Manage Learn to apply best practices and optimize your operations.

Using OpsMgr 2007 R2 to monitor Windows Server 2008 R2

This chapter excerpt offers information on OpsMgr 2007 R2 and Windows Server 2008 R2 monitoring, as well as what's new in OpsMgr R2 and how OpsMgr works.

Solutions provider takeaway: Solutions providers should know how OpsMgr 2007 R2 operates and the best ways to take advantage of its Windows Server 2008 R2 monitoring features. This chapter excerpt offers information on OpsMgr 2007 R2 and Windows Server 2008 R2 monitoring, as well as what's new in OpsMgr R2 and how OpsMgr works.

About the book:
This chapter excerpt on Integrating System Center Operations Manager 2007 R2 with Windows Server 2008 R2 (download PDF) is taken from the book Windows Server 2008 R2 Unleashed. Solutions providers can use this book to learn about Windows Server 2008 R2 migration, administration, deployment and troubleshooting. This book also provides information on management and security tools and features, such as Hyper-V's Live Migration.

System Center Operations Manager (OpsMgr) 2007 R2 provides the best-of-breed approach to monitoring and managing Windows Server 2008 R2 within the environment. OpsMgr helps to identify specific environmental conditions before they evolve into problems through the use of monitoring and alerting components.

OpsMgr provides a timely view of important Windows Server 2008 R2 conditions and intelligently links problems to knowledge provided within the monitoring rules. Critical events and known issues are identified and matched to technical reference articles in the Microsoft Knowledge Base for troubleshooting and quick problem resolution.

The monitoring is accomplished using standard operating system components such as Windows Management Instrumentation (WMI), Windows event logs, and Windows performance counters, along with Windows Server 2008 R2 specific API calls and scripts. OpsMgr-specific components are also designed to perform synthetic transaction and track the health and availability of network services. In addition, OpsMgr provides a reporting feature that allows administrators to track problems and trends occurring on the network. Reports can be generated automatically, providing network administrators, managers, and decision makers with a current and long-term historical view of environmental trends. These reports can be delivered via email or stored on file shares for archive to power web pages.

The following sections focus on defining OpsMgr as a monitoring system for Windows Server 2008 R2. This chapter provides specific analysis of the way OpsMgr operates and presents OpsMgr design best practices, specific to deployment for Windows Server 2008 R2 monitoring.

Windows Server 2008 R2 Monitoring

The Operations Manager 2007 R2 monitoring is organized into management packs (MPs) for ease of installation and versioning. The Operations Manager 2007 R2 includes some of the best management packs for monitoring and maintaining Windows Server 2008 R2.

These include the following:

  • Windows Server Operating System MPs
  • Active Directory Server MPs
  • Windows Cluster Management MPs
  • Microsoft Windows DNS Server MPs
  • Microsoft Windows DHCP Server MPs
  • Microsoft Windows Group Policy MPs
  • Microsoft Windows Hyper-V MPs
  • Windows Server Internet Information Services MPs
  • Windows Server Network Load Balancing MPs
  • Windows Server Print Server MPs
  • Windows Terminal Services MPs

Each of the preceding categories includes several different management packs to support monitoring, discovery, and libraries. These management packs were developed by the product groups and include deep knowledge about the product.

The features of the management packs for the following major systems are as follows:

  • Windows Operating System Management Pack -- Monitors and alerts all the major elements that Windows Server 2008 R2 runs on, including processor, memory, network, disk, and event logs. It gathers performance metrics and alerts on thresh-olds, as well as critical events.
  • Active Directory Management Pack -- Monitors and alerts on Active Directory key metrics, such as replication latency, domain controller response times, and critical events. The management pack generates synthetic transactions to test the response time of the PDC, LDAP, and other domain services.
  • DNS Management Pack -- Monitors and alerts on DNS servers for resolution failures and latency as well as critical events.
  • IIS Management Pack -- Monitors and alerts on IIS services, application pools, performance, and critical events.

On all these elements, administrators can generate Availability reports to ensure that the servers and systems are meeting the service-level agreements (SLAs) set by the organization.

