Microsoft Operations Manager 2005 Architecture and Deployment Jonathan Whiteman Microsoft Europe, Middle East and Africa Jonathan Whiteman Microsoft Europe, Middle East and Africa
Presentation Overview MOM Overview Architectural Overview Planning a MOM 2005 Deployment Deploying MOM 2005
MOM 2005 Capabilities Stay Aware Be Accountable Identifying your IT health issues before they become problems through built-in application intelligence. Improving the efficiency of your IT operations through actionable best practices. Supporting your IT operations through sharing of key service level and performance information. Effectively Respond
Reporting Web-based management reports Scheduled Publishing Event and performance management Enterprise event collection Rules-based filtering and consolidation Proactive alerting/action response Applications/Role Monitoring Health Model Rules libraries Built-in knowledge-base Enterprise ready Central console Full redundancy ExtensibleMCF MOM 2005 Delivers Automation Scripts Scripts Tasks Tasks Diagnostics Diagnostics
MOM 2005 Key Features Event and Performance Management Enterprise event collection Rules based filtering and consolidation Proactive alerting/action response Application and Service Monitoring Rules libraries Built-in knowledge-base Automation Tasks Scripts Diagnostics Reporting Web based management reports Scheduled publishing Enterprise Ready Central console Topological Views Full redundancy Extensible
MOM Interface Overview Demo
MOM 2005 Architectural Overview
MOM Database
Management Server Web Console Server MOM Connector Framework (MCF) File Transfer Server
Managed Computer Types Agent-managed Computer Agentless Managed Computer Unmanaged Computer
Consoles Administrator/Operator Consoles Web Console Reporting Console
Reporting MOM Data Warehouse SQL Reporting Services Database MOM Reporting Server
Architecture Management Server Reporting Server Agent Agentless MOM Service Server Local Agent Data Access Service SDK Third Party Ticketing/Management System
Simple MOM Deployment
Advanced Features Reporting Web Console Multiple Management Servers
MOM 2005 Deployment Planning
Planning Basics There are three things to plan for Capacity Redundancy Configuration
Planning For Capacity Two dimensions of planning for capacity Breadth - number of managed computers Depth - amount of data being collected Breadth X Depth = Capacity Stay within support limits
Planning For Capacity Support Limits Managed Computers/Management Group = 4,000 Managed Computers/Management Server = 2,000 Management Servers/Management Group = 10 MOM Database Size = 30GB Data Warehouse Size = 1 TB
Planning For Capacity Determining Data Flow There are essentially four types of data Performance Data Events Alerts Attributes/Service Discovery Data There are two dimensions to data Size Relatively fixed Quantity MPs define default quantity but user can adjust
Planning For Capacity Performance Calculations – FOR REFERENCE Performance Data 1 Performance Counter sample = 200 bytes Large quantity 10,000 samples/managed computer/day or 7/min Event 1 Collected Event = 2500 bytes Large quantity 200 events/managed computer/day Alert 1 Alert = 6000 bytes Small quantity 4 alerts/managed computer/day Attributes Small size Small quantity
Planning For Capacity Performance Calculations – EXAMPLE Managed Computers = 2,000 Alerts/day = 2,000 * 4 = 8,000 bytes Data/day = 8,000 * 6,000 = 48,000,000 bytes Events/day = 2,000 * 200 = 400,000 Data/day = 400,000 * 2,500 = 1,000,000,000 Perf/day = 10,000 * 2,000 = 20,000,000 Data/day = 20,000,000 * 200 = 4,000,000,000 Total = 5,048,000,000 bytes ~ 5 GB / day
Planning For Capacity For more advanced capacity planning, see the Performance and Sizing White Paper The details of capacity planning are less relevant if you are managing less than a few hundred servers
Planning For Redundancy Agent Failover 1500 Agents XX 1000 Agents
Planning For Redundancy Multiple Consoles/Servers Install multiple consoles in case one computer goes down Install multiple servers in case one goes down Use Virtual IP Addresses (VIPs) for web sites
Planning For Configuration Firewalls – DETAIL FOR REFERENCE HTTP is supported through firewall Web Server Web Console Reporting Server Reporting Console File Transfer Server Agent MCF MOM channel communication is supported Agent Management Server OLE DB communication is supported Management Server MOM Database MOM Database Data Warehouse Data Warehouse Reporting Server SQL Reporting Services Databases Reporting Server DCOM communication is possible (not recommended) Administrator/Operator Console Management Server RPC communication is not supported Management Server Agentless Managed Computer
Planning For Configuration Firewalls – Additional Configuration MOM Channel 1270 HTTP 1271 (MCF) 1272 (Web Console) Use SSL for encryption/authentication OLE DB 1433, 1434 DCOM (not recommended) Use DCOM port binding Turn off network address translation 135 See whitepaper on Using DCOM with FirewallsUsing DCOM with Firewalls
