5.2. ConnectionsSome inter-component communication channels are predefined and nonconfigurable, such as the protocols used for agent management or the connection between the reporting server and the operations database. Other types of communication and connections are configurable for the entire management group, such as the web addresses and the agent/management server TCP port. These global settings are covered in this section. 5.2.1. Web AddressesSince Microsoft IIS is a prerequisite for the installation of MOM 2005, it is no surprise that MOM has several web-based interfaces . These interfaces are the Web console, the Online Product Knowledge Address, and the File Transfer Server, as shown in Figure 5-25. There is also a field for the Online Company Knowledge Address, but this field, like all the fields on this tab, does not need to be configured for MOM 2005 to run satisfactorily. Management pack rules can make use of these default values that are defined at the global level shown in Figure 5-25, or they can override them and use a custom value that is defined on the rule itself. The Web Console Address is automatically populated if you choose to install the Web console. The entries on these tabs are merely text entries that can be used in alerts. Changing any configuration here does not update the actual web sites in IIS or DNS; you still have to do that manually. If you have an online knowledge base or a help desk trouble ticketing system (or anything else with a URL that you want to reference) with web interfaces, you can make that link directly accessible in the Company Knowledge tab in the Details pane of all alerts by entering that URL in the Online Company Knowledge Address field. The file transfer response enables the bidirectional exchange of user-predefined files between an agent-managed computer and a file transfer server. On the file transfer server, you configure a virtual directory in IIS to be used as a location for transferring files. The transfer can occur on demand if it is launched from a task in the Operator console, or it can be triggered by event, alert, or performance rule criteria. The Microsoft Baseline Security Analyzer (MBSA) management pack uses this functionality. It downloads the security profiles file (mssecure.cab) from the web and the agents request a download of the files for use in scanning. The file transfer occurs over HTTP and the overall configuration of file transfer requires that the Background Intelligent Transfer Service (BITS) be installed on the file transfer server, along with IIS 5.0 or higher. Figure 5-25. Specifying the management pack's web addressesThe configuration of the file transfer action is shown in Figure 5-26. Once the MBSA scan of an agent-managed computer has been completed, every MBSA event is collected from the event logs, processed by the management server, and alerts are generated as appropriate. The value that is entered here can be used by all objects that fire a file transfer response. Like most other global settings, this can be overridden at the rule and task level. As shown in Figure 5-26, there are four basic components that make up this configuration:
5.2.2. CommunicationsThe value on the Communications Settings tab of the Global settings is one of the few global settings that cannot be overridden at a lower level, although it can be reconfigured (see the "Manual Agent Deployment" section in Chapter 3). Figure 5-26. An example of the file transfer configuration settings from the MBSA management packThe default configuration is to use TCP port 1270 for all agent/management server communication. All communications over the port defined here are encrypted by default (see Figure 5-27). If a different port needs to be used for security or other reasons after the agents are deployed, make sure you update the existing agents. |