I ran across a couple of very informative articles today which made me realize the power behind the new off loading data transfer technology (ODX) built right into the Windows Server 2012 operating system. There are many new features and enhancements with the latest release however this technology grabs my attention immediately due to the real world performance benefits that could be realized by simply installing the operating system and ensuring the requirements are satisfied (second link).
http://msdn.microsoft.com/en-us/library/windows/desktop/hh848056(v=vs.85).aspx
http://technet.microsoft.com/en-us/library/jj200627.aspx
Monday, October 15, 2012
Thursday, June 14, 2012
I am very excited about the System Center Operations Manager 2012 management pack development effort I'm about to begin for Hitachi hardware leveraging WS-Management. I plan to post discovery, monitor, and rule examples of how anyone can leverage WS-Management when working with Out of Band devices.
I will provide discovery samples that leverage the native Microsoft.SystemCenter.WSManagement.TimedEnumerateDiscoveryData module seen here http://msdn.microsoft.com/en-us/library/jj130215.aspx. In addition to the discoveries I will also provide an example of the http://msdn.microsoft.com/en-us/library/jj130253 which can be used for rules/monitors.
I will provide discovery samples that leverage the native Microsoft.SystemCenter.WSManagement.TimedEnumerateDiscoveryData module seen here http://msdn.microsoft.com/en-us/library/jj130215.aspx. In addition to the discoveries I will also provide an example of the http://msdn.microsoft.com/en-us/library/jj130253 which can be used for rules/monitors.
Wednesday, April 4, 2012
New Active Directory Management Pack Available
The March 2012 revision of the Monitoring Pack for Active Directory includes the following changes:
- Corrected some Publisher names (for example, changed from PublisherName=KDC to PublisherName=Microsoft-Windows-Kerberos-Key-Distribution-Center)
- Updated rules to generate Alerts and not only go to the Event Viewer
- Removed unnecessary check for Event Source Name for all NTDS rules (for example, removed EventSourceName=”NTDS General”)
- Corrected event parameter validation
- Updated queries to search for correct event IDs
- Fixed spelling errors
- Added missing descriptions to rules
- Fixed problems with Health Monitoring scripts
- Removed user name checks from Userenv rules
Feature Summary
- Replication
- Lightweight Directory Access Protocol (LDAP)
- Domain Controller Locator (DCLocator)
- Trusts
- Net Logon service
- File Replication Service (FRS)
- Intersite Messaging service
- Windows Time service
- Key Distribution Center (KDC)
- Service availability monitoring
- Key performance data collection
- Comprehensive reports, including reports about service availability and service health, plus reports that you can use for capacity planning
Release History
- 3/30/2012 - Updated release, version 6.0.7822.0, with fixes to bugs reported by customers.
- 10/6/2011 - Updated release, version 6.0.7670.0, with fixes to bugs reported by customers and architectural issues to facilitate future Operations Manager's releases
- 11/3/2009 - Updated release, version 6.0.7065.0, with added Windows Server 2008 R2 support
- 11/7/2008 - Initial release for 2000/2003/2008, version 6.0.6452.0
- 03/26/2008 - QFE, version 6.0.6278.10
- 03/17/2008 - QFE, version 6.0.6278.3
- 1/15/2008 - Updated Guide - same version
- 3/23/2007 - Initial Release, version 6.0.5000.0
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21357
New SQL Server Management Packs Available
New features:
- AlwaysOn Monitoring
- Automatically discover and monitor availability groups, availability replicas, and availability databases for hundreds of computers.
- Health roll-up from availability database to availability replicas.
- Detailed knowledge with every critical health state to enable faster resolution to a problem.
- Seamless integration with Policy based management (PBM)
- Auto-discover custom PBM polices targeting AlwaysOn and database components.
- Rollup of health of policy execution within the SQL monitoring pack under extended health.
- Support for Mirroring and Replication Monitoring (only applicable to SQL Server 2008 and 2008 R2 version of management pack)
- Discover mirroring databases, witness, and mirroring group.
- Monitor database mirror state, database mirror witness state, and mirroring partners’ state.
- Custom diagram view to visually represent the primary and the mirrored databases.
- Approximately twenty rules to detect replication events.
- Improved Freespace monitoring with mount point support
Additional features:
- Support for Enterprise, Standard and Express editions of SQL Server 2005, 2008, 2008 R2, and 2012 and 32bit, 64bit and ia64 architectures.