The management pack includes a comprehensive set of reports that are specific to Windows Server 2008 R2. These include reports on performance, availability, events, and even configuration for the various Windows Server 2008 R2 roles. These reports can be generated ad hoc, scheduled for email delivery on a regular basis, or even generated into web pages for portal viewing. Figure 23.1 shows a Performance report for a server. The report shows that processor utilization is low and that memory utilization is steady, with regular skips of activity in the pages per sec, which correspond to available memory dips.

FIGURE 23.1 Sample Performance report.

This kind of summary Performance report is invaluable to reporting on the Windows Server 2008 R2 infrastructure and really ties together the low-level technical monitoring into a high-level view that support personnel can use.

What's New in OpsMgr R2

System Center Operations Manager 2007 R2 was released in the spring of 2009 and includes many new improvements on the previous version, Operations Manager 2007 Service Pack 1. Some of these improvements include the following:

  • Cross-platform support -- This is support for non-Microsoft platforms, such as UNIX and Linux. This allows administrators to have a single-pane view of their entire IT environment in OpsMgr.
  • Integration with System Center Virtual Machine Manager 2008 -- This integrates with the VMM 2008 and allows synergies such as Performance Resource and Optimization (PRO) Tips, which provides virtual machine recommendations based on observed performance and the ability to implement the recommendation at the click of a button.
  • Notifications -- The notification system has been revamped and now sports an Outlook rule style interface. Notifications can be generated for specific alerts and can be sent out as high-priority emails.
  • Overrides view -- Rather than hunt for overrides within all the management packs, OpsMgr R2 has an authoring view that shows all the overrides defined in the system.
  • Improved Management Pack maintenance -- OpsMgr 2007 R2 allows Microsoft management packs to be browsed, downloaded, and imported directly from the console. It even includes versioning and dependency checks, as well as the ability to search from management pack updates.
  • Service-level monitoring -- Applications can be defined from various monitored objects and the service level of the application can be monitored and reported on against defined target SLAs.
  • Better scaling of URL monitoring -- The URL monitor will now scale to thousands of websites without undue performance impact.
  • Improved database performance -- The overall performance of the database and console has been dramatically improved.

These improvements bring the platform to a new level of performance and interoperability, while retaining the look and feel of the original Operations Manager 2007 tool.

Explaining How OpsMgr Works

OpsMgr is a sophisticated monitoring system that effectively allows for large-scale management of mission-critical servers. Organizations with a medium to large investment in Microsoft technologies will find that OpsMgr allows for an unprecedented ability to keep on top of the tens of thousands of event log messages that occur on a daily basis. In its simplest form, OpsMgr performs two functions: processing monitored data and issuing alerts and automatic responses based on that data.

The model-based architecture of OpsMgr presents a fundamental shift in the way a network is monitored. The entire environment can be monitored as groups of hierarchical services with interdependent components. Microsoft, in addition to third-party vendors and a large development community, can leverage the functionality of OpsMgr components through customizable monitoring rules. OpsMgr provides for several major pieces of functionality, as follows:

  • Management packs -- Application-specific monitoring rules are provided within individual files called management packs. For example, Microsoft provides management packs for Windows Server systems, Exchange Server, SQL Server, SharePoint, DNS, DHCP, along with many other Microsoft technologies. Management packs are loaded with the intelligence and information necessary to properly troubleshoot and identify problems. The rules are dynamically applied to agents based on a custom discovery process provided within the management pack. Only applicable rules are applied to each managed server.
  • Event monitoring rules -- Management pack rules can monitor for specific event log data. This is one of the key methods of responding to conditions within the environment.
  • Performance monitoring rules -- Management pack rules can monitor for specific performance counters. This data is used for alerting based on thresholds or archived for trending and capacity planning. A performance graph shown in Figure 23.2 shows Client GC Search Time data for a couple of domain controllers. There was a brief spike in latency at about 11:00 p.m., but the latency is normally less than 0.1.

FIGURE 23.2 Operations Manager 2007 R2 performance charts.

