Hyperfish Implementation Guide

Mick Sowl -

 

 Implementation Guide 2019

 

Table of Contents

 

i Legal

SAAS Terms

Privacy Policy

EULA

1   Introduction and Overview

2   Online Implementation

2.1   Online Planning

2.2   Online Deployment 

2.3   Confirming Online Deployment Functionality 

3   Hybrid Implementation

3.1   Hybrid Planning

3.2   Hybrid Deployment

3.3   Confirming Hybrid Deployment Functionality

4   Moving to Pilot and Run Modes

  

 

i   Legal

 

SAAS Terms

By accessing or using Hyperfish, you agree to be bound by certain terms and conditions:

https://hyperfish.blob.core.windows.net/web/580eaa3bbacb6c54019729da_saas.pdf 

Privacy Policy

There are several US federal laws that protect personal privacy in electronic communications. The Hyperfish Privacy Policy informs you of Hyperfish policies regarding the collection, use, and disclosure of Personal Information when you use the Service. These policies are articulated here:

https://www.hyperfish.com/legal/privacy 

EULA

The Hyperfish End-user License Agreement can be found here:

https://hyperfish.blob.core.windows.net/web/580eaa3bbacb6c54019729da_eula.pdf 

 

1   Introduction and Overview

Hyperfish enables organizations to automatically identify and populate missing information in directories, quickly and easily. Utilizing next generation technologies, Hyperfish automates the process of keeping Active Directory and Office 365 Profile [a]Information fresh and relevant. Using Hyperfish, organizations can be more effective by saving time, reducing IT Support overhead, and improving the speed of business communications.

In online deployments, Hyperfish connects directly to Azure Active Directory to scan for the quality of user profile information.

For any implementation scenario utilizing an on-premises Active Directory system (on-premises or hybrid), Hyperfish scans for the absence of user profile information using a locally installed agent (hereinafter referred to as the Hyperfish Agent).

This implementation guide is intended to be an instruction set for systems administrators to implement Hyperfish and install the necessary components successfully.

 

2   Online Implementation

The following section pertains to online-only deployment scenarios. Use the following steps to implement Hyperfish if the target Active Directory instance exists solely in Azure Active Directory.

2.1   Online Planning

For online deployments, you will need Office 365 credentials designated to become the initial Hyperfish administrator account as well as an Office 365 account with Global Administrator privileges.

The initial Hyperfish administrator can be any account in your Office 365 tenant. This account does not require any Office 365 administrative privileges, and can be your day-to-day account.

2.2   Online Deployment

Step 1: Open a web browser

  • Use the licensing link provided by Hyperfish to sign-in to the Hyperfish web application for the first time

Step 2: Choose your implementation method

  • You will be given three experience options -- select ‘Analyze.’
  • Select the ‘Cloud Only’ option for your Active Directory location.
  • Click the ‘Accept’ button to grant Hyperfish permissions to the directory.      

Step 3: Confirm Active Directory instance

  • If the directory instance is correct, click ‘Yes, Let’s Go!’ and ‘Continue.’
  • Click ‘Go to Dashboard’ to start the scan and view your dashboard.

You are now ready to start an analysis of your Active Directory using Hyperfish.

 

2.3   Confirming Online Deployment Functionality

Navigate to Settings -> General 

  • Review and verify connection details for your online Azure AD instance from the ‘Directory Details’ section
  • Click the time under ‘Daily Full Scan’ to set the next run time
  • Click ‘SAVE’
  • Navigate back to the Home screen using the navigation menu on the left

Once the scheduled analysis has completed, the page will display a summary of the collected results.

After reviewing the results, designate some administrators to approve changes and gather a list of users that you would like to participate in Pilot mode.

 

3   Hybrid Implementation

3.1   Hybrid Planning

For Hybrid deployments, you will need your Office 365 account credentials along with the on-premises requirements. The Office 365 account will be the designated initial Hyperfish administrator and does not require any administrative permissions.

Prepare the following on-premises requirements for your hybrid deployment:

Step 1: Choosing an Agent Host

Choose a domain-joined machine to host the local Hyperfish Agent. This machine should meet or exceed the following requirements:

  • Supported Operating Systems: Windows Server 2012 R2 or above
  • Microsoft .NET Framework 4.5.2 (The installer will prompt to install if not currently installed)
  • Processor: 2 GHz
  • Memory: 4 GB

Step 2: Choosing a service account  

Choose or create a service account to run the Hyperfish service.

The service account needs read/write permissions to Active Directory. Hyperfish encourages a least-privilege approach, granting granular permissions for the Active Directory object that you would like the account to modify.