- Support for both simple and complex SQL Server configurations such as clustered installations, multiple instances and 32bit roles running on a 64bit OS. For full details on supported configurations refer to the guide included with the management pack.
- Discovery and monitoring of SQL Server roles such as DB Engine, Reporting Services, Analysis Services, Integrations Services.
- Discovery of SQL Server components such as databases, the SQL Agent and SQL jobs.
- Views covering areas such as database free space, SQL Server related performance, SQL Server related alerts, and lists of the various SQL Server roles and components which are discovered and their related state.
- Discovery and basic monitoring for SQL Server Reporting Services and Integration Services.
- Reports for longer-term analysis of common problem areas related to SQL Server such as SQL Server lock analysis and top deadlocked databases, SQL Server service pack levels across discovered roles, user connection activity. Likewise the generic reports from the Microsoft Generic Report Library can be used against the roles and components discovered by the SQL MPs to review availability and performance across many systems and over longer periods of time.
- Role and component specific tasks which provide access to common tools, triage information, or corrective actions without needing to leave the Operations Console in most cases.
- Monitoring of databases covers database status, database free space, log shipping monitoring for both the source and destination, and transaction log free space.
- Monitoring of key SQL Server related services.
- Monitoring for persistent SPID blocking.
- Monitoring of numerous SQL Server events and performance data points. Alerts bring the issue to your attention and provide knowledge on the impact and possible resolutions.
- A low-privilege configuration for discovery and monitoring that eliminates the need for SQL Server sysadmin, dbo, db_owner, and box admin privileges
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=10631
Monday, April 2, 2012
System Center 2012 Is Now Available Through Volume Licensing Website
I was just checking the volume licensing website and noticed that SC 2012 is now available.
Happy downloading!
https://www.microsoft.com/licensing/servicecenter/home.aspx
Happy downloading!
https://www.microsoft.com/licensing/servicecenter/home.aspx
Monday, December 19, 2011
Network Devices Supported for Discovery By Operations Manager 2012
For those of you who are wondering what network devices are supported and to what extent out of the box by SCOM 2012 Microsoft has published a spreadsheet.
Microsoft System Center Operations Manager 2012 provides the ability to discover and monitor network routers and switches, including the network interfaces and ports on those devices and the virtual LAN (VLAN) that they participate in. Operations Manager can tell you whether network devices are online or offline, and can monitor the ports and interfaces for those devices.
Operations Manager 2012 can monitor network devices that support SNMP, and can provide port monitoring for devices that implement interface MIB (RFC 2863) and MIB-II (RFC 1213) standards.
You can find the list here: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=26831
Microsoft System Center Operations Manager 2012 provides the ability to discover and monitor network routers and switches, including the network interfaces and ports on those devices and the virtual LAN (VLAN) that they participate in. Operations Manager can tell you whether network devices are online or offline, and can monitor the ports and interfaces for those devices.
Operations Manager 2012 can monitor network devices that support SNMP, and can provide port monitoring for devices that implement interface MIB (RFC 2863) and MIB-II (RFC 1213) standards.
You can find the list here: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=26831
Thursday, November 17, 2011
Steps for Deploying SCOM to an Untrusted Domain Using a Gateway
Overview
I recently extended SCOM monitoring to an isolated and untrusted domain for a client. I used a Gateway as a collection point for all of the devices in the untrusted domain and certificates to provide authentication and ultimately communication between the Gateway Server and Management Servers in untrusted and local domain respectively.
I was unable to find a comprehensive guide for performing this task so I thought I would provide a high level set of instructions along with a few tricks to assist those who find themselves in the same position.
Just a quick recap of extending monitoring using a Gateway or to untrusted machines.
SCOM uses Kerberos for authentication by default. As a result, if you plan to monitor machines that are either in another domain or in a workgroup there must be either a full trust in place or certificates used respectively.
The following instructions are for the scenario of deploying SCOM agents to untrusted domain joined machines (domain b). In this scenario, once the Gateway Server (domain b) is trusted by the Management Servers (domain a) through the use of a certificate, the untrusted domain joined machines in domain b will communicate directly with the Gateway Server, funneling all their monitoring information through said server. After following the instructions for this scenario, you will be able to deploy agents to the untrusted domain joined machines (domain b).
If you want to deploy agents to workgroup machines (in this scenario there is no Gateway), you will need to deploy certificates to each of the machines. Once those certificates are deployed, the SCOM agent can be installed, then the momcertimport utility should be executed to tell the agent which certificate to use. You can then restart the healthservice and confirm connectivity through the logs.
