The ultimate monitoring strategy for ISA Server 2004 involves the use of the Microsoft Operations Manager (MOM) 2005 product. MOM 2005 offers an unprecedented level of proactive management and monitoring capabilities that enable administrators to react to problems and recover from them more quickly. An understanding of ISA monitoring concepts is not complete without an understanding of how MOM 2005 can fit into the over ISA monitoring strategy.
Taking a Close Look at Microsoft Operations Manager (MOM)
MOM 2005 is the latest version of Microsoft's enterprise monitoring product. Previously owned by NetIQ and then sold to Microsoft, the product has evolved from the MOM 2000 version to the latest, most capable 2005 version.
MOM provides for several major pieces of functionality as follows:
Event log consolidation MOM Agents, deployed on managed systems, forward all event log information to a central MOM SQL Server database, which is managed and groomed by MOM. This data is used for reporting, auditing, and monitoring of the specific events.
Advanced alerting capabilities MOM provides advanced alerting functionality by enabling email alerts, paging, and functional alerting roles to be defined.
Performance Monitoring MOM collects performance statistics that can let an administrator know whether a server is being overloaded or is close to running out of disk space, among other things.
Built-in application-specific intelligence MOM Management Packs are packages of information about a particular application or service, such as DNS, DHCP, Exchange Server, or ISA Server. The Microsoft management packs are written by the design teams for each individual product, and they are loaded with the intelligence and information necessary to properly troubleshoot and identify problems. For example, the ISA Server 2004 Management Pack knows that Event ID 11005 is a VPN configuration error, and it specifically directs an administrator to the proper location on the web where Microsoft Knowledge Base articles can be used for trouble shooting.
MOM architecture can be complex, but often is as simple as a SQL database running on a server, with another server providing the management server functions of MOM. This type of server is also known as a DCAM server.
Downloading and Extracting the ISA Server 2004 Management Pack for MOM 2005
As previously mentioned, Management Packs contain intelligence about specific applications and services and include troubleshooting information specific to those services.
Shortly after the release of the Enterprise version of ISA Server 2004, Microsoft released a MOM Management Pack that covers both the Standard and Enterprise versions of both ISA 2000 and ISA Server 2004. This Management Pack is highly recommended for MOM environments.
To install ISA Server 2004 Management Pack on the MOM DCAM server, first download it from the Microsoft ISA Downloads page at the following URL:
To install the Management Pack on the MOM DCAM, do the following:
Double-click on the downloaded executable, typically named "Microsoft Internet Security and Acceleration Server MOM 2005 MP.EXE."
At the welcome dialog box, click Next to continue.
Select I Accept the Terms in the License Agreement and click Next to continue.
Select a location to which to extract the Management Pack, such as what is shown in Figure 19.19, and then click the Extract button.
Figure 19.19. Extracting the ISA MOM Management Pack.
Click Finish to complete the process.
Importing the Management Pack AKM File into MOM
After it is extracted, the following steps can be taken to upload the Management Pack AKM file directly into the MOM Administrator Console:
From the MOM Server, open the MOM Administrator Console (Start, All Programs, Microsoft Operations Manager 2004, Administrator Console).
Navigate to the Management Packs node.
Click the Import/Export Management Packs link, as shown in Figure 19.20.
Figure 19.20. Beginning the ISA MOM Management Pack Import process.
At the welcome dialog box, click Next to continue.
From the Import or Export Management Packs dialog box, select to Import Management Packs and/or reports and click Next to continue.
From the subsequent dialog box, type in the folder (or click Browse to locate it) where the files from the previous steps were extracted, select to import Management Packs only, and click Next to continue.
From the Select Management Packs dialog box, shown in Figure 19.21, select the Microsoft ISA 2000-2004 Server MOM 2005 MP.akm from the list and check the radio button to Replace Existing Management Pack. Uncheck the button to back up the existing Management Pack because there isn't one installed. Click Next to continue.
Figure 19.21. Importing the ISA MOM Management Pack.
After the import has completed, click Close.
Configuring MOM Settings
Because ISA is a firewall, it is very picky about what type of traffic it allows. For this reason, it is best to perform a manual install of the MOM agent on the ISA Server. Before this can be done, the MOM global settings need to be modified to allow for manual agent installations. To do so, perform the following steps:
From the MOM Administrator Console, navigate to Administration, Global Settings.
Double-click on Management Servers.
Select the Agent Install tab.
Uncheck the box labeled Reject New Manual Agent Installations, as shown in Figure 19.22.
Figure 19.22. Configuring MOM Agent settings for ISA.