 To delegate permissions for the service account:

  • Right click on the AD container and select ‘Delegate Control’:

cid:image005.png@01D22B8E.2537A5C0

 

  • Select your designated Hyperfish service account:

cid:image007.png@01D22B8E.2537A5C0

 

cid:image009.png@01D22B8E.2537A5C0

 

  • Choose ‘create a custom task’:

cid:image011.png@01D22B8E.2537A5C0

 

  • Select to Delegate control of ‘Only the following objects…’ and select ‘User objects’:

cid:image013.png@01D22B8E.2537A5C0

  • Select the following general permissions, then Click ‘Next’ and then ‘Finish’:

  • Read and write phone and mail options
  • Read and write general information
  • Read and write personal information
  • Read and write public information
  • Read and write web information

Step 3: Open Required Outbound Ports

The following outbound ports are required:

  • 443 - HTTPS for API calls -- used to authenticate the installation, check licenses, download configuration from our cloud service.
  • 5671 - AMQPS (TLS) for the Hyperfish queue service

 

3.2   Hybrid Deployment

Use the following steps to implement Hyperfish if your organization has a hybrid configuration where both on-premises Active Directory and Azure Active Directory are used.

 

Step 1: Open a web browser 

  • Use the licensing link provided by Hyperfish to sign-in to the Hyperfish web application for the first time. This link can only be used once.

 

Step 2: Choose your implementation method

  • Select ‘Analyze’ as your initial experience option (this is the only one available)
  • Select the ‘Hybrid’ option for your Active Directory location

 

Step 3: Download the Hyperfish Agent

  • Copy the ten-character registration code from the page
  • Click ‘Download’ to download the installer for the Hyperfish Agent
  • Re-locate the installer to the server specified during the planning section of this guide

 

Step 4: Install the Hyperfish Agent 

  • Right-click the Agent installer and select ‘Run as Administrator’ and click ‘Next’
  • Enter the ten-character code shown on the Hyperfish web application and click ‘Next’
  • Specify a location to install the Hyperfish application
  • Review the terms and conditions; check the box to agree and click ‘Next.’
  • Click ‘Install’ to start the installation process.
  • When the installation is complete, click ‘Finish.’

 

Step 5: Configure the Hyperfish service

  • From the host machine’s start menu or run dialog, type “services.msc”
  • Open the Microsoft Windows Services console
  • Right-click the Hyperfish service and select ‘Properties’ from the context menu
  • From the ‘Log On’ tab, select the ‘This Account’
  • Enter the login credentials for the service account specified during the planning section
  • Click ‘Apply’ and ‘OK’, then Start the Hyperfish Service

 

Step 6: Finish configuration from the web application

  •  The Hyperfish web application should progress to the analysis stage
  • Review the default settings summary; Click ‘Continue’
  • Click ‘Go to Dashboard’ to start the scan and view your dashboard

 

You are now ready to start an analysis of your Active Directory using Hyperfish.

 

3.3   Confirming Hybrid Deployment Functionality

Confirm the functionality of Hyperfish by completing your first directory analysis:

Navigate to Settings -> General 

  • Review and verify connection details for your on-premises AD instance from the ‘Directory Details’ section
  • Set the ‘Daily Full Scan’ time to the time you wish for Hyperfish daily audits to run
  • Click ‘SAVE’
  • Navigate back to the Home screen using the navigation menu on the left

 

Once the scheduled analysis has completed, the page will display a summary of the collected results.

After reviewing the results, designate some administrators to approve changes and gather a list of users that you would like to participate in Pilot mode.


4   Moving to Pilot and Run Modes

Step 1:   Add Pilot Participants, additional Administrators, and Approvers

  • Add pilot participants by navigating to Settings -> General, and expanding the ‘Pilot Participants’ section under ‘Hyperfish Mode’
  • Add additional administrators in the Hyperfish Administrators section in Settings -> General
  • Add Hyperfish approvers in the ‘Approvers’ section in Settings -> Approval

Step 2: Navigate to Settings -> Hyperbot

  • By default, Hyperbot should be toggled to ‘On’
  • Set the Hyperbot name and email address (Note: changing the address may result in Hyperbot emails being filtered by your email settings)
  • Set the ‘Personality’ slider from ‘Relaxed,’ ‘Standard,’ or ‘Formal,’ to best fit your company culture. Optionally, configure the language in your email templates in the ‘Email Templates’ section.
  • Use the ‘Tenacity’ options to set the number of attempts and frequency at which you would like users to hear from Hyperbot.
  • Add email addresses that should never hear from Hyperbot to the ‘do not disturb’ list
  • Click the ‘SAVE’ button

Step 3:  Navigate to Settings -> Attributes 

  • Edit Directory Attributes
  • Set attributes you want to be required as ‘Must Contain a Value’.  Users will be notified if a required field set to ‘Hyperbot and Editable’.
  • Set fields to ‘Editable’ if you want users to be able to edit a field, but do not want Hyperbot to send notifications about it.
  • Set fields to ‘Read Only’ if you don’t want to allow users to edit those fields (job title is a common example).[b]

Step 4:  Navigate to Settings -> Approval

  • Set any fields you do not want approvals on for by toggling Auto Approve ‘on’ for that property
  • Use the ‘Timing’ settings to adjust how soon approvers should be notified of pending changes
  • Click the ‘SAVE’ button

Step 5:  Navigate to Settings -> General

  • Set the slider to Pilot mode
  • Click the ‘SAVE’ button

While in Pilot mode, consider any configuration changes that may need to be made. After the pilot program has been deemed successful, navigate to Settings -> General and move the mode slider to ‘Run’.

 

If you have any questions or comments about this Implementation Guide, please reach out to Support@hyperfish.com for assistance.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.