  • State-based monitors -- Management packs contain monitors, which allow for advanced state-based monitoring and aggregated health rollup of services. Monitors also provide self-tuning performance threshold monitoring based on a two- or three-state configuration.
  • Alerting -- OpsMgr provides advanced alerting functionality by enabling email alerts, paging, short message service (SMS), instant messaging (IM), and functional alerting roles to be defined. Alerts are highly customizable, with the ability to define alert rules for all monitored components.
  • Reporting -- Monitoring rules can be configured to send monitored data to both the operations database for alerting and the reporting database for archiving.
  • End-to-end service monitoring -- OpsMgr provides service-oriented monitoring based on System Definition Model (SDM) technologies. This includes advanced object discovery and hierarchical monitoring of systems.

Processing Operational Data

OpsMgr manages Windows Server 2008 R2 infrastructures through monitoring rules used for object discovery, Windows event log monitoring, performance data gathering, and application-specific synthetic transactions. Monitoring rules define how OpsMgr collects, handles, and responds to the information gathered. OpsMgr monitoring rules handle incoming event data and allow OpsMgr to react automatically, either to respond to a predetermined problem scenario, such as a failed hard drive, with predefined corrective and diagnostics actions (for example, trigger an alert, execute a command or script) to provide the operator with additional details based on what was happening at the time the condition occurred.

Generating Alerts and Responses

OpsMgr monitoring rules can generate alerts based on critical events, synthetic transactions, or performance thresholds and variances found through self-tuning performance trending. An alert can be generated by a single event or by a combination of events or performance thresholds. Alerts can also be configured to trigger responses such as email, pages, Simple Network Management Protocol (SNMP) traps, and scripts to notify you of potential problems. In brief, OpsMgr is completely customizable in this respect and can be modified to fit most alert requirements. A sample alert is shown in Figure 23.3. The alert indicates that the domain controller's DNS is incorrectly configured. Also note that there are two information alerts shown, indicating that the domain controller stopped and started.

Outlining OpsMgr Architecture

OpsMgr is primarily composed of five basic components: the operations database, reporting database, Root Management Server, management agents, and Operations Console. These components make up a basic deployment scenario. Several optional components are

FIGURE 23.3 Operations Manager 2007 R2 alert.

also described in the following bulleted list; these components provide functionality for advanced deployment scenarios.

OpsMgr was specifically designed to be scalable and can subsequently be configured to meet the needs of any size company. This flexibility stems from the fact that all OpsMgr components can either reside on one server or can be distributed across multiple servers.

Each of these various components provides specific OpsMgr functionality. OpsMgr design scenarios often involve the separation of parts of these components onto multiple servers. For example, the database components can be delegated to a dedicated server, and the management server can reside on a second server.

The following list describes the different OpsMgr components:

  • Operations database -- The operations database stores the monitoring rules and the active data collected from monitored systems. This database has a 7-day default retention period.
  • Reporting database -- The reporting database stores archived data for reporting purposes. This database has a 400-day default retention period.
  • Root Management Server -- This is the first management server in the manage-ment group. This server runs the software development kit (SDK) and Configuration service and is responsible for handling console communication, calculating the health of the environment, and determining what rules should be applied to each agent.
  • Management server -- Optionally, an additional management server can be added for redundancy and scalability. Agents communicate with the management server to deliver operational data and pull down new monitoring rules.
  • Management agents -- Agents are installed on each managed system to provide efficient monitoring of local components. Almost all communication is initiated from the agent with the exception of the actual agent installation and specific tasks run from the Operations Console. Agentless monitoring is also available with a reduction of functionality and environmental scalability.
  • Operations Console -- The Operations Console is used to monitor systems, run tasks, configure environmental settings, set author rules, subscribe to alerts, and generate and subscribe to reports.
  • Web console -- The Web console is an optional component used to monitor systems, run tasks, and manage Maintenance mode from a web browser.
  • Audit Collection Services -- This is an optional component used to collect security events from managed systems; this component is composed of a forwarder on the agent that sends all security events, a collector on the management server that receives events from managed systems, and a special database used to store the collected security data for auditing, reporting, and forensic analysis.
  • Gateway server -- This optional component provides mutual authentication through certificates for nontrusted systems in remote domains or workgroups.
  • Command shell -- This optional component is built on PowerShell and provides full command-line management of the OpsMgr environment.
  • Agentless Exception Monitoring -- This component can be used to monitor Windows and application crash data throughout the environment and provides insight into the health of the productivity applications across workstations and servers.
  • Connector Framework -- This optional component provides a bidirectional web service for communicating, extending, and integrating the environment with third-party or custom systems.