Configuring MOM Global Settings for NonDomain Member ISA Servers
For ISA Servers that are not domain members, there is an additional step that must be undertaken before the MOM agent can be installed successfully. In this scenario, do the following:
Perform these steps only if the ISA Server is not a domain member. They downgrade the client/server security in the MOM environment.
From the Global Settings node in the MOM Admin Console, double-click on the Security tab.
On the Security tab, shown in Figure 19.23, uncheck the box for Mutual Authentication Required.
Figure 19.23. Configuring MOM Security Settings for ISA.
When prompted with the warning about turning off mutual authentication, click OK.
Restart the MOM Service on all DCAM servers.
Configuring ISA to Allow MOM Communications
Before the manual agent can be installed on the MOM Server, the MOM protocol must be defined and then opened for access by the ISA Server itself to the MOM Server.
If ISA is deployed in the DMZ of a packet-filter firewall, this same port needs to be opened on the packet-filter firewall as well.
To set up this protocol and rule, follow these steps:
From the ISA Server Management Console, click on the Firewall Policy node in the console tree.
Click the Create New Access Rule link in the Tasks tab of the Tasks pane.
Enter a descriptive name for the rule, such as MOM Agent Access Rule, and click Next.
Under Rule Action, select Allows and click Next.
Under Protocols, use the drop-down box and select Select Protocols.
Click the Add button.
Click New, Protocol.
Enter MOM for the name of the protocol and click Next.
Click New under the Primary Connection Information dialog box.
Under protocol type, select TCP, choose Direction Outbound, and choose port range of 1270 to 1270, as shown in Figure 19.24. Click OK.
Figure 19.24. Adding a definition for the MOM protocol.
Click New again.
Enter UDP for the Protocol Type, Send Receive for the Direction, and a Port Range of 1270 to 1270. Click OK.
Click Next to continue.
At Secondary Connections, select No and click Next.
In the Protocols dialog box, under User-Defined, select MOM and click Add and Close.
Click Next to continue after the MOM protocol has been added to the Access Rule Wizard.
Under the Access Rule Sources dialog box, click Add.
Under Networks, select Local Host and click Add and Close.
Click Next to continue.
Under the Access Rule Destinations dialog box, click the Add button.
Click New, Computer.
Enter MOM (or similar name) in the Name column, the IP address of the MOM DCAM Server, and a description if necessary, as shown in Figure 19.25, and click OK.
Figure 19.25. Adding the MOM Server to the MOM Agent Access Rule.
Under Computers, select MOM and click Add and Close.
Click Next, Next, Finish.
Click Apply and then click OK to save the rule.
Installing the MOM Agent on the ISA Server
After all prerequisites have been satisfied, the actual MOM Agent installation on the ISA Server can begin. To start the process, do the following:
From the MOM 2005 CD (or a network location), double-click on the \i386\ MOMAgent.msi file.
At the Welcome screen, click Next to continue.
At the Destination Folder dialog box, click Next to continue.
Enter the Management Group Name and Management Server name; they are listed in the MOM environment. Leave the port unchanged at 1270 and the Agent Control Level at None, as shown in Figure 19.26. Click Next to continue.
Figure 19.26. Manually installing the MOM Agent.
Select Local System as the MOM Agent Action Account and click Next to continue.
Under Active Directory Configuration, select Yes if the ISA Server is a domain member, or select No if it is not a domain member. Click Next to continue.
After installation, it may be necessary to wait a few minutes before processing the agent installation. After waiting, do the following to process the pending installation request:
From the MOM Administrator Console, Expand Administration, Computers, Pending Actions.
Look for the Manual Agent Install Request from the ISA Server, right-click it, and choose Approve Manual Agent Installation Now, as shown in Figure 19.27.
Figure 19.27. Approving the MOM Agent install.
Click Yes to confirm.
Monitoring ISA Functionality and Performance with MOM
After the Management Pack is installed for ISA and the agent has been installed and is communicating, MOM consolidates and reacts to every event and performance counter sent to it from the ISA Server. This information is reflected in the MOM Operations Console, as shown in Figure 19.28.
Figure 19.28. Viewing ISA alerts.
Performance data for ISA, such as what is shown in Figure 19.29, can also be displayed in MOM. This allows reports and performance metrics to be obtained from ISA.
Figure 19.29. Viewing Server Performance in MOM.
For more information on MOM 2005, see the Microsoft website at the following URL:
Monitoring ISA with Windows Performance Monitor (Perfmon)
ISA Server 2004 comes with several predefined performance counters that take advantage of the Windows Performance Monitor (perfmon) utility. These counters can be useful for checking to see whether an ISA Server is being overwhelmed. To run the Performance Monitor application with pre-configured ISA Counters, simply click Start, All Programs, Microsoft ISA Server, ISA Server Performance Monitor.