OVERVIEW
The four steps below are designed to empower clients to collect scheduling data from Microsoft Exchange/O365 to power Vyopta Room Insights. Should clients not be able to provide an environment where the Vyopta Exchange/O365 collector is able to collect the necessary information to power Room Insights, clients should expect to export/push data from their environment to Vyopta’s APIs and contact their Vyopta team for instructions.
If you are using Office 365, please go to the following document: Office 365 Configuration for Workspace Insights
Step 1 - Confirm system requirements & understand limitations
- On-premise Exchange versions 2013+ or Office 365 Exchange
- Consider EWS API bandwidth
- Depending on the number of rooms and the number of other applications hitting the EWS API, there may be the need to either load balance or increase capacity.
- Vyopta Advanced Analytics module must be live in production.
- The “Historical” and “Webex” Vyopta modules will not be able to display Exchange data collected via this process.
- Limitations: Any of the below limitations can lead to a collector malfunction:
- Attempting to collect on more than 5,000 rooms.
- Room names or room IDs containing special characters (i.e. cyrillic characters like “Ꙍ” or “Ꙃ”).
- Attempting to collect from more than one calendar source
- if there are multiple calendar data sources, it is required for the client to export from all necessary databases, deduplicate and format data to fit Vyopta standards, and push to the Vyopta API
- Best practice: Read through the entire checklist prior to beginning integration .
Step 2 - Create and configure an Exchange Service Account
- In your Exchange administrator portal create an Exchange Service Account with a mailbox enabled for the account (this is a necessary requirement)
- Enable application impersonation permission for the account.*
- If security does not permit this, use the “custom Settings for when Application Impersonation Access is Not Granted” guidelines.*
- Set calendar processing: Room resources’ AutomateProcessing must equal ‘AutoAccept’
- This is the default for for most room resources. See appendix if you do not experience this.*
Step 3 - Create a room distribution list
- Create a room distribution list (i.e. COMPANY_VyoptaRooms@company.com)
- Add all rooms to the distribution list that should be included in analytics.
- See How To: Create a Room Distribution List for Workspace Insights with O365 for instructions on creating Room Distribution Lists
Step 4 - Install appropriate version of new Vyopta collector
- Be ready to provide the server identity, username, and password to the Exchange infrastructure type in the Vyopta collector configuration utility tool.
DETAILS
Application Impersonation
Related Documentation:
Exchange Server: https://msdn.microsoft.com/en-us/library/office/dn722376(v=exchg.150).aspx
Recommended Default Settings:
Vyopta asks for adding the service account as a member of the built-in "Discovery Management" admin role in Office 365. This will grant an application impersonation access to the service account, to impersonate all the room mailboxes in the organization.
Application Impersonation (custom settings)
For big organizations where the default settings do not comply with the security policy for granting an application impersonation access, there is a workaround setting to achieve the same.
- Create Security Group in Office 365 and add the rooms for which collector will be polling the meetings data; as members of the Group.
- Create New Management Write Scope “Vyopta Analytics VC Rooms Write Scope” using the below Office 365 Command. You can use any value in place SAC.
- New-ManagementScope -Name "Vyopta Analytics VC Rooms Write Scope" -RecipientRestrictionFilter {CustomAttribute10 -eq 'SAC'}
- To check, if the change took place, verify using the following powershell command: Get-ManagementScope -Identity "Vyopta Analytics VC Rooms Write Scope" | fl
- Create New Admin Management Role in office 365. Select the write scope created above. (refer the below pic).
- Assign the roles “ApplicationImpersonation, Legal Hold, Mailbox Search” and update the security group as a member of the group.
- Add the service account as a member for this role. This account is used by Vyopta collector application to query Exchange Web Service APIs
- Now, for all the members (rooms) added under the security group (created in step 1), do the following:
- Add the same value (SAC) as a Custom attribute value for each mailbox.
- To check, if the change took place, verify using the following powershell command:
- Get-Mailbox -Identity "cybertron@vyopta.net" | fl name, *custom* (use Get-RemoteMailbox for mailboxes that are on-premise)
- Get-Mailbox -Identity "cybertron@vyopta.net" | fl name, *custom* (use Get-RemoteMailbox for mailboxes that are on-premise)
- Add the same value (SAC) as a Custom attribute value for each mailbox.
- So for all the mailboxes which needs to be accessed by the service account, should have this Customattribute10 value equals SAC.
- This will grant an application impersonation access to the service account (qa_vyopta_svc) added in Step 3.
‘AutomateProcessing’ settings
Related Documentation:
Set-CalendarProcessing: https://technet.microsoft.com/en-us/library/dd335046(v=exchg.160).aspx
Comments
Please sign in to leave a comment.