- Scan remote devices for software & hardware inventory
- Import licensing relevant data from
- SQL Server, Exchange, Skype for Business, SharePoint
- Hyper-V, VMware vSphere and vCenter, XenServer
- Office 365
- Snapshot software usage data on XenApp, RemoteApp and other RDS servers
- Import data from 3rd party inventory tools
The Management Point can use pre-existing accounts or a service account dedicated to Sam360 data collection. The account needs certain permissions to enable efficient and successful remote scanning.
Minimum Permissions required for Inventory Scan, SQL Server, Exchange, Skype for Business, SharePoint, Hyper-V & RDS Server usage snapshots
The Sam360 user account should have local administrative privileges on any device it is going to scan i.e. it should be part of the local Administrators group. In a Windows Domain or Forest environment, this can be achieved by adding the user to the ‘Domain Admins’ group. Alternatively, group policy can be used to add a dedicated Sam360 service account to the local admins group of any device to be scanned remotely.
The Management Point communicates with the following Sam360 servers over https (port 443) It may be necessary to add an exception to proxy or firewall white lists for the Management Point user account to enable this communication.
- EMEA Clients (Europe, Middle East & Africa)
- hello1.sam360.com, hello2.sam360.com
- srv1.sam360.com, srv2.sam360.com, srv3.sam360.com, srv4.sam360.com, srv5.sam360.com, srv6.sam360.com
- st.sam360.com
- Americas Clients (North America & South America)
- hello1.us.sam360.com, hello2.us.sam360.com
- srv1.us.sam360.com, srv2.us.sam360.com
- st.sam360.com
- APAC Clients
- hello1.au.sam360.com, hello2.au.sam360.com
- srv1.au.sam360.com, srv2.au.sam360.com, srv3.au.sam360.com, srv4.au.sam360.com, srv5.au.sam360.com, srv6.au.sam360.com
- st.sam360.com
The Sam360 Management Point uses PowerShell scripts to collect inventory, usage and licensing data from various systems including VMware, Office 365, SQL Server etc. Some Management Point Tasks depend on PowerShell Modules which may need to be installed or updated in order for the Task to fully work. The Management Point communicates with the following Microsoft servers during the update process
- www.powershellgallery.com:443
- www.microsoft.com:443
- go.microsoft.com:443
- *.azureedge.net:443
Minimum Permissions required for VMware
The Sam360 Management Point uses the VMware integration PowerShell script from the open source SAM Gold Toolkit to query vSphere hosts and vCenter servers for host and guest information. The script does not make any changes to the VMware environment – it only reads information. As such, the specified user must have at least read only permission on the target server or farm. The easiest way to achieve this is to assign the system default ‘Read Only’ role to the user.
Minimum Permissions required for Microsoft 365
The Sam360 Management Point uses the Microsoft 365 integration PowerShell script from the open source SAM Gold Toolkit to query Microsoft 365 for user, subscription and usage information. The script does not make any changes to the Microsoft 365 environment – it only reads information. This article describes the Microsoft Graph permissions required to enable the integration. The Management Point communicates with the following Microsoft servers during the query process
- login.microsoftonline.com:443
- aadcdn.msauth.net:443
- graph.windows.net:443
- graph.microsoft.com:443
- ps.outlook.com:443
Leave A Comment