Manage Learn to apply best practices and optimize your operations.

Operations Manager 2007 R2: Using alerts, running reports

Operations Manager 2007 R2 alert tuning can be a nuisance, but this chapter excerpt explains the best practices and how to schedule maintenance reports.

Solutions provider takeaway: Take a look at the best practices this chapter excerpt offers on Operations Manager 2007 R2 alert tuning, such as alert severity and alert priority. You will also find out the best practices for generating maintenance reports, including the Most Common Alerts report, and the steps to schedule a report for email delivery.

About the book:
This chapter excerpt on Integrating System Center Operations Manager 2007 R2 with Windows Server 2008 R2 (download PDF) is taken from the book Windows Server 2008 R2 Unleashed. Solutions providers can use this book to learn about Windows Server 2008 R2 migration, administration, deployment and troubleshooting. This book also provides information on management and security tools and features, such as Hyper-V's Live Migration.

Using Operations Manager 2007 R2

After Operations Manager 2007 R2 has been installed and configured, ongoing work needs to be done to ensure that the product performs as expected. The two primary activities are to, first, tune the management packs to ensure that alerts are valid for the environment and that alert noise is reduced and, second, produce reports of the information that Operations Manager 2007 R2 is collecting.

Alert Tuning

After deploying Operations Manager 2007 R2, there are frequently complaints about the number of alert notifications that get generated. This can cause organizations to decommission the product, ignore the emails, or generally complain about what a bad product it is. In reality, the Operations Manager alert notifications just need to be tuned.

The following process will help you tune the management packs quickly and effectively to reduce alert and email noise. This is done by adjusting parameters on the rules (Enable/Disable, Severity, and Priority) using overrides.

Alert Severity is the first parameter to be tuned. There are three levels:

  • Critical (2)
  • Warning (1)
  • Information (0)

The numeric value of the severity is given as well, as some rules and monitors will show the severity as a value rather than as text.

Alert Priority is the second parameter to be tuned. There are three levels of priority as well:

  • High
  • Medium
  • Low

These tuning procedures assume that the notification subscriptions were created that were outlined in the "Notifications and Subscriptions" section earlier in the chapter. These notification subscriptions are as follows:

  • Notification for All Critical Severity High-Priority Alerts
  • Notification for All Critical Severity Medium-Priority Alerts

When you get an email from an alert that you don't want, you need to tune the management pack monitor or rule. The basic decision tree is as follows:

  1. Disable the Alert? If yes, create an override to disable the rule for either the instance of the object, the class of objects, or a group of the objects. This prevents the alert from being generated, so no console alerts and definitely no emails are generated. This would be done if the alert does not reflect a real problem.
  2. Change Severity? If yes, create an override to change the alert severity to Warning. This keeps the alert in the console as a warning, but does not generate an email. This would be done if the alert is real, but is not actionable.
  3. Change Priority? If yes, create an override to change the alert priority to low. This keeps the alert as a critical alert, but prevents an email from being generated. This would be done if the alert is real, but is not resolvable in the immediate future.
  4. Change Threshold? For performance-based alerts, there is the option to change the trigger threshold to a different value. This would be done if the problem is real and actionable, but the alert is firing too soon.

These options can be taken for all objects of the target class, for just the specific instance that generated the alert, or for a group. The group would have to be created in advance and would have to contain objects of the type targeted by the monitor or rule generating the alert.

For example, let's say there is an Application of Group Policy critical alert that is occurring frequently in the environment. It is occurring on a number of Windows Server 2008 R2 servers and is generating a lot of email notifications. This alert is valid, but does not require immediate action. The alert needs to be tuned to change the severity from critical to warning. The steps to tune the alert are as follows:

  1. Open the Operations Manager 2007 R2 console.
  2. Select the Monitoring space.
  3. Select the Active Alerts view.
  4. Locate and select the Application of Group Policy alert that is to be tuned.
  5. Right-click the alert and select Overrides, Override the Monitor, and For All Objects of Class: Group Policy 2008 Runtime. This overrides the alert for all objects of that class.
  6. Note:
    The alert is to be tuned for all objects, rather than any specific instances. If the alert is to be tuned for the specific instance that raised the alert, the For the Object option should be chosen. If it is a group of the objects, the For a Group option should be chosen. The group would have to be precreated and be a group of the target objects.

  7. Check the Override box next to Alert Severity and set the value to Warning.
  8. In the Select Destination Management Pack pull-down menu, select the appropriate override management pack. If none exists, create a new override management pack named "Group Policy MP Overrides" by clicking New.
  9. Note:
    Never use the Default Management Pack for overrides. Always create an override management pack that corresponds to each imported management pack.

