Thanks for choosing ENow for your monitoring and reporting needs! Our award-winning products will give you better visibility into your servers, users, and workloads, but to do that there are some prerequisites and system requirements that we want to make you aware of before beginning your installation. This document outlines the system requirements for Mailscape 365 only. If you are intending to install additional features like Mailscape, Compass, Uniscope, and Foresite, then please review the ENow Management System (EMS) Prerequisites document.
Basic architecture
The ENow Management System (EMS) consists of several components that must be set up or installed during the installation process:
- The EMS web server is the central collection point for data and provides the monitoring and reporting interface for administrators.
- Individual servers being monitored will run workload-specific clients. For example, there are separate clients for Exchange Hybrid, ADFS, ADFS Proxy or WAP, and DirSync that run on specific servers to report data back to the EMS web server.
- All EMS monitoring and reporting data is stored locally in a proprietary database. When SQL integration is enabled for reporting flexibility, additional data is stored in a SQL server database. This SQL database can be located on the same computer as the EMS web server role, but when Mailscape is enabled as a feature we recommend a dedicated SQL Server instance on another computer. In organizations that have separate database management teams responsible for database administration, ENow’s software supports the use of an existing SQL Server instance as long as permissions, CPU, and memory are assigned appropriately.
Active Directory requirements
- The EMS web server should be in the same Active Directory Forest as the on premise servers (Mailscape requires that the EMS web server be in the same domain) it is monitoring. The only exception to this requirement are servers monitored that are located in a DMZ or EDGE network.
- Our security model requires that 2 Active Directory security groups be created and named exactly "Mailscape_Admins" and "Mailscape_Users". If the user account used to install EMS is a member of the Domain Admins security group, these groups will be automatically created. If you create them manually, please plan to enter the URL http://actualwebservername:20080/Mailscapeweb in the “Notes” attribute of the "Mailscape_Admins" security group.
Network requirements
- TCP port 20080 must be open in both directions between the EMS web server and each client machine.
- TCP 1433 must be open between the SQL Server computer hosting the EMS database instance and the EMS web server.
- The monitoring interface on the EMS web server can be accessed via HTTP or HTTPS (required for Remote Probes). If you wish to enable the use of HTTPS, you’ll need to configure IIS on the EMS web server to permit HTTPS connections with an appropriate certificate.
- The EMS web server will require access to the internet for various tests that are performed for Mailscape and Mailscape 365 features.
System requirements for the EMS web server
EMS may be installed on Windows Server 2008 R2 SP1(we also require PowerShell 3.0 & .NET Framework 4.0) or Windows Server 2012 R2 or later. ENow recommends, but does not require, that you install the most current set of available Microsoft security patches. The IIS role should be enabled and configured with all available role features including IIS6 compatibility. Specific monitoring workloads require additional software to be installed on the web server:
- Mailscape Exchange on-premises custom reporting requires the Exchange administration tools for the version of Exchange you’re using to be installed from the Exchange installation media.
- Mailscape 365 monitoring requires the following: ** the Microsoft Online Services Sign-in Assistant *** the Microsoft Online Services Module for Windows PowerShell.
- Run Set-ExecutionPolicy Unrestricted to allow unsigned PowerShell scripts to run from the web server.
- If you want to monitor Skype for Business Online, install the Skype for Business client on the web server.
EMS Web Server service account permission requirements: Mailscape & Mailscape 365
- The ENow SQL Service Windows service requires a service account that has the DB Owner role on the SQL Server computer for the “Mailscape” database and local administrator rights on the EMS web server.
- If the DBA pre-creates this database before EMS is installed, you will need to manually create and assign permissions to the service account.
- If the “Mailscape” database is created by our installer, we will create the service account and assign it the db_owner role on the database.
- If Mailscape is enabled as a feature with the Exchange management tools installed on the EMS web server, then please allow access to the Exchange server URLs using HTTPS from the EMS web server. This will ensure that the PowerShell based reports will function properly.
- If Compass is enabled as a feature, then please allow LDAP connection from the EMS web server.
- If Uniscope is enabled as a feature, then the following explicit permissions are required to be effective on the LcsCDR and QoEMetrics databases: CONNECT, EXECUTE, SELECT.
- The ENow Namespace Monitor Windows service performs tasks for Mailscape related features only.
- If Exchange 2007 or 2010 are being monitored, then the service can be configured to run as local system and this is enabled automatically by the installation program.
