I am a Zivver admin
Configure and manage Zivver
02. Prerequisites Synctool
Introduction
This document explains the prerequisites and hardware requirements for using the Synctool.
Hardware specifications
The Zivver Synctool does not require it’s own dedicated server. The Synctool can be deployed on any server that adheres to the prerequisites and hardware specifications described in this article.
Best practice is to store the Synctool on an already existing synchronization server or application server with the following minimal hardware specifications.
| Number of employees | CPU | Memory | Hard drive size |
|---|---|---|---|
| Fewer than 10.000 | 1.4 GHz / 2 cores | 2 GB | 50 GB |
| 10.000 to 50.000 | 1.6 GHz / 2 cores | 4 GB | 70 GB |
| 50.000 to 100.000 | 1.6 GHz / 2 cores | 8 GB | 100 GB |
System requirements
- Microsoft Windows Server 2012 R2 Service Pack 1 Extended Security Updates or higher.
- Microsoft Windows 7 Extended Security Updates or higher.
- Microsoft .NET 4.8 or higher installed.
Connectivity
| Protocol | Port | Description |
|---|---|---|
| LDAP (1) | 389 | Only for LDAP syncs. Used for data import from Active Directory. |
| LDAP/SSL (1) | 636 | Only for LDAP syncs. Used for data import from Active Directory. Data transfer is signed and encrypted. |
| HTTP | 80 | Only for Exchange Online syncs. Downloads the certificate revocation lists (CRLs) while validating the TLS/SSL certificate. |
| HTTPS | 443 | TLS v1.2. Used to connect to https://app.zivver.com/api and https://downloads.zivver.com. |
(1) You have to choose either LDAP or LDAP/SSL. Best practice is to use LDAP/SSL.
Automation requirements
- A service account is available with Log on as batch job rights to run a scheduled task via the Windows Task Scheduler.
Source specific requirements
This section describes requirements for different sources as each data import can come from one or multiple sources.
- Go to LDAP source
- Go to Exchange Online source
- Go to Exchange on-premise source
LDAP source
See introduction of the LDAP source manual for more information on when to use LDAP source.
- The domain controller must allow incoming traffic from the Synctool server via either port
389or636, see also connectivity. - A service account is available with the following permissions:
- Allowed to create data imports from the domain controller via LDAP.
- View-Only rights in Active Directory. This is enabled by default for all domain users.
Exchange Online source
See introduction of the Exchange source manual for more information on when to use Exchange source.
- PowerShell module ExchangeOnlineManagement is installed on the Synctool server.
Install-Module -Name ExchangeOnlineManagement - Modern Authentication (Certificate-Based Authentication) is used to connect to Exchange Online according to the steps from the Microsoft article App-only authentication for unattended scripts.
- User mailboxes receive delegated access to shared mailboxes via Full Access permissions.
- If you use nested security groups to delegate access to shared mailboxes, these security groups need to be mail-enabled.
- TLS 1.2 on the server to connect to Exchange Online.
Exchange on-premise source
See introduction of the Exchange source manual for more information on when to use Exchange source.
- The Synctool server is allowed to create a remote PowerShell session to the Exchange server.
- A service account is available with the following permissions in Exchange:
- Distribution Groups.
- View Only Configuration.
- View Only Recipients.
- User mailboxes receive delegated access to shared mailboxes via Full Access permissions.
- If you use nested security groups to delegate access to shared mailboxes, these security groups need to be mail-enabled.
If Full Access permissions on shared mailboxes are assigned to Active Directory security groups, then make sure that:
- The Exchange server has Microsoft Remote Server Administration Tools installed. Specifically, you will need the Active Directory Domain Services and Active Directory Lightweight Directory Services tools installed.
- The Exchange server has the PowerShell module Active Directory installed.