  10. Click OK to save the override.

Now the next time the monitor triggers an alert, it will be of warning severity and will not generate a notification email. However, the alert can still be reviewed in the console.

This approach to tuning will address 90% of the noisy alerts that you get. To target the noisiest alerts, see the report Most Common Alerts in the next section. This helps identify the alerts that are responsible for the most noise. You'll frequently find that 50% of your alerts are coming from less than five rules or monitors. Tuning those will give you the most bang for your buck.

Scheduling Reports

The Operations Manager 2007 R2 infrastructure collects many Windows Server 2008 R2 data points. This information can be presented in reports, which can be generated ad hoc or scheduled. The scheduling option is very useful, as it reduces the need to actively open the console and instead the reports are delivered via email.

Performance Reports

When managing a number of agents, it can be difficult to pinpoint the problem systems. For example, which systems are the most heavily utilized? A report showing a graph of all the resources would be very messy and difficult to read even in a medium-sized organization with a number of servers. Operations Manager 2007 R2 has a set of reports that address this specific concern, the Performance Top Objects and Performance Top Instances. These reports take data from performance collection rules, perform some statistical analysis, and list the top systems.

For example, Figure 23.12 shows the top five systems with the most processor utilization. It is based on the "Processor % Processor Time Total 2008" rule. It shows the top five heaviest processor utilization systems for the previous week.

FIGURE 23.12 Top five processor utilization report.

This report is one of the reports in the Microsoft Generic Report Library and can be used against any performance counter. The report can pick the top (the default) or bottom objects, as well as vary the number of objects to return (the default is five).

The best-practice recommendation is to generate daily reports spanning the previous week for the following rules:

  • Processor % Processor Time Total 2008
  • Page File Percentage Use 2008
  • Memory % Committed Bytes in Use 2008
  • Network Adapter Bytes Total per Second 2008
  • % Logical Disk Free Space 2008

The Performance Top Objects report for each of these rules gives a good overview of the performance issues (or lack thereof) over the collection of all the monitored systems.

These should be delivered on a daily basis in an email or to a share.

To schedule a report for email delivery, use the following steps:

  1. Launch the Operations Manager 2007 R2 console.
  2. Select the Reporting space.
  3. Select the Microsoft Generic Report Library node.
  4. Right-click the Performance Top Objects report and select Open.
  5. In the From field, select Advanced.
  6. Change the Offset to minus and the number of days to 7. Click the green check mark (OK) to save the selections. The From field will show "Today -7 day(s)".
  7. Change both the From and the To times to 12:00 AM.
  8. In the Rule field, click the Browse button.
  9. In the Rule Name field, enter Processor % Processor Time Total 2008 and click the Search button.
  10. In the Available Items pane, select the rule and click OK.
  11. Click Run and confirm that the report looks good.
  12. Select File, Schedule.
  13. In the Description, enter Processor % Processor Time Total 2008 Report.
  14. In the Delivery Method field, select Email.
  15. In the To field, enter the SMTP address of the recipient.
  16. In the Subject field, replace @ReportName with Processor % Processor Time Total 2008 Report. The variable name is unfortunately very long and ugly, so it's best to replace it.
  17. Click Next.
  18. Change the schedule to Daily.
  19. Change the time to be the time that the report should be generated on a daily basis, for example 6:00 a.m. Click Next.
  20. Because the report was generated and all the parameters were selected initially, no parameters need to be changed. This method ensures that the email report will match expectations.
  21. Click Finish to save the scheduled report.
About the authors:

Rand Morimoto has been in the IT industry for more than 25 years and is the president of Convergent Computing, an IT-consulting firm. Morimoto has also co-authored Exchange Server 2010 Unleashed.

Michael Noel is an IT expert and partner at Convergent Computing and co-wrote Microsoft SharePoint 2007 Unleashed.

Chris Amaris cofounded Convergent Computing and serves as the chief technology officer. Amaris has also co-authored Microsoft Exchange Server 2007 Unleashed.

Omar Droubi has been in the computer industry for more than 15 years and has co-authored Windows 2003 Unleashed.

Ross Mistry has spent more than a decade in the computer industry and has also published Microsoft SQL Server 2008 Management and Administration.

The report will now be automatically generated every morning at 6:00 a.m. and delivered via email to the recipients. Additional reports can be created in exactly the same way for the recommended rules and any others that are needed. To review the schedules, go to the Scheduled Reports node in the Reporting space. The schedules can be adjusted as well.

Note:The performance rules are generally specific to each operating system. Thus, the reports are specific to each operating system. The rules in this section reflect Windows Server 2008 and Windows Server 2008 R2 performance data. If there are other operating systems such as Windows Server 2003, additional reports using those rules would need to be created.

