Client Sense Requirements

Client Sense Requirements

Overview

Client Sense is a web application backed by a SQL database. The website and database can exist on the same server, separate servers and share existing. Authentication to Client Sense is provided using Windows Authentication and access is controlled through Active Directory security groups. Client Sense interacts with Exchange using PowerShell and EWS where it reads and never writes.

The Client Sense team will perform the installation and configuration through remote access once the server and credentials are ready. There currently isn't an option for self installation.

Exchange

Client Sense supports Office 365 / Exchange Online and Exchange 2010 or higher

Server Hardware

Please discuss technical requirements with our team to confirm the minimum requirements for your company.

Hardware minimum requirements for the IIS and SQL server.
  1. Memory - 8GB
  2. CPU - 2 vCPU
  3. Storage - 30GB free
  4. No data drive is required currently

Server Software

  1. Windows Server 2012 or higher
  2. .Net 4.8
  3. IIS 8 or higher
  4. SQL Server 2012 Standard or higher with Full-Text capability
For smaller clients the website and database can share a server and SQL Express may be viable, please discuss with us

Service Account

Domain Account

You can decide on your own service account name following your standard account creation and naming convention procedures. Alternatively you can contact us for suggestions.
It is recommended to create a new domain account which can be used by Client Sense, this will be used for the application pool, database access and exchange permissions
  1. Create a domain account called serviceaccountname
  2. Ensure the password is set to not expire
  3. This account requires permission to run Exchange remote PowerShell commands but doesn't require a mailbox
  4. Set the UPN to serviceaccountname@domain.com with domain being the email domain rather than the internal domain
  5. Add this account to the local Administrators group on the server, or provide the minimum permission to the account for "Logon as batch job rights"

SQL Permissions

The serviceaccountname accounts needs at minimum to be dbowner of a precreated ClientSense database.

Alternatively you can give the serviceaccountname account dbcreater permission to allow it to create its own database.

If Client Sense has its own SQL instance then you can give the serviceaccountname account the sysadmin server role

Client Sense can automatically create a database on the SQL server if the serviceaccountname account is given the dbcreator or sysadmin server role. 
If creator permissions can't be provided, manually create a database called ClientSense on the SQL Server and give the serviceaccountname account db_owner permission on the database through User Mapping

Exchange Permissions

  1. View-Only Recipients (PowerShell get-recipients command)
  2. Message Tracking (PowerShell get-messagetrace / get-messagetrackinglogs command)
  3. ApplicationImpersonation (EWS mailbox access)
See section on Exchange Permissions for more information on configuring these permissions for Office 365 / Exchange Online or Exchange

Note regarding Multi Factor Authentication (MFA/2FA)

Client Sense doesn't support MFA prompts on the service account. The account can have MFA enabled but it needs to be configured and whitelisted for the IP address of Client Sense itself so that it isn't prompted when accessing Office 365.

Security Groups

Create two security groups in Active Directory to control user access and administrator access. The following names are suggestions, name the groups according to your taxonomy which can be set in Client Sense.
  1. Client Sense Users
  2. Client Sense Admins

DNS and Web Access

Client Sense should be an internally accessed website only, there is no need for external DNS entries to be created
Create an internal DNS A record pointing to the Client Sense web server called clientsense. This will allow users to browse to http://clientsense to access Client Sense.
If using a fully qualified dns entry for Client Sense ensure the following
If you would like to use a fqdn (SSL certificate optional) ensure that you add clientsense.fqdn.com to the local intranet zone through group policy. This will prevent prompts for username and password and allow seemless access.
If you already have a wildcard entry in the intranet zone you won't need to add an additional entry for clientsense.fqdn.com
You can test which zone the dns appears in with the following PowerShell command
[System.Security.Policy.Zone]::CreateFromUrl('https://clientsense.fqdn.com')


Client Software

The only client software required to access Client Sense is a web browser

Client Sense supports the following browsers
  1. Chrome
  2. Firefox
  3. Edge
  4. Internet Explorer 9+