected panagenda OfficeExpert business partners can help you evaluate the optimum hardware specifications for your environment.
Network and Firewall
OfficeExpert Virtual Appliance:
Outbound (originating in virtual appliance):
- HTTPS to Office365 Cloud tenant for data collection (TCP 80/443)
- HTTPS to Azure Key Vault within customers azure tenant (TCP 443)
- Internet Repository URLS (docker.panagenda.com, OS security updates) (TCP 80/443)
- OPTIONAL: HTTPS to Azure Bot Framework Service
Inbound (accessing virtual appliance):
- HTTP/HTTPS for configuration and reports (TCP 80/443)
OPTIONAL: HTTPS for Azure Bot Framework Service (TCP 4443 !) - https://<appliance>:4443/bot/messages
Just allow inbound tcp 4443 to this particular endpoint /bot/messages only! (via Firewalls, Azure AD Proxy, ...)
Please note that you also have to provide a company-owned SSL certificate for the OfficeExpert ACE Notification Bot.
- SSH for system configuration and application tuning (TCP 22)
VNC for system configuration and IBM Notes client access (TCP 5901)
OfficeExpert requires several components in the customers Azure tenant. Therefore an Azure subscription is required to setup OfficeExpert
More details can be found here >> Setup - Azure Lighthouse
Disable MS Report obfuscation
If you leave this enabled, OfficeExpert will be unable to map user data with activity data
Admin Client (Web Interface)
The panagenda OfficeExpert web interface is based on HTML5 and therefore accessible on any HTML5 capable device.
Only Chrome, Edge, FireFox and Safari webbrowser are officially supported (latest 64bit versions)
In general, the OfficeExpert web interface requires a minimum screen resolution of 1366 x 768 pixels.
Browser Security and Network Access:
No special web browser security settings are required to access the panagenda OfficeExpert web interface. For the web interface, you need to have access to the panagenda OfficeExpert appliance via TCP/IP, Port 80 (HTTP) and Port 443 (HTTPS).