OpsMgr 2007 R2 Maintenance Reports

There are also reports on Operations Manager 2007 R2 that should be generated to ensure that the health and performance of the infrastructure is good. The reports to generate are as follows:

  • Most Common Alerts—This report is useful for determining what alerts are the noisiest and might be spamming the Inboxes of notification subscribers. The report shows which alerts are most common and gives additional statistical analysis.
  • Alert Logging Latency—This report is useful for determining the health of the OpsMgr infrastructure, as measured by the time an event occurs on a managed computer to the time an alert is raised. If this is too long (that is, greater than 30 seconds), it indicates that there is a problem.
  • SQL Database Space report—This report shows the database space and growth of SQL databases. This is generated against the OpsMgr databases to monitor the growth.

These reports should be generated on a weekly basis (for example, Monday at 6:00 a.m.) spanning the previous week and be sent to the Operations Manager administrators.

The Most Common Alerts report is based on the management packs that are installed. By default, the report selects all the installed management packs and shows the top five most common alerts. To schedule the Most Common Alerts report, execute the following steps:

  1. Launch the Operations Manager 2007 R2 console.
  2. Select the Reporting space.
  3. Select the Microsoft Generic Report Library node.
  4. Right-click the Most Common Alerts report and select Open.
  5. In the From field, select Advanced.
  6. Change the Offset to minus and the number of days to 7. Click the green check mark (OK) to save the selections. The From field will show "Today -7 day(s)".
  7. Change both the From and the To times to 12:00 AM.
  8. Click Run and confirm that the report looks good.
  9. Select File, Schedule.
  10. In the Description, enter Most Common Alerts Report.
  11. In the Delivery Method field, select Email.
  12. In the To field, enter the SMTP address of the recipient.23
  13. In the Subject field, replace @ReportName with Most Common Alerts Report.
  14. Click Next.
  15. Change the schedule to Weekly and ensure that only Mon is checked.
  16. Change the time to be the time that the report should be generated on a daily basis, for example 6:00 a.m. Click Next.
  17. Because the report was generated and all the parameters were selected initially, no parameters need to be changed. This method ensures that the email report will match expectations.
  18. Click Finish to save the scheduled report.

Figure 23.13 shows an example of the Most Common Alerts report. The most common alert for the previous week was the Disk Transfer Latency Is Too High, with 16.67% of alerts. This alert could be tuned to reduce the volume of alerts or the problem resolved.

FIGURE 23.13 Most Common Alerts report.

The Alert Logging Latency report is based on the objects selected. The report does not include any objects by default, so the objects must be selected. It is a best practice to select the groups of agents, agentless, and agent watchers objects. To schedule the Alert Logging
Latency report, execute the following steps:

  1. Launch the Operations Manager 2007 R2 console.
  2. Select the Reporting space.
  3. Select the Microsoft Generic Report Library node.
  4. Right-click the Alert Logging Latency report and select Open.
  5. In the From field, select Advanced.
  6. Change the Offset to minus and the number of days to 7. Click the green check mark (OK) to save the selections. The From field will show "Today -7 day(s)".
  7. Change both the From and the To times to 12:00 AM.
  8. Click the Add Group button.
  9. In the Group Name field, enter agent and click the Search button.
  10. Select the Agent Managed Computer Group, the Agentless Managed Computer Group, and the Microsoft.SystemCenter.AgentWatchersGroup and click the Add button.
  11. Click OK to save the selections.
  12. Click Run and confirm that the report looks good.
  13. Select File, Schedule.
  14. In the Description, enter Alert Logging Latency Report.
  15. In the Delivery Method field, select Email.
  16. In the To field, enter the SMTP address of the recipient.
  17. In the Subject field, replace @ReportName with Alert Logging Latency Report.
  18. Click Next.
  19. Change the schedule to Weekly and ensure that only Mon is checked.
  20. Change the time to be the time that the report should be generated on a daily basis,for example 6:00 a.m. Click Next.
  21. Because the report was generated and all the parameters were selected initially, no parameters need to be changed. This method ensures that the email report will match expectations.
  22. Click Finish to save the scheduled report.

The Alert Logging Latency report will now generate on a weekly basis and be emailed to the recipients. The report has two pages with lots of statistical analysis of the alert latency.
It is one of the more complicated reports in the OpsMgr library of reports.