Planning For Configuration Network Speeds Determining where to put the Management Server depends on 3 factors # Agents/site Network speed between sites # of sites Rules of thumb If # of sites > 10 then use central management servers Large # of Agents per site usually indicates remote management servers
Planning For Configuration Network Speed Formulas – FOR REFERENCE # Agents/SiteNetwork Speed# of Sites Management Server Location SmallHigh Central SmallHighLowCentral SmallLowHighCentral SmallLow Remote LargeHigh Central LargeHighLowRemote LargeLowHighCentral LargeLow Remote
Deploying MOM 2005
Upgrading Versus New Deployment Stand-alone User Interface Database (OnePoint) Management Server (DCAM) Agents Reporting Reporting AKM Files Reports Management Packs Database(OnePoint) Management Server Stand-alone User Interface Agents Reporting Reporting AKM Files Reports Management Packs Upgrade New Install
Visual Upgrade Overview Stand-alone User Interface Database (OnePoint) Management Server (DCAM) Agents Reporting Reporting AKM Files Reports Management Packs
Visual Install Overview Database Management Server User Interface Agents Reporting Reporting AKM Files Reports Management Packs
Installing The Database Database Management Server User Interface AgentsReporting AKM FilesReports Management Packs
Installing The Database Understanding the DAS Account What is the DAS Account? DAS = Data Access Server (COM+ Application) During database setup, the DAS Account is granted database owner rights on the OnePoint database. Used to connect from the DAS to the OnePoint database. What account should I use? If you have a stand-alone database server: A domain account If you have a database/Management Server and don’t plan to deploy any additional Management Servers: Use Local System. Use the same account you used in MOM 2000 SP1 Use the same account for all Management Servers No special privileges are required – setup will allocate the required privileges for you
Install The Management Server Database Management Server User Interface Agents Reporting AKM FilesReports Management Packs
Install The Management Server The MOM Service The MOM service will always run as Local System or Network Service Local System Windows 2000 Windows XP Network Service Windows 2003
Install the Management Server Understanding the Action Account What is the ‘Action Account’ used for? Collect data from providers Run responses Push install/uninstall agents (optionally) Run computer discovery What account should I use? A domain account For automatic agent management use an account which is an administrator on all of the computers you will be managing with that DCAM If you are running custom responses on the management server, the account must have the appropriate permissions to run the responses For more details, see the MOM 2005 Security Guide
MOM Security Groups MOM Users MOM Authors MOM Administrators Best Practice: Create domain groups and add them to local groups on the Management Servers
Install The User Interface Database Management Server User Interface Agents Reporting AKM FilesReports Management Packs
Installing The Agents Database Management Server User Interface Agents Reporting AKM FilesReports Management Packs
Installing Agents Using the right accounts Agent Installation Permissions If the Management Server Action Account is an administrator on the computers you are upgrading agents on, then use it. Otherwise, use a different account which is an administrator. The account credentials will be encrypted and used temporarily and discarded. Agent Action Account Use Local System unless you have a specific reason not to
Installing Agents Agent Action Account Low Maintenance Use Local System Never have to update the password Not the most secure solution Almost all MPs will work with Local System High Security Grant necessary privileges based on which Management Packs will be run on that server. See MP documentation for detailed security requirements for each MP. Use SetActionAccount.exe or Update Agent Settings task to update expired passwords
Installing Reporting Database Management Server User Interface Agents Reporting Reporting AKM FilesReports Management Packs
Reporting is comprised of the following components MOM Operational Database (OnePoint) Reporting Server (SystemCenterReporting) SQL Reporting Services Databases (ReportServer, ReportServerTempDB) SQL Reporting Services Web Site Installing Reporting
Installing Management Packs Database Management Server User Interface Agents Reporting AKM Files Reports Management Packs
Resources Deployment Kit Deployment Guide Supported Configurations Guide Planning Tool Planning Worksheets Newsgroups Microsoft.mom Resource Kit
© Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.