Stealthaudit® Installation Requirements - Exchange & Exchange Online Solution Stealthaudit®

Home , MAPI

2020 StealthAUDIT® Installation Requirements - Exchange & Exchange Online Solution StealthAUDIT®

TOC

Exchange Solution Requirements Overview 3

Architecture Overview 3

Exchange Server Requirements 4

StealthAUDIT Console & Access Information Center Server Requirements 4

SQL Server Requirements for the StealthAUDIT Database 6

Target Environment Requirements (To Be Audited) 8

Virtual Environment Recommendations 8

Software Downloads & Documentation 10

Exchange Readiness Checklist 11

Necesssary IIS Components for StealthAUDIT & the AIC 11

More Information 14

Doc_ID 326 2

Copyright 2020 STEALTHBITS TECHNOLOGIES, INC. ALL RIGHTS RESERVED StealthAUDIT® Exchange Solution Requirements Overview This document describes the recommended configuration of the servers needed to install this product in a production environment. Depending on the size of the organization, it is recommended to review your environment and requirements with a Stealthbits engineer prior to deployment to ensure all exceptions are covered.

Architecture Overview The following servers are required for installation of the product:

l StealthAUDIT Console Server – This is where the StealthAUDIT v11.0 application is installed.

l Access Information Center – This application is typically installed on the StealthAUDIT Console server and is an interactive dashboard for exploring permissions, activity, and sensitive data. NOTE: The Access Information Center is often the same server as StealthAUDIT but can be installed separately.

l StealthAUDIT Sensitive Data Discovery Add-On – This application is installed on the StealthAUDIT Console server as an add-on enabling Sensitive Data criteria for scans.

l SQL Server for StealthAUDIT – As a data-intensive application, we recommend a well- provisioned, dedicated SQL Server.

l Exchange Solution Additional Considerations:

l StealthAUDIT MAPI CDO – This application is installed on the StealthAUDIT Console server to enable the Settings > Exchange global configuration interface within StealthAUDIT.

l Target Environment for Auditing – The target Exchange environment includes all Exchanges servers and/or the organization’s Exchange Online infrastructure

See the following sections for additional information:

l StealthAUDIT Console & Access Information Center Server Requirements

l SQL Server Requirements for the StealthAUDIT Database

l Target Environment Requirements (To Be Audited)

Doc_ID 326 3

StealthAUDIT Console & Access Information Center Server Requirements The server can be physical or virtual. The requirements for StealthAUDIT are:

l Windows Server 2012 through Windows Server 2019

l US English language installation

l Domain member

NOTE: RAM, CPU, and Disk Space are dependent upon the size of the target environment:

l Large – Extra-Large Environment (~50,000-120,000 Mailboxes)

l 16+ GB RAM

l 8+ CPU Cores

l 120 GB Disk Space

l Small – Medium Environment (~1,000-10,000 Mailboxes)

l 8+ GB RAM

l 4 CPU Cores

l 120 GB Disk Space

NOTE: If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host.For example, if the job is configured to scan 8 hosts at a time, then an extra 16 GB of RAM are required (8x2=16).

l Internet Information Services (IIS) components installed as outlined in the Necessary IIS Components list

l NET Framework 4.7.1+ installed

l Microsoft SQL Server supports TLS 1.2, which requires the StealthAUDIT Console server to have either SQL Server Native Client 11 or Microsoft OleDB 18 installed

See Necesssary IIS Components for StealthAUDIT & the AIC for additional information.

Doc_ID 326 4

l Additional Requirements for the Exchange Solution:

l Outlook should not be installed

l StealthAUDIT MAPI CDO installed (for MAPI- based data collectors) NOTE: See the StealthAUDIT MAPI CDO Installation Guide for additional information

l Exchange MAPI CDO installed (for MAPI- based data collectors)

l For targeting Exchange 2010 – Exchange Management Tools 2010 installed on the StealthAUDIT Console server

l For Targeting Exchange Online – PowerShell Execution Policy set to unrestricted for both 64-bit and 32-bit versions

Exchange Online Modern Authentication

The following prerequisites are required to use Modern Authentication for Exchange Online in StealthAUDIT.

l Exchange Online Management v2.0.3

l Install-Module -Name ExchangeOnlineMangement - RequiredVersion 2.0.3

l Create a self-signed certificate that will be used by StealthAUDIT for Modern Authentication

Permissions

The following permissions are required to install and use the application:

l Membership in the local Administrators group for the StealthAUDIT Console server NOTE: Role based access can be enabled for a least privilege user model.

l For Exchange Online, Modern Authentication is required.