Finally, the SQL Database Space report is based on the databases. This report does not have
any objects selected by default, so the Operations Manager database objects will need to
be selected. To schedule the SQL Database Space report, run the following steps:

  1. Launch the Operations Manager 2007 R2 console.
  2. Select the Reporting space.
  3. Select the SQL Server 2008 (Monitoring) node.
  4. Right-click the SQL Database Space report and select Open.23
  5. In the From field, select Advanced.
  6. Change the Offset to minus and the number of days to 7. Click the green check mark (OK) to save the selections. The From field will show "Today -7 day(s)".
  7. Change both the From and the To times to 12:00 AM.
  8. Click the Add Object button.
  9. Note:
    When the Add Object window appears, note that there is a caution triangle with the text "Filter Options Have Been Applied." The objects returned will only be those that match the report criteria, in the case of SQL database objects. This is new to Operations Manager 2007 R2. Before this, all object classes would be returned and it was difficult to ensure that the correct objects were included in the report. Many times, reports would be returned without any data at all due to the incorrect objects being selected. This is a huge improvement in OpsMgr 2007 R2.

  10. In the Object Name field, enter Operations and click the Search button.
  11. Select all the OperationsManager databases and click the Add button.
  12. Click OK to save the selections.
  13. Click Run and confirm that the report looks good.
  14. Select File, Schedule.
  15. In the Description, enter Operations Manager Database Space Report.
  16. In the Delivery Method field, select Email.
  17. In the To field, enter the SMTP address of the recipient.
  18. In the Subject field, replace @ReportName with Operations Manager Database Space Report.
  19. Click Next.
  20. Change the schedule to Weekly and ensure that only Mon is checked.
  21. Change the time to be the time that the report should be generated on a daily basis, for example 6:00 a.m. Click Next.
  22. Because the report was generated and all the parameters were selected initially, no parameters need to be changed. This method ensures that the email report will match expectations.
  23. Click Finish to save the scheduled report.

The SQL Database Space report will be delivered every week on Monday at 6:00 a.m. These three reports help ensure that the Operations Manager 2007 R2 infrastructure is healthy and performing well.

Summary

System Center Operations Manager 2007 is key to managing Windows Server 2008 R2. It can also be used in Windows 2003/2008 or mixed environments to provide for automated monitoring of all vital operating system, application, and network functionality. This type of functionality is instrumental in reducing downtime and getting the most out of a Windows Server 2008 R2 investment. In a nutshell, OpsMgr is an effective way to gain proactive, rather than reactive, control over the entire environment.

Best Practices

The following are best practices from this chapter:

  • Deploy System Center Operations Manager 2007 R2 for monitoring Windows Server 2008 R2.
  • Install the Windows Operating System, Active Directory, DNS, IIS, and Windows Server 2008 R2 management packs into OpsMgr to monitor network systems and applications that Windows Server 2008 R2 depends on.
  • Deploy Operations Manager components on Windows 64-bit and SQL 64-bit for optimal performance.
  • Create override management packs for each application management pack, such as the Windows Server 2008 R2 management pack. Don't use the Default Management Pack.
  • Take future expansion and relevance of hardware into account when sizing servers for OpsMgr deployment.
  • Keep the installation of OpsMgr on a separate server or set of separate dedicated member servers that do not run any other separate applications.
  • Use SQL Server Reporting Services to produce custom reports using OpsMgr's reporting feature.
  • Start with a single management group and add on additional management groups only if they are absolutely necessary.
  • Use a dedicated service account for OpsMgr.
  • Allocate adequate space for the databases depending on the length of time needed to store events and the number of managed systems.
  • Monitor the size of the OpsMgr database to ensure that it does not increase beyond the bounds of acceptable size.
  • Leverage the reporting database to store and report on data over a long period.
  • Modify the grooming interval to aggressively address environmental requirements.
  • When tuning, err on the side of fewer alerts. If nothing will be done about an alert, make sure it doesn't send a notification email.
  • When tuning, use the Most Common Alerts report to see which alerts are the most valuable targets for tuning.
  • Configure OpsMgr to monitor itself.


Integrating System Center Operations Manager 2007 R2 with Windows Server 2008 R2
  Using OpsMgr 2007 R2 to monitor Windows Server 2008 R2
  OpsMgr 2007 R2 hardware, software, security requirements
  OpsMgr 2007 R2 installation steps
  Operations Manager 2007 R2 configuration
  Operations Manager 2007 R2: Using alerts, running reports

Printed with permission from Sams Publishing. Copyright 2010. Windows Server 2008 R2 Unleashed by Rand Morimoto, Michael Noel, Omar Droubi and Ross Mistry. For more information about this title and other similar books, please visit Sams Publishing.

This was last published in May 2010

Dig Deeper on Operating Systems and Software Services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

MicroscopeUK

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchDataManagement

SearchBusinessAnalytics

Close