Pre-Requisites
I recently extended SCOM monitoring to an isolated and untrusted domain for a client. I used a Gateway as a collection point for all of the devices in the untrusted domain and certificates to provide authentication and ultimately communication between the Gateway Server and Management Servers in untrusted and local domain respectively.
I was unable to find a comprehensive guide for performing this task so I thought I would provide a high level set of instructions along with a few tricks to assist those who find themselves in the same position.
Just a quick recap of extending monitoring using a Gateway or to untrusted machines.
SCOM uses Kerberos for authentication by default. As a result, if you plan to monitor machines that are either in another domain or in a workgroup there must be either a full trust in place or certificates used respectively.
The following instructions are for the scenario of deploying SCOM agents to untrusted domain joined machines (domain b). In this scenario, once the Gateway Server (domain b) is trusted by the Management Servers (domain a) through the use of a certificate, the untrusted domain joined machines in domain b will communicate directly with the Gateway Server, funneling all their monitoring information through said server. After following the instructions for this scenario, you will be able to deploy agents to the untrusted domain joined machines (domain b).
If you want to deploy agents to workgroup machines (in this scenario there is no Gateway), you will need to deploy certificates to each of the machines. Once those certificates are deployed, the SCOM agent can be installed, then the momcertimport utility should be executed to tell the agent which certificate to use. You can then restart the healthservice and confirm connectivity through the logs.
Pre-Requisites
- DNS is functional so name resolution works between the Gateway and Management Servers. If DNS is not an option you can use HOST files. I suggest testing name resolution each direction.
- For Firewalls, open Ports 5723 permanently for SCOM communication and 80/443 temporarily for Web Enrollment with CA. I suggest using a telnet client to perform a telnet over 5723 once name resolution is available and each server has the appropriate SCOM bits installed. (from command prompt: telnet servername 5723).
- I used an Enterprise CA so the steps are created with this in mind. The steps different slightly depending on what is used in your environment. The following links should be used appropriately for such.
- http://technet.microsoft.com/en-us/library/bb735413.aspx - Windows Server 2003 Enterprise CA
- http://technet.microsoft.com/en-us/library/dd362553.aspx - Windows Server 2008 Enterprise CA
- http://technet.microsoft.com/en-us/library/bb735417.aspx - Windows Server 2003 Stand-Alone CA
- http://technet.microsoft.com/en-us/library/dd362655.aspx - Windows Server 2008 Stand-Alone CA
- Only if you use an Enterprise CA, create a certificate template and prepare it for use. (see detailed instructions from appropriate link above. See sections regarding the creation and of the template and adding it to the templates folder)
- Run Gateway Approval Tool
- On a Management Server, copy the Microsoft.EnterpriseManagement.GatewayApprovalTool.exe utility which is stored in the SCOM installation media under the SupportTools directory and the appropriate platform (i.e. AMD64, i386 etc) to the SCOM installation directory.
- Run command prompt as user who has access to write to SCOM database.
- In the command prompt execute the following command, replace the values for the parameters appropriately: microsoft.enterprisemanagement.gatewayapprovaltool.exe /managementservername=ManagementServerName.domainName.com /gatewayname=GatewayServerName.domainName.com /action=create
- Install Gateway bits on Gateway Server in untrusted domain.
- On each Management Server and the Gateway Server Download the Trusted Root (CA) certificate through the Web Enrollment website of your Certificate Authority (see detailed instructions from appropriate link above).
- On each Management Server and the Gateway Server Import the Trusted Root (CA) certificate (see detailed instructions from appropriate link above).
- On each Management Server and Gateway Server create a setup information file for use with the CertReq command-line utility (see detailed instructions from appropriate link above).
- On each Management Server and Gateway Server create a request file (see detailed instructions from appropriate link above).
- On each Management Server and Gateway Server submit a request to the CA (see detailed instructions from appropriate link above).
- On each Management Server and Gateway Server import the certificate into the certificate store (see detailed instructions from appropriate link above).
- On each Management Server and Gateway Server import the certificate into Operations Manager using MOMCertImport.exe (found in the SupportTools directory in the SCOM installation media). In Windows Server 2008 you will need to run the command prompt as administrator otherwise it will fail. Next, restart the System Center Management service on each server once the MOMCertImport has been executed.(see detailed instructions from appropriate link above).
Subscribe to:
Posts (Atom)