Additional Considerations

The following are recommended for the StealthAUDIT Console server:

l 100/1000 Mb Network Connection

l SQL Server Management Studio installed (Optional)

l Disable “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” Policy

l Font "arial-unicode-ms" installed (Needed for report Unicode character support)

Doc_ID 326 5

NOTE: The Sensitive Data Discovery Add-on installation package installs the appropriate JDK (Java) version on the server. The JDK deployed is prepackaged and does not require any configuration. It will not conflict with other JDKs or Java Runtimes in the same environment.

SQL Server Requirements for the StealthAUDIT Database The server requirements for the SQL Server databases are:

l SQL Server 2012 through SQL Server 2019

l US English Language Instance installation NOTE: RAM, CPU, and Disk Space are dependent upon the size of the target environment.

l Large – Extra-Large Environment (~50,000-120,000 Mailboxes)

l 64 GB RAM

l 16 CPU Cores

l 4 Disks:

l Operating System – 160 GB

l SQL Database – 1.25 TB

l SQL Transaction Log – 650 GB

l SQL TEMP DB – 325 GB

l Large Environment (~50,000 Mailboxes)

l 16 GB RAM

l 16 CPU Cores

l 4 Disks:

l Operating System – 160 GB

l SQL Database – 650 GB

l SQL Transaction Log – 650 GB

l SQL TEMP DB – 325 GB

l Medium Environment (~10,000 Mailboxes)

l 16 GB RAM

l 8 CPU Cores

l 4 Disks:

Doc_ID 326 6

l Operating System – 160 GB

l SQL Database – 415 GB

l SQL Transaction Log – 325 GB

l SQL TEMP DB – 325 GB

l Small Environment (~1,000 Mailboxes)

l 8 GB RAM

l 4 CPU Cores

l 4 Disks:

l Operating System – 160 GB

l SQL Database – 325 GB

l SQL Transaction Log – 325 GB

l SQL TEMP DB – 325 GB

Additional Requirements

The following are additional requirements for the SQL Server:

l US English Language Instance of SQL Server

l SQL Server must be equal or newer version than the version to be targeted

l All SQL Server databases configured to use ‘Simple Recovery Model’

Permissions

The following permissions are required on the databases:

l Database Owner

l Provisioned to use Default Schema of ‘dbo’

Additional Considerations

The following additional considerations are recommended for the SQL Server:

l The standard Autogrowth setting can cause StealthAUDIT job delays. Database growth is computationally intensive. While SQL Server is growing the database, no other activity can occur. If this option is employed, please speak with a Stealthbits engineer to determine an appropriate setting for best performance.

Doc_ID 326 7

l Microsoft SQL Server supports TLS 1.2, which requires the StealthAUDIT Console server to have either SQL Server Native Client 11 or Microsoft OleDB 18 installed.

l Optional: SQL Server Management Studio installed on the StealthAUDIT Console Server

Target Environment Requirements (To Be Audited)

l Supported target platform and requirements for the target Exchange environment:

l Enable Remote PowerShell on one Client Access Server (CAS)

l Enable Windows Authentication for the PowerShell Virtual Directory on same CAS

l .NET Framework 4.5+ installed on all Exchange servers to be targeted

l WINRM Service installed on all Exchange servers to be targeted as a back up in the event of a remote PowerShell failure

l Within the StealthAUDIT Console, the global Settings > Exchange node must be configured NOTE: For Exchange 2013, 2016, and 2019 – If the global settings have been configured for MAPI over HTTP, then an actual CAS server name was supplied and will be used by the ExchangePS Data Collector. If the global settings have been configured for MAPI over HTTPS, then the global configuration will have a web address instead of an actual server. Therefore, each ExchangePS query requires the CAS server to be set as the specific server on the Category page. See the Exchange Job Group > Recommended Configurations section for a list of queries for which this would apply.

Permissions

Permissions for data collection:

l See the StealthAUDIT Exchange Permissions document for a list of supported Exchange environments and additional requirements.

Virtual Environment Recommendations While physical machines are always preferred, we fully support the use of virtual machines. This section contains special considerations when leveraging virtualization.

Doc_ID 326 8

l VMWare® ESX® – If using ESX, the following specifications are recommended:

l ESX 4.0 / ESXi™ 4.1 or higher

l Virtual Hardware 7 or higher

l All Virtual Machines installed on the same datacenter / rack

l Virtual Storage Consideration

l In the server requirements, when separate disks are required for the servers, that should translate to separate data stores on the VM host machine.

Doc_ID 326 9

Copyright 2020 STEALTHBITS TECHNOLOGIES, INC. ALL RIGHTS RESERVED StealthAUDIT® Software Downloads & Documentation Download the needed binary from the Product Downloads page of the Stealthbits website (link requires website login):

l StealthAUDIT v11.0

l Access Information Center v11.0

l StealthAUDIT MapiCDO v11.0

l Sensitive Data Add-on – FSAA & SPAA Agentless v11.0

Documentation for the product can be accessed on the Stealthbits website (link requires website login):

l StealthAUDIT User Guides v11.0

l Access Information Center User Guides 11.0

l Access Information Center User Guides 11.0 - Coming Soon!