The Operations Manager 2007 architecture is shown in Figure 23.4, with all the major components and their data paths.

Understanding How OpsMgr Stores Captured Data

OpsMgr itself utilizes two Microsoft SQL Server databases for all collected data. Both data-bases are automatically maintained through OpsMgr-specific scheduled maintenance tasks.

The operations database stores all the monitoring rules and is imported by management packs and operational data collected from each monitored system. Data in this database is retained for 7 days by default. Data retention for the operations database is lower than the reporting database to improve efficiency of the environment. This database must be

FIGURE 23.4 Operations Manager 2007 R2 architecture.

installed as a separate component from OpsMgr but can physically reside on the same server, if needed.

The reporting database stores data for long-term trend analysis and is designed to grow much larger than the operations database. Data in the reporting database is stored in three states: raw data, hourly summary, and daily summary. The raw data is only stored for 14 days, whereas both daily and hourly data are stored for 400 days. This automatic summarization of data allows for reports that span days or months to be generated very quickly.

About the authors:

Rand Morimoto has been in the IT industry for more than 25 years and is the president of Convergent Computing, an IT-consulting firm. Morimoto has also co-authored Exchange Server 2010 Unleashed.

Michael Noel is an IT expert and partner at Convergent Computing and co-wrote Microsoft SharePoint 2007 Unleashed.

Chris Amaris cofounded Convergent Computing and serves as the chief technology officer. Amaris has also co-authored Microsoft Exchange Server 2007 Unleashed.

Omar Droubi has been in the computer industry for more than 15 years and has co-authored Windows 2003 Unleashed.

Ross Mistry has spent more than a decade in the computer industry and has also published Microsoft SQL Server 2008 Management and Administration.

Determining the Role of Agents in System Monitoring

The agents are the monitoring components installed on each managed computer. They monitor the system based on the rules and business logic defined in each of the management packs. Management packs are dynamically applied to agents based on the different discovery rules included with each management pack.

Defining Management Groups

OpsMgr utilizes the concept of management groups to logically separate geographical and organizational boundaries. Management groups allow you to scale the size of OpsMgr architecture or politically organize the administration of OpsMgr.

At a minimum, each management group consists of the following components:

  • An operations database
  • An optional reporting database
  • A Root Management Server
  • Management agents
  • Management consoles

OpsMgr can be scaled to meet the needs of different sized organizations. For small organizations, all the OpsMgr components can be installed on one server with a single management group. In large organizations, on the other hand, the distribution of OpsMgr components to separate servers allows the organizations to customize and scale their OpsMgr architecture. Multiple management groups provide load balancing and fault tolerance within the OpsMgr infrastructure. Organizations can set up multiple management servers at strategic locations, to distribute the workload among them.

The general rule of thumb with management groups is to start with a single management group and add on more management groups only if they are absolutely necessary. Administrative overhead is reduced, and there is less need to re-create rules and perform other redundant tasks with fewer management groups.

Integrating System Center Operations Manager 2007 R2 with Windows Server 2008 R2
  Using OpsMgr 2007 R2 to monitor Windows Server 2008 R2
  OpsMgr 2007 R2 hardware, software, security requirements
  OpsMgr 2007 R2 installation steps
  Operations Manager 2007 R2 configuration
  Operations Manager 2007 R2: Using alerts, running reports

Printed with permission from Sams Publishing. Copyright 2010. Windows Server 2008 R2 Unleashed by Rand Morimoto, Michael Noel, Omar Droubi and Ross Mistry. For more information about this title and other similar books, please visit Sams Publishing.

Dig Deeper on Operating Systems and Software Services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.