Virtual Appliance

panagenda OfficeExpert is based on the very popular CentOS Linux distribution, which is based on the source code of Red Hat Enterprise Linux (RHEL). CentOS 7 was chosen because of its stability and its long time support (maintenance until June 2024). It uses a current kernel version (3.10.x) for virtual systems. Only security patches are configured for automatic update via the YUM (yellowdog updater modified)

Virtual appliances are available for:
On Premises deployment:

  • VMWare vSphere (recommended for production)
  • VMWare Workstation (for evaluation purposes)

     For compatibility reasons, our appliances are configured for ESXi 6.0 and Workstation 11. If you run a newer version, we recommend to upgrade the virtual machine hardware version.

  • MicrosoftHyper-V

Azure tenant deployment:

  • Azure tenant deployment (incl. virtual appliance and all necessary azure resources)

The underlying hardware and OS need to have VT-x support enabled (in BIOS). This is mainly relevant in scenarios where Workstation act as host software. Detailed information about operating system requirements can be found on the respective product pages: www.vmware.com/products/ 

Please use the following table for reference:


 # of UsersCPUMemoryHarddisk (additional disk)
up to 1.0004vCpus8 - 16 GB200 GB
up to 10.0004vCpusmin 16 GB

300 GB

up to 100.0008vCpusmin 32 GB400 GB
> 100.0008vCpusmin 48 GB500 GB  


Note:

For On Prem deployment please add an additional disk to the VM to fit your harddisk requirement (please do not extend the existing disk)

For Azure deployment you can define the harddisk size in the up.sh script (Data Disk) before you deploy



Additional resources may be required under all above described conditions, depending on data collection intervals, number of sensors enabled, and number of servers being monitored. panagenda and selected panagenda OfficeExpert business partners can help you evaluate the optimum hardware specifications for your environment.

Network and Firewall

The following image shows the architecture of panagenda OfficeExpert, including the required port configurations: 




OfficeExpert Virtual Appliance:

Outbound (originating in virtual appliance):

  • HTTPS to Office365 Cloud tenant for data collection (TCP 80/443)
  • HTTPS to Azure Key Vault within customers azure tenant (TCP 443)
  • Internet Repository URLS (docker.panagenda.com, OS security updates) (TCP 80/443)
  • OPTIONAL: HTTPS to Azure Bot Framework Service

Inbound (accessing virtual appliance):

  • HTTP/HTTPS for configuration and reports (TCP 80/443)
  • OPTIONAL:  HTTPS for Azure Bot Framework Service  (TCP 4443 !)  - https://<appliance>:4443/bot/messages

Just allow inbound tcp 4443 to this particular endpoint /bot/messages only!  (via Firewalls, Azure AD Proxy, ...)

Please note that you also have to provide a company-owned SSL certificate for the OfficeExpert ACE Notification Bot.

  • SSH for system configuration and application tuning (TCP 22)
  • VNC for system configuration and IBM Notes client access (TCP 5901)

Azure Lighthouse

OfficeExpert requires several components in the customers Azure tenant. Therefore an Azure subscription is required to setup OfficeExpert
More details can be found here >> Setup - Azure Lighthouse

Disable MS Report obfuscation

Please make sure that the Report setting for de-identify users, ....is disabled in your tenant

https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/activity-reports?view=o365-worldwide#show-user-details-in-the-reports




If you leave this enabled, OfficeExpert will be unable to map user data with activity data

Admin Client (Web Interface)


Hardware:

The panagenda OfficeExpert web interface is based on HTML5 and therefore accessible on any HTML5 capable device.

Only Chrome, Edge, FireFox and Safari webbrowser are officially supported (latest 64bit versions)

In general, the OfficeExpert web interface requires a minimum screen resolution of 1366 x 768 pixels


Browser Security and Network Access:

No special web browser security settings are required to access the panagenda OfficeExpert web interface. For the web interface, you need to have access to the panagenda OfficeExpert appliance via TCP/IP, Port 80 (HTTP) and Port 443 (HTTPS).