- If Exchange 2013 or 2016 are being monitored, then the service should be configured to run as a domain account that is a local administrator of the EMS web server and a member of the Exchange Organization Management security group. In addition, the Exchange Management Tools should be installed on the EMS web server. Meeting these specific requirements will ensure that the Server Components State dashboard monitoring feature will be functioning properly.
Database and storage requirements
- Our initial method of data storage requires a built in database to exist and grow on a local drive on the EMS web server. It is recommended to configure the built in database to be on a separate drive from the page file. Please plan to check sizing guide that is available from the EMS User Guide.
- When SQL integration is enabled, we store monitoring and reporting data in SQL Server. You’ll need a computer running SQL Server 2008 or later, with an empty database instance named “Mailscape”. This database instance can be pre-created by a SQL DBA at any time.
| ENow Management System 7.0 IIS Web Server Configuration Recommendations for Exchange Hybrid deployments with 75% of mailboxes on premise and 25% in the cloud (If enabling additional features like Compass, then please use the ENow Management System (EMS) Prerequisites document for sizing your Web and SQL servers) | ||||||
| # of mail boxes/enabled users | Dedicated IIS Web Server specifications | Dedicated SQL Server specifications | ||||
| CPU | RAM | Disk Space | CPU | RAM | Disk Space | |
| 1-750 | 1 Core | 4 GB | 2 GB | 1 Core | 4 GB | 4 GB |
| 751-2,000 | 2 Core | 6 GB | 4 GB | 2 Core | 12 GB | 8 GB |
| 2,001-10,000 | 2 Core | 8 GB | 12 GB | 2 Core | 16 GB | 24 GB |
| 10,001-20,000 | 2 Core | 12 GB | 24 GB | 2 Core | 24 GB | 48 GB |
| 20,001-40,000 | 4 Core | 16 GB | 48 GB | 4 Core | 32 GB | 96 GB |
| 40,001-80,000 | 4 Core | 20 GB | 96 GB | 4 Core | 48 GB | 192 GB |
| 80,001-160,000 | 4 Core | 24 GB | 192 GB | 4 Core | 64 GB | 384 GB |
| 160,001-240,000 | 4 Core | 32 GB | 384 GB | 4 Core | 96 GB | 768 GB |
| 240,001-320,000 | 6 Core | 48 GB | 768 GB | 6 Core | 128 GB | 1.5 TB |
| 320,001-480,000 | 6 Core | 64 GB | 1 TB | 8 Core | 256 GB | 3 TB |
| 480,001-640,000 | 6 Core | 96 GB | 3 TB | 10 Core | 384 GB | 6 TB |
| 640,001-960,000 | 6 Core | 128 GB | 6 TB | 12 Core | 512 GB | 12 TB |
Disk Space usage estimates for IIS WEB (12 months) and SQL (6 months) servers are based on average daily message volume. For environments larger than 960,000 mailboxes, please email support@enowsoftware.com for configuration recommendations.
| ENow Management System 7.0 IIS Web Server Configuration Recommendations for Exchange Hybrid deployments with 50% of mailboxes on premise and 50% in the cloud (If enabling additional features like Compass, then please use the ENow Management System (EMS) Prerequisites document for sizing your Web and SQL servers) | ||||||
| # of mail boxes/enabled users | Dedicated IIS Web Server specifications | Dedicated SQL Server specifications | ||||
| CPU | RAM | Disk Space | CPU | RAM | Disk Space | |
| 1-750 | 1 Core | 4 GB | 1.5 GB | 1 Core | 4 GB | 2 GB |
| 751-2,000 | 2 Core | 6 GB | 3 GB | 2 Core | 12 GB | 4 GB |
| 2,001-10,000 | 2 Core | 8 GB | 6 GB | 2 Core | 16 GB | 8 GB |
| 10,001-20,000 | 2 Core | 12 GB | 18 GB | 2 Core | 24 GB | 24 GB |
| 20,001-40,000 | 4 Core | 16 GB | 36 GB | 4 Core | 32 GB | 48 GB |
| 40,001-80,000 | 4 Core | 20 GB | 72 GB | 4 Core | 48 GB | 96 GB |
| 80,001-160,000 | 4 Core | 24 GB | 144 GB | 4 Core | 64 GB | 192 GB |
| 160,001-240,000 | 4 Core | 32 GB | 288 GB | 4 Core | 96 GB | 384 GB |
| 240,001-320,000 | 6 Core | 48 GB | 576 GB | 6 Core | 128 GB | 768 GB |
| 320,001-480,000 | 6 Core | 64 GB | 1 TB | 8 Core | 256 GB | 1.5 TB |
| 480,001-640,000 | 6 Core | 96 GB | 2 TB | 10 Core | 384 GB | 3 TB |
| 640,001-960,000 | 6 Core | 128 GB | 4 TB | 12 Core | 512 GB | 6 TB |
Disk Space usage estimates for IIS WEB (12 months) and SQL (6 months) servers are based on average daily message volume. For environments larger than 960,000 mailboxes, please email support@enowsoftware.com for configuration recommendations.