Doc_ID 326 10

Copyright 2020 STEALTHBITS TECHNOLOGIES, INC. ALL RIGHTS RESERVED StealthAUDIT® Exchange Readiness Checklist Please follow these checklists to ensure all required components have been installed before the installation work session.

StealthAUDIT Console & Access Information Center Server Requirements Checklist

Ensure that StealthAUDIT Console & Access Information Center Server requirements are met.

l See StealthAUDIT Console & Access Information Center Server Requirements for additional information.

Ensure that SQL Server requirements are met.

l See SQL Server Requirements for the StealthAUDIT Databasefor additional information.

Ensure that target environment requirements for auditing are met.

l See Target Environment Requirements (To Be Audited) for additional information.

General Requirements Checklist

Disable User Access Control (Recommended)

Turn off Internet Explorer Advanced Security for Administrators (Recommended)

Appropriate components and license key downloaded onto application server

Necesssary IIS Components for StealthAUDIT & the AIC The following Internet Information Services (IIS) components are required for the AIC. The following lists of IIS components are provided for a Windows Server 2016-2019 and a Windows Server 2012+ platforms. See the Appendix of the StealthAUDIT Installation Guide for additional information.

Doc_ID 326 11

Windows Server 2016-2019 Windows Server 2012+

Server Roles Server Roles

l Web Server (IIS) l Application Server

l Web Server l Web Server (IIS) Support

l Common HTTP Features l Web Server (IIS)

l HTTP Redirection l Web Server

l Health and Diagnostics l Management Tools

l Request Monitor l IIS 6 Management Compatibility

l Performance l IIS 6 Management Console

l Dynamic Content Compression l IIS 6 Scripting Tools

l Security Features l Basic Authentication

l .NET Framework 4.5 Features l Windows Authentication

l WCF Services l Management Tools

l HTTP Activation l IIS 6 Management Compatibility

l .NET Framework 4.6.1 l IIS 6 Management Console NOTE: .NET Framework 4.6.1 can be l IIS 6 Scripting Tools downloaded from the link in the Microsoft .NET Framework 4.6.1 offline Features installer for Windows article.

l .NET Framework 4.6 Features

l WFC Services

l HTTP Activation

l .NET Framework 4.6.1+ NOTE: .NET Framework 4.6.1 can be downloaded from the link in the Microsoft .NET Framework 4.6.1 offline installer for Windows article.

Doc_ID 326 12

The StealthAUDIT Report Index can be displayed through either an embedded website, via the Web Console, or through an IIS hosted website. If using the IIS hosted website to view the StealthAUDIT Report Index, the following IIS components are required.

NOTE: These components are also included in the AIC requirements. Therefore, configuring IIS for the AIC will meet these requirements.

Windows Server 2016-2019 Windows Server 2012+

Server Roles Server Roles

l Web Server (IIS) l Web Server (IIS)

l Web Server l Web Server

l Management Tools l Management Tools

l IIS 6 Management Compatibility l IIS 6 Management Compatibility

l IIS 6 Management Console l IIS 6 Management Console

l IIS 6 Scripting Tools l IIS 6 Scripting Tools

l .NET Framework 4.6.1+ l .NET Framework 4.6.1+ NOTE: .NET Framework 4.6.1 can be NOTE: .NET Framework 4.6.1 can be downloaded from the link in the downloaded from the link in the Microsoft .NET Framework 4.6.1 offline Microsoft .NET Framework 4.6.1 offline installer for Windows article. installer for Windows article.

Doc_ID 326 13

Stealthbits Technologies is a data security software company focused on protecting an organization’s credentials and data. By removing inappropriate data access, enforcing security policy, and detecting advanced threats, we reduce security risk, fulfill compliance requirements, and decrease operations expense.

For information on our products and solution lines, check out our website at www.stealthbits.com or send an email to our information center at [email protected].

If you would like to speak with a Stealthbits Sales Representative, please contact us at +1.201.447.9300 or via email at [email protected].

Have questions? Check out our online Documentation or our Training Videos (requires login): https://www.stealthbits.com/documentation. To speak to a Stealthbits Representative: please contact Stealthbits Support at +1.201.447.9359 or via email at [email protected].

Need formal training on how to use a product more effectively in your organization? Stealthbits is proud to offer FREE online training to all customers and prospects! For schedule information, visit: https://www.stealthbits.com/on-demand-training.

Doc_ID 326 14