MOM 2005 includes a variety of features designed to make it easier for administrators to deploy and use the management tools, improved support for management packs and reporting, and features to ensure that the management infrastructure is secure and reliable. We break down the features based on how they're used to support operations management and point out different features including administration, operations, and reporting that are essential to the overall management solution.
The deployment of MOM starts out with the administration and configuration of the management environment. A number of important features enable the administrator to more effectively configure the operations management tools to simplify the operations and monitoring processes. One such feature is Computer Groups. MOM enables you to create groupings for computers by common elements, including geographical location, function of the servers, or other application dependencies. Groups of computers are shown in the view of the MOM Administrator Console in Figure 2-1. From this view you can see all of the settings available to the administrator and gain a quick view of the computers available to manage.
The actual mechanics of the operations management process in MOM are driven by setting up tasks in the operations management console. A task is an action that is executed on the Operator Console against an alert, event, or computer. This type of task is useful to automate user activities that would otherwise be performed by a user. The action that is executed as part of the task is specified in terms of a command line for execution. When a task gets launched, the properties are passed to the command line to ensure the proper execution.
Several tasks can be configured in MOM. For instance, a user might want to use the terminal server client to connect to the computer that raised an alert; the user can create a console task that runs against an alert item. For example, the user could set up a monitor for a given directory to ensure that log files are being updated as expected. As you would expect, the events in those logs that are relevant can be captured in other ways, but a task to ensure that logs are being updated can ensure that issues that may arise in a system will be appropriately logged for diagnostics and root cause analysis.
A number of setup and configuration tasks are supported in the MOM administration console. After your initial installation of MOM, a detail pane in the administration console displays several startup tasks that can be performed rapidly. The first option, Install/Uninstall Agents Wizard, enables you to specify computers or use discovery parameters to add computers to your Management Group.
The Install/Uninstall Agents Wizard can also be launched from several other places in the MOM Administrator Console, including the root Microsoft Operations Manager node in the Navigation pane, the Administration node, and the Computers subnode and all of its children. Through the use of these agents, much of the MOM monitoring activities can be performed.
While agents are core to the architecture of MOM and enabling management, agentless monitoring is also supported. Agentless monitoring is the ability to monitor remote resources in a manner that is similar to how local resources are monitored through providers and responses. If providers that support remote access to resources are used and the responses can execute its logic remotely, then those sets of rules work the same way on both agentless and agent-managed computers. Once identified, MOM starts monitoring the agentless computer as though there were an agent installed on the computer. To enable this kind of access, the MOM account used for this action must have administrative rights on the computers being managed without agents. The console view for adding agentless managed computers is shown in Figure 2-2.
A significant number of functions can be performed through agentless monitoring. Some of the important functions include the following:
Heartbeat: A MOM Management Server pings the agentless computer at intervals specified by the user to ensure that it is available.
Service discovery and status.
Internal service monitoring events.
Event collection: These include timed, Event Log, WMI, internally generated, and script-generated.
There are some limitations to agentless monitoring. This type of monitoring does not support application log providers, and descriptions of event log entries on the agentless machine are not displayed on the MOM Management Server unless it has the same EventLogmessages.dll file as the agentless computer. A workaround is to install the software for which you'd like to receive event log entries on the MOM Server. Here are some considerations for agentless monitoring:
Agentless monitoring does not work through a firewall in typical configurations because agentless network traffic contains remote procedure call (RPC) and Distributed Component Object Model (DCOM) calls.
Not all management packs work in agentless mode. Therefore, it might not make operational sense for your management pack to work without an agent if the bulk of the monitoring scenarios leverage providers that are not supported without an agent. This is especially important when considering third-party management packs.
Another important administration feature in MOM is the use of console scopes. You can use console scopes to define the set of computer groups that appear in the MOM Operator Console for individual MOM 2005 users. The Console Scopes view in the MOM Administrator Console is shown in Figure 2-3. A console scope consists of a set of computer groups and a list of MOM 2005 users that can access those computer groups. Because users can be associated with only one console scope at a time, they can be granted access to only one set of computer groups in the Operator Console. This is not a security feature, but rather a filtering tool to enable users to focus on a specific set of servers while using MOM Operator Console tools. The console scope settings also apply to other SDK-based tools associated with the same account.
The Administrator Console features described previously are important, but most of the action with MOM occurs in the operations console. This is where the day to day monitoring and uses of MOM tools will likely occur. MOM 2005 provides a set of view types for the operations console that are backward compatible to MOM 2000 but provide better usability for MOM users, including administrators and operators. All the views can be authored, imported, and exported. The console makes it simple to switch between views, drill down to details, and launch context-sensitive tasks. The views included are Alters, State, Events, Performance, Computers, and Diagrams. Let's look at each one of these views and how they support the operations management process.
The Alerts view enables the user to view alerts globally, based on filters or by system component where the alert originated. As you can see in Figure 2-4, the alerts can be sorted by a variety of criteria. There are tabs related to the alert and the user can drill down for detailed information. The State view in the Operator Console enables the user to view the state of a particular computer and view areas of problem by installed components. The Event view is similar to the Alerts view, incorporating items from the event log and enabling you to view the alerts associated with particular system events. The Performance view enables you to view the performance counters associated with a particular computer, and then to select the items you wish to see, as shown in Figure 2-5. The results can then be graphed for further analysis. The Computer and Groups view enables you to view alerts by machine and monitored components. The Diagram view provides a view of the servers in your environment and the ability to customize those views based on different criteria.
In addition to the administration and operations tools, MOM provides a data analysis and reporting solution. MOM's data and reporting tools contain some of the following features:
Dynamic reports with drill down, charting, and sorting
Long-term offline storage and data analysis capabilities
Customization of reports through Visual Studio
Support for exporting data to other formats including Excel, PDF, CSV, and others
Folder-and report-based security
Support for interactive and published reports
Scheduled publishing and delivery based on report type or content changes
Several predefined reports are provided with the MOM 2005 management pack. These reports are organized by three categories, including Microsoft Operations Manager reports, Operational Data Reporting, and Operational Health Analysis. A view of the MOM reporting tool deployed through SQL Server Reporting Services is shown in Figure 2-6. These reports enable operators to view a wide range of data, from details about the configuration of agents and the performance of the MOM servers all the way to metrics on specific alerts and detail data on the occurrences of specific alerts.
Through the support for the configuration of tasks and rules for alerts in the operations management environment combined with an operations console and extensive reporting capabilities, the MOM environment provides a fully featured solution for managing computers and applications in an IT environment. While these capabilities are important, they need to be coupled with a strategy for desktop computer management, software deployment, and other capabilities such as configuration and release management that help IT administrators to deal with the issues in their environment on a reactive and proactive basis. The solution for these issues requires support for automated software deployment and systems management to enable remediation of issues on a per-computer basis or across a broad set of computers defined by different groupings.