| ENow Management System 7.0 IIS Web Server Configuration Recommendations for Exchange Hybrid deployments with 25% of mailboxes on premise and 75% in the cloud (If enabling additional features like Compass, then please use the ENow Management System (EMS) Prerequisites document for sizing your Web and SQL servers) | ||||||
| # of mail boxes/enabled users | Dedicated IIS Web Server specifications | Dedicated SQL Server specifications | ||||
| CPU | RAM | Disk Space | CPU | RAM | Disk Space | |
| 1-750 | 1 Core | 4 GB | 1 GB | 1 Core | 4 GB | 1 GB |
| 751-2,000 | 2 Core | 6 GB | 2 GB | 2 Core | 12 GB | 2 GB |
| 2,001-10,000 | 2 Core | 8 GB | 4 GB | 2 Core | 16 GB | 4 GB |
| 10,001-20,000 | 2 Core | 12 GB | 12 GB | 2 Core | 24 GB | 12 GB |
| 20,001-40,000 | 4 Core | 16 GB | 24 GB | 4 Core | 32 GB | 24 GB |
| 40,001-80,000 | 4 Core | 20 GB | 48 GB | 4 Core | 48 GB | 48 GB |
| 80,001-160,000 | 4 Core | 24 GB | 96 GB | 4 Core | 64 GB | 96 GB |
| 160,001-240,000 | 4 Core | 32 GB | 192 GB | 4 Core | 96 GB | 192 GB |
| 240,001-320,000 | 6 Core | 48 GB | 384 GB | 6 Core | 128 GB | 384 GB |
| 320,001-480,000 | 6 Core | 64 GB | 768 GB | 8 Core | 256 GB | 768 GB |
| 480,001-640,000 | 6 Core | 96 GB | 1.5 TB | 10 Core | 384 GB | 1.5 TB |
| 640,001-960,000 | 6 Core | 128 GB | 3 TB | 12 Core | 512 GB | 3 TB |
Disk Space usage estimates for IIS WEB (12 months) and SQL (6 months) servers are based on average daily message volume. For environments larger than 960,000 mailboxes, please email support@enowsoftware.com for configuration recommendations.
| ENow Management System 7.0 IIS Web Server Configuration Recommendations for Exchange Online only deployments where 100% of mailboxes are in the cloud (If enabling additional features like Compass, then please use the ENow Management System (EMS) Prerequisites document for sizing your Web and SQL servers) | ||||||
| # of mail boxes/enabled users | Dedicated IIS Web Server specifications | Dedicated SQL Server specifications | ||||
| CPU | RAM | Disk Space | CPU | RAM | Disk Space | |
| 1-750 | 1 Core | 4 GB | 512 MB | 1 Core | 4 GB | 1.5 GB |
| 751-2,000 | 2 Core | 6 GB | 1 GB | 2 Core | 12 GB | 3 GB |
| 2,001-10,000 | 2 Core | 8 GB | 2 GB | 2 Core | 16 GB | 6 GB |
| 10,001-20,000 | 2 Core | 12 GB | 6 GB | 2 Core | 24 GB | 18 GB |
| 20,001-40,000 | 4 Core | 16 GB | 12 GB | 4 Core | 32 GB | 36 GB |
| 40,001-80,000 | 4 Core | 20 GB | 24 GB | 4 Core | 48 GB | 72 GB |
| 80,001-160,000 | 4 Core | 24 GB | 48 GB | 4 Core | 64 GB | 144 GB |
| 160,001-240,000 | 4 Core | 32 GB | 96 GB | 4 Core | 96 GB | 288 GB |
| 240,001-320,000 | 6 Core | 48 GB | 192 GB | 6 Core | 128 GB | 576 GB |
| 320,001-480,000 | 6 Core | 64 GB | 384 GB | 8 Core | 256 GB | 1 TB |
| 480,001-640,000 | 6 Core | 96 GB | 768 G | 10 Core | 384 GB | 2 TB |
| 640,001-960,000 | 6 Core | 128 GB | 1.5 TB | 12 Core | 512 GB | 4 T |
Disk Space usage estimates for IIS WEB (12 months) and SQL (6 months) servers are based on average daily message volume. For environments larger than 960,000 mailboxes, please email support@enowsoftware.com for configuration recommendations.
