02. Prerequisites Synctool

Introduction

This document explains the prerequisites and hardware requirements for using the Synctool.

Hardware specifications

The Zivver Synctool does not require it’s own dedicated server. The Synctool can be deployed on any server that adheres to the prerequisites and hardware specifications described in this article.

Best practice is to store the Synctool on an already existing synchronization server or application server with the following minimal hardware specifications.

Number of employees CPU Memory Hard drive size
Fewer than 10.000 1.4 GHz / 2 cores 2 GB 50 GB
10.000 to 50.000 1.6 GHz / 2 cores 4 GB 70 GB
50.000 to 100.000 1.6 GHz / 2 cores 8 GB 100 GB

System requirements

  • Microsoft Windows Server 2012 R2 Service Pack 1 Extended Security Updates or higher.
  • Microsoft Windows 7 Extended Security Updates or higher.
  • Microsoft .NET 4.8 or higher installed.

Connectivity

Protocol Port Description
LDAP (1) 389 Only for LDAP syncs. Used for data import from Active Directory.
LDAP/SSL (1) 636 Only for LDAP syncs. Used for data import from Active Directory. Data transfer is signed and encrypted.
HTTP 80 Only for Exchange Online syncs. Downloads the certificate revocation lists (CRLs) while validating the TLS/SSL certificate.
HTTPS 443 TLS v1.2. Used to connect to https://app.zivver.com/api and https://downloads.zivver.com.

(1) You have to choose either LDAP or LDAP/SSL. Best practice is to use LDAP/SSL.

Automation requirements

Source specific requirements

This section describes requirements for different sources as each data import can come from one or multiple sources.

LDAP source

See introduction of the LDAP source manual for more information on when to use LDAP source.

  • The domain controller must allow incoming traffic from the Synctool server via either port 389 or 636, see also connectivity.
  • A service account is available with the following permissions:
    • Allowed to create data imports from the domain controller via LDAP.
    • View-Only rights in Active Directory. This is enabled by default for all domain users.

Exchange Online source

See introduction of the Exchange source manual for more information on when to use Exchange source.

Exchange on-premise source

See introduction of the Exchange source manual for more information on when to use Exchange source.

  • The Synctool server is allowed to create a remote PowerShell session to the Exchange server.
  • A service account is available with the following permissions in Exchange:
    • Distribution Groups.
    • View Only Configuration.
    • View Only Recipients.
  • User mailboxes receive delegated access to shared mailboxes via Full Access permissions.
  • If you use nested security groups to delegate access to shared mailboxes, these security groups need to be mail-enabled.

If Full Access permissions on shared mailboxes are assigned to Active Directory security groups, then make sure that: