From SAASYAN docs
Jump to: navigation, search

Tempus Deployment Guide

Prerequisites

The following are the requirements for Tempus:

  • Access to the Office 365/Azure AD environment: we will temporarily need admin privileges to be able to define an application under Azure AD
  • Read only access to the AD environment
  • Details about the virtualization platform (we support VMWare vSphere, Microsoft Hyper-V and Linux KVM)
  • Read only access to a database table/view that provides us with one of the following datasets from the school management system. This is more of a bespoke integration piece that may require some of your DBA’s time

Dataset Type A – Day Cycle Based

Timetable View:
Dataset type a timetable view.png
Cycle View:
Dataset type a cycle view.png

Dataset Type B – Date, Start Time and End Time based Timetable

Dataset type b.png

Once we have the above:

  • We will make the required changes on Azure AD/Office 365
  • We will preconfigure a small virtual appliance and will make it available for you to download and deploy on premise. The collector connects to AD and the database table/view and proxies aggregated calendar info to the Tempus cloud where the actual synchronization takes place

You then need to:

  • Deploy the virtual appliance and check whether it is pingable on your local network
  • Make sure your network is configured to allow the VM outbound internet access on TCP port 443 - it uses this port to establish an SSL encrypted tunnel to the hosted Tempus back end via OpenVPN

LDAP Search Base, Domain Name and Domain Controllers

  • We need the LDAP search base for the AD LDAP lookups. This is used to check group memberships to determine who’s calendar to sync and who can administer Tempus. We support recursive group membership lookups
  • We also need the domain netbios name and the fully qualified name
  • We need the IP / DNS addresses of two domain controllers we can connect to

Required AD Groups

Tempus requires two AD groups which need to be created:

  • Tempus Admins Group (e.g. Tempus_Admins): the members of this group can manage Tempus
  • Tempus Users Group (e.g. Tempus_Users): the members of this group will have their calendars synchronized with their timetables

A 3rd optional AD Group can also be defined:

  • Tempus Excluded Users Group (e.g. Tempus_Excluded): the members of this group won't have their calendars synchronized with their timetables

An admin can set the above 3 parameters through the admin UI

We support recursive group membership lookups so users can be in subgroups within the above groups

Colour coding timetable events

This is done by assigning an Outlook category to the auto-created events. An admin needs to modify the Event Category parameter (through the admin UI) to an Outlook category that exists in the environment – for example Orange category. This will only affect the events that are created after setting this Event Category parameter and it won’t recreate the events that existed before this change

Room booking module/functionality

In order to enable the room booking module, the following prerequisites within AD and Office 365 are required:

  • a mailbox enabled service account which Tempus will use for room resource bookings – this account should have permission to book room resources
  • the rooms need to exist as Exchange room resources in Office 365
  • the names of these rooms resources in Office 365 need to match the names of the rooms in the timetable

Disabling and/or forcing synchronization

  • an admin can set the Disable Timetable-Calendar Sync parameter to No to disable the synchronization as by default Tempus is scheduled to synchronize calendars every hour
  • an admin can set the Force Synchronization parameter to Yes to start the synchronization task immediately instead of waiting for the next scheduled run (every hour)