Abstract: This short HowTo will outline the steps needed to install the Skype for Business (=SfB) Call Quality Dashboard
This is a quick/basic installation guide, it will not go true some security hardening steps!
Preparation:
– Install a Windows 2012 R2 OS (fully patched) [In this howto we will reference the machine with the name sfbcdq01]
– Download the SfB Call Quality Dashboard installer from here and store it on the sfbcdq01 server
– Add a 2nd Disk to the sfbcdq01 server. It will be used to save the SfB Call Quality Dashboard data
– Install a supported SQL version on the sfbcdq01 server (We will use SQL 2012 Standard in this howto). You need “Database Engine Services”, “Analysis Services”, the full “Management Tools”. During installation the AD account which is used should be added to the administrator section. You later one can change that. Once done start the SQL Server Agent and set that to automatically.
– Create an AD account (contoso\SfBQoEmetricsRead) which you assign reader access (db_datareader role/permissions) on the SfB QoEmetrics DB. This account will replicate the data from this DB to the QoEArchive which exists on our sfbcdq01. To follow this howto you need to give the user also Administrator access on sfbcdq01.
– Create an 2nd AD account (contoso\SfBCQDPortal). Grant him also administrator access on sfbcdq01
Do not use a password which starts with “+” as this might cause issues
Steps:
1.) Install the prequisites via:
add-windowsfeature Web-Server, Web-Static-Content, Web-Default-Doc, Web-Asp-Net, Web-Asp-Net45, Web-Net-Ext, Web-Net-Ext45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Url-Auth, Web-Windows-Auth, Web-Mgmt-Console
After that check for pending updates and reboot the server if needed.
2.) Download and install (on the Call Quality Dashboard server) the following SQL features from here:
SQL_AS_ADOMD.msi
SQL_AS_AMO.msi
3.) Fully patch the Server and the installed SQL components via Microsoft Update
4.) run the SfB Call Quality Dashboard installer (you can find more details here)
4a.) Press “Next”
4b.) Select the license and press next
4c.) Accept the default folder and press on “next”
4d.) Make sure all the features are selected, then press next
4e.) Now here comes the tricky part, the QoE Archive Configuration
A.) QoEMetrics SQL Server: SQL Server and instance name where the SfB QoE Metrics database is located. This DB should be created when you install your SfB environment. If you use the default instance from the SQL server here, you can use the hostname.
B.) QoE Archive SQL Server Instance:the The local SQL Server instance name for where the Archive DB is to be created. Leave this field blank for the default SQL instance installed on the current server.
C.) QoE Archive Database: as we will start with a new DB, keep that on “Create new database”
D.) Database File Directory: location where the new database files are to be created. Recommended a separate disk volume, so change the folder to “D” instead “C”
E.) Use Multiple Partitions: ‘Multiple partition’ requires Business Intelligence edition or Enterprise edition of SQL Server. ‘Single Partition’ only requires for a Standard edition (but cube processing performance may be impacted) which must be selected here.
F.) SQL Agent Job User: AD User Name & Password which is used to connect to the QoEmetrics database and replicate the QoEArchive
After that press on “next”
4f.) the next is the “Cube Configuration”
A.) QoE Archive SQL Server Instance: SQL Server instance name for where the QoE Archive DB is located. To specify a default SQL Server instance on the current server, leave this field blank.
B.) Cube Analysis Server: SQL Server Analysis Service instance name for where the cube is to be created. This can be a different machine but for this howto we need to enter the FQDN from our sfbcdq01 here.
C.) Partition: ‘Multiple partition’ requires Business Intelligence edition or Enterprise edition of SQL Server. ‘Single Partition’ only requires for a Standard edition (but cube processing performance may be impacted) which must be selected here.
D.) Cube user: A Domain service account name and password (masked) that will trigger the cube processing. If QoE Archive component was selected for the install, this field will be pre-populated with the value provided on the Archive Configuration page for the SQL Agent Job User. Microsoft recommend to specifying a different domain service account so that Setup can grant the least required privilege to it here, but we will not change that and use the same account as a step before.
After that press on “next”
4g.) Next step is the “Portal Configuration”
A.) QoE Archive SQL Server: SQL Server instance name for where the QoE Archive database is located. Note that unlike the QoE Archive Configuration page and the Cube Configuration page, the machine name is not fixed and must be provided. If QoE Archive component was selected for the install, this field will be pre-populated with the value provided on the QoE Archive Configuration page.
B.) Cube Analysis Server: SQL Server Analysis Service instance name for where the cube is located. If Cube component was selected for the install, this field will be pre-populated with the value provided on the Cube Configuration page.
C.) Repository SQL Server: SQL Server instance name where the Repository database is to be created. If the SQL Server instance name for where the QoE Archive database is located has been provided earlier in the setup (in other components), this field will be pre-populated with the QoE Archive DB SQL Server instance name. This can be any SQL Server instance.
D.) Repository Database: By default the option is set to “Create new database”. Since Repository DB upgrade is not supported, the only circumstance under which the “Use existing database” option can be used is if the existing Repository DB has the same schema as the build to be installed.
E.) IIS App Pool User: An AD User Name & Password which is the account that the IIS application pool should execute under. We use the 2nd AD account here.
4h.) Press “Install”
4i.) Press “Finish” to close the installer.
5.) Now add a https binding to the server and assign an SSL certificate to it. For security reasons you can now also remove the http binding
6.) Configure the authorization (as written here)
6a.) Create a local group on the server called “CQDPortalUsers”. You can use the GUI or use powershell:
$cn = [ADSI]”WinNT://$env:computername”
$group = $cn.Create(“Group”,”CQDPortalUsers”)
$group.setinfo()
$group.description = “Allow access to the SfB CQD Portal”
$group.SetInfo()
6b.) Now add the users (e.g. AD user) you need to the local AD group
6c.) Now go to the authorization rule (Root Level) inside the IIS Manager
6d.) Modified the default Authorization rule and add the CQDPortalUsers group we created before.
7.) Configuring File Access
According to the Microsoft Technet, the next step is to configure the dashboard of the CQD. After users are authenticated by IIS, they will have to have file permissions on the CQD directory in order to access the web portal content. It is possible to change the ACLs through the security tab of the CQD directory properties to add individual users or groups; however the recommended approach is to leave the file permissions untouched. Instead, change the IIS setting to use the IIS worker process to access the CQD directory no matter which user is authenticated.
7a.) Make sure you select “CQD” under the “Default Web Site” then click on the configuration editor icon
7b.) Under Section, choose system.webServer/serverRuntime.
7c.) Change the “authenticatedUserOverrride” to “UseWorkerProcessUser” after that press on “Apply”
8.) At this point the CDQ portal is configured and should work. You can visit the following URL “https://<YourServer>/CQD/#/Health” to check for any issues and when the latest import took place.To access the portal simply browse the URL “https://<YourServer>/CQD”. Check then here on how to create some reports.
If you wish to troubleshoot something you can configure the debug mode in the QoEDataService/Web.config as written here.
9.) Cleanup:
As the accounts we use have administrator access you might wish to finetune that and lower the needed rights for security purpose.
10.) Post-install
Follow the Post-install tasks here now. For more infos how to use the DashBoard, check the Microsoft Website here.
11.) Optional: