Microsoft Operations Manager 2005 Architecture

There are two versions of Microsoft Operations Manager 2005 available: the full version of Microsoft Operations Manager 2005 and Microsoft Operations Manager 2005 Workgroup Edition. Microsoft Operations Manager 2005 Workgroup Edition is suitable for small organizations that need to monitor ten servers or fewer as all components are installed on a single server.

The full version of this product, called Microsoft Operations Manager 2005, is designed for larger organizations, and each of the main components can be separated and scaled across multiple computers, if required, to improve availability. However, administrators who plan to monitor fewer than 200 computers can choose to install all Microsoft Operations Manager 2005 components on a single computer that is appropriately sized and configured.

Microsoft Operations Manager 2005 Components

Microsoft Operations Manager (MOM) 2005 comprises a number of components, which collectively are referred to as a management group. Although additional components are available for certain scenarios, we will examine the following core components of the management group:

• Management Server Used to configure monitoring and store operational data in the Microsoft Operations Manager 2005 database.

• Managed Computers and Agents Computers that are monitored by Microsoft Operations Manager 2005.

  Agents are the applications installed by Microsoft Operations Manager to collect operational data.

• User Interfaces The consoles available to administer and configure Microsoft Operations Manager 2005, and view reports on the status of monitored computers.

• Management Pack A collection of rules that define which information is important to monitor for a specific type of managed computer and how to respond to key events.

Microsoft Operations Manager 2005 Management Server

Microsoft Operations Manager 2005 Management Server collects event logging and performance information that is generated on the managed computers, stores this data in the central Microsoft Operations Manager 2005 database, and then filters and analyzes the data to focus on the most useful details. This data is typically already being generated on the managed computers before Microsoft Operations Manager 2005 is introduced, but you might need to review the audit logging configuration to ensure that the most useful data is being captured, ready for Microsoft Operations Manager 2005 to collect. This information can be collected from a number of existing sources on the managed computers, including the following ones:

• Any Windows Event logs (for example, Application, Security, and System)

• Trace logs

• Setup logs

• Performance counters

• Windows Management Instrumentation (WMI)

The specification defining which information to collect and the location of the required logs is contained within the Management Pack and then downloaded to the agent application that Microsoft Operations Manager 2005 deploys to gather the information.

Managed Computers and Agents

To monitor a computer with MOM, it must be added to MOM's list of managed computers so that operational data can be collected. There are two methods of collecting the log and performance counter information from the managed computers: agent-managed and agentless. Agent-managed computers require a small, generic Microsoft Operations Manager 2005 agent application (around 3 MB in size) to be installed on the managed computer. The agent is then able to contact the management server, download the rules from the Management Pack specified for the managed computer, collect the required performance and event data locally, and send this data back across the network to the management server. The agents and the management server can be configured to communicate securely by using Kerberos for mutual authentication, and to sign and encrypt communications. Because the management server is merely receiving information in this scenario rather than crawling it remotely, the performance impact to the management server per additional managed computer is minimal; each individual management server is able to scale up to a maximum of 2,000 managed computers. However, be aware that the agents are sending data across the network; the more agents deployed and the more detail they are configured to collect, the more your network traffic increases.

Agentless monitoring does not require an installation on the managed computer, but an agent application is still required. However, it is installed onto the management server itself. This introduces an additional performance overhead to the management server because the server-based agents must subsequently crawl the managed computers and collect the information remotely. Microsoft Operations Manager 2005 is supported to host a maximum of only 10 agentless managed computers per management server due to the additional performance hit this introduces.

User Interfaces

There are three types of users who will use Microsoft Operations Manager 2005, and the user interfaces have been designed to cater to each of these groups:

• Administrators, who are responsible for configuring and maintaining Microsoft Operations Manager 2005

• Authors, who create custom Management Packs, manage alerts, change views, identify, diagnose, and fix problems

• Users-such as operators, IT staff, analysts, and managers-who are interested in seeing reports and historical analyses of operational data.

Users can connect to and use the management server from a console-based user interface, which typically will not be running on the management server itself, but on a standard desktop computer elsewhere. There are four main consoles provided, each of which is used to perform different tasks.