Service Account permission requirements: Client software
Each ENow monitoring client is installed on its respective target server by running the ENowClientSetup.exe executable, which installs the appropriate client according to the target server role:
Mailscape Client on Exchange 2007, Exchange 2010, Exchange 2013, and Exchange 2016 servers
AD FS and AD FS proxy clients on those respective server types
DirSync monitoring client on any Windows 2008 R2 or later member server
The following table shows the permissions required for the service accounts used by each client type. Note that all of the clients will require .NET Framework 3.5 or higher and PowerShell 2.0 or higher.
| Client | Service(s) | Required configuration | Notes |
| Mailscape | ENow Client & ENow Admin | Member of the local administrator’s security group Member of the Exchange View Only Organization Management security group(When the service is a member of View Only Organization Management, the database redundancy monitoring feature is not supported). | We recommend assigning this account as a member of the Exchange Organization Management security group for full functionality. For Exchange 2013 or later, if this service account is a regular domain user (not a managed service account and configured as a member of the Exchange Organization Management security group) with a mailbox enabled then it may be configured as the OWA/ECP test user. Exchange 2007 and 2010 environments require the service account to be assigned as a security principal with Reset password set to Allow for the CAS Test Connectivity Users. These accounts will appear in Active Directory with names starting with “cas_” or “extest_” for Exchange 2007 and Exchange 2010 respectively. If these users do not exist, then please plan to run the Get-MailboxServer | .\new-TestCasConnectivityUser.ps1 script from a mailbox server. When installing the client on Exchange EDGE servers, only the Local administrator permission is required |
| AD FS | ENow Client & ENow Admin | Member of the local administrator’s security group | |
| AD FS Proxy or WAP | ENow Client & ENow Admin | Member of the local administrator’s security group | |
| AAD Connect Server | ENow Client & ENow Admin | Member of the local administrator’s security group Assigned the SQL db_datareader role |
The following table shows the permissions required for the monitoring, reporting, and test accounts used by Mailscape or Mailscape 365. Note that all of these accounts will need to be configured from the ENow Administration Console.
| Feature | Account | Required configuration | Notes |
| Mailscape | On premise mail flow internal test account | On premise Exchange mailbox enabled Exchange Web Services enabled | This account may also be used for the following Exchange (Exchange 2013 or later) Namespace Monitoring settings: ActiveSync Test User, EWS Test User, and SMTP Test User. Note that we do not recommend using this account as the OWA/ECP Test User. We recommend using an account (with mailbox enabled) that is a member of the Exchange Organization Management security group. |
| On premise mail flow external test account | Gmail, Outlook.com, or Yahoo mailbox enabled | This mailbox will need to be configured with a forwarding rule that points back to the primary SMTP address of the mail flow internal test account. | |
Mailscape 365 | Office 365 monitoring account | Service Administrator permission on the Office 365 tenant Enabled for remote PowerShell Assigned an Office 365 E3 license or higher and cloud mailbox enabled | You may, but are not required to, use the same account for monitoring and reporting. If you choose to use the same account, please make sure that the account is also member of View Only Organization Management for Exchange Online. |
| Office 365 reporting account | Member of the View Only Organization Management security group for Exchange Online Enabled for remote PowerShell Assigned an Office 365 E3 license or higher and cloud mailbox enabled | Optional for large enterprise. | |
| Cloud mail flow internal test account | Assigned an Office 365 E3 license or higher and cloud mailbox enabled | ||
| Cloud mail flow external test account | Gmail, Outlook.com, or Yahoo mailbox enabled | This mailbox will need to be configured with a forwarding rule that points back to the primary SMTP address of the mail flow internal test account. | |
| Office 365 test account | Active Directory account that has been synced to the Office 365 tenant Assigned SELF security principal with Write permissions in Active Directory (see notes) Assigned an Office 365 E3 license or higher (and Skype for Business Online enabled to pair with Skype for Business Online test account) Assigned a primary SMTP address that matches the UPN value. | Connect to your Domain Controller and navigate to the user account, right click on the user and select Properties. Select the tab Security and scroll down to the security principal SELF. Select SELF and grant the Write permission | |
| Skype for Business Online test account | Assigned an Office 365 E3 license or higher and Skype for Business Online enabled | The Skype for Business client must be installed on the EMS web server to enable the testing features. |