Administrator Console

The Administrator Console (shown in Figure 13-9) is a Microsoft Management Console (MMC) interface used by the Administrators and the Authors groups to manage and configure the Microsoft Operations Manager 2005 monitoring environment. These management and configuration tasks include the setup and configuration of management groups; adding and removing computers from management groups; deploying agents to managed computers; importing new Management Packs; and modifying the monitoring rules and criteria. The Information Center windows provide easy access to each of these areas.

Figure 13-9: The Administrator Console

Operator Console

The Operator Console is used by the Administrators and the Operators groups to monitor the health of managed systems, discover solutions, and perform troubleshooting tasks using the range of tools that can be integrated with the console. This is where a lot of the power and the value that Microsoft Operations Manager 2005 delivers can be realized.

In a large organization, the operators might be delegated administrative responsibility for monitoring and maintaining the health of a specific type of server or line-of-business application-for example, the SharePoint server farms. Rather than require them to access the Microsoft Operations Manager 2005 server directly, you can install the Operator Console to the operators' desktops. Additionally, to reduce the amount of training required, the user interface has been designed to look similar to the familiar Microsoft Office applications, such as Microsoft Office Outlook 2003.

To make it as easy as possible for you to discover a solution, the Operator Console usually provides more than one route to follow through the user interface to find information, start a task, or change a configuration. Also, common tasks are usually automated using wizards and step-through dialog boxes to ensure that progress is made toward a goal.

The starting point for operators is to check on the aggregated views of alerts that have been received from the Microsoft Operations Manager 2005 agents on the managed servers, allowing operators to easily monitor the status of individual servers or server groups, as shown in Figure 13-10.

Figure 13-10: Operator Console showing the status of a managed SharePoint Server 2007 server

Any of the alerts can quickly be investigated by double-clicking the alert message in the list. This also displays detailed product knowledge and best practices that describe why the alert was sent, the probable cause if there was a problem, and advice on how to resolve the problem. Figure 13-11 shows an example of alert details concerning a problem with the Search service.

Figure 13-11: Alert details in the Operator Console

A large number of tools and scripts can be built in to the Operator Console Tasks pane, meaning that operators can immediately take action to resolve a problem by running a tool without leaving the console. Company-specific knowledge, tools, and scripts can also be added to tailor the Operator Console to each customer environment. An example of the troubleshooting tools that can be made available in the Tasks pane is shown in Figure 13-12.

Figure 13-12: The Operator Console showing the Tasks pane with an array of troubleshooting tools

Figure 13-13 shows how the Operator Console can automatically generate network topology diagrams based on the live system. These diagrams can assist the operator in understanding the wider environment and the relationships between systems that could affect the managed computers that they are interested in. The diagram in Figure 13-13 shows the topology of the Active Directory servers as an example.

Figure 13-13: Operator Console showing an auto-generated Active Directory topology diagram

Reporting Console

An optional component of Microsoft Operations Manager 2005 is the Reporting Server. This feature requires that SQL Server Reporting Services be available, but the payoff is well worth it, as the range of predefined health and status reports you can generate using this component can represent great value to you in your monitoring efforts. Lists, charts, and graphs can be drawn based on a user-defined date range of historical status and performance data. The Reporting Console (shown in Figure 13-14) is Web-based, which means that the reports can be made available to a much wider audience-including IT staff, analysts, and managers-without needing to install a client to the desktop. The SharePoint Server 2007 Management Packs do not provide any additional SharePoint-specific reports, but existing report templates can be used to report on aspects such as bandwidth utilization and service availability for SharePoint servers and other systems that can affect SharePoint.

Figure 13-14: Reporting Console showing a bandwidth utilization report for a selected date range

Web Console

The core alert-monitoring features available through the Administrator and Operator Consoles can also be made available via a Web browser without installing the full console user interfaces-a nice touch that allows users the ability to use Microsoft Operations Manager 2005 even if they are away from their usual desktop computer. Figure 13-15 shows the Web Console running in Internet Explorer.

Figure 13-15: Web Console

Management Packs

After agents have been installed onto managed computers, a monitoring solution still would not be very useful if it simply collected every available piece of information. The operators would be drowned in data, and the useful information would be difficult to isolate. A MOM Management Pack is a collection of rules and product knowledge that elevates MOM from being an event log repository into an expert system able to deliver insight and analysis. We will examine Management Packs in more detail in the next section.