Microsoft SCOM Chalk and Talk 15/16 March 2016 Feedback

  • Distributed Applications
  • The suggestion was to create two or more Distributed Applications (DAs) which are the service views. One would be a minimal view of the service, usually what the service owner would consider the service to be. For example the web site, the application and the backend database. This is the view the service owner, senior managers and end users would be interested in. It would show if the service was up or down. We would then create another DA for the technical teams which would show more of the detailed components like the servers, network, etc. Different DAs can be created to suit the intended audience.
  • For mirrored SQL add the databases into a group and create a health rollup for the group which is set to alert on 50% availability.
  • Basic DA is best to be used with SLAs as this will ensure the correct service availability numbers as it will only report on the downtime of the actual service.
  • The engineer said that generally it will take around three weeks to fully set-up monitoring for a service. That is three weeks per service. It is a big investment in time and resource.
  • Dashboards
  • The dashboards within SCOM are limited. ‘Drill down’ is not available out of the box.
  • The recommendation was to use Visio along with the SCOM data connector for Visio. This can pull live data from SCOM and populate health states into visio diagrams. These can then be published to a Sharepoint Enterprise site.
  • The visio diagrams once in sharepoint can be linked to give the ‘drill down’ effect.
  • It is also possible to create a service diagram in visio, save this as a .jpg and then import this into SCOM for use with the topology widget with the SCOM native dashboards.
  • Visio can’t be used to visualise performance data or alerts.
  • Dashboards can be created within SCOM for performance and alert data and published to sharepoint.
  • There is a SCOM connector for sharepoint. Published data will be updated live.
  • For advanced dashboarding and data manipulation the recommendation was to view SCOM as a data source and then use tools outside of SCOM to produce the desired results. For example – visio/sharepoint, Power BI Designer, Datazen and Excel Power Pivot
  • GMTTool -
  • SCOM Data warehouse structure available online. Will be useful for use with visio.
  • Diagram Views
  • The built-in SCOM diagram views are nice, but pretty static and not very flexible.
  • They cannot be added to a dashboard
  • To add a diagram view to a dashboard either use visio/sharepoint or visio, save as .jpg and SCOM topology widget.
  • Unsealed Management Packs
  • Create a new Management Pack per service
  • Store all objects relating to that service within the MP – groups, monitor, overrides, DAs, Views etc
  • After the service is completed seal the MP.
  • Keep an unsealed copy, make any future changes to this, then seal and import into SCOM. And so on for further changes.
  • Can’t reference an object in an unsealed MP
  • Good tools are MPviewer, Override Creator, Override Explorer, MPAuthor
  • It would be a good idea to have MP source and change control procedures
  • Synthetic Transactions - Windows Service Monitoring & TCP Port Monitoring
  • Windows Service monitoring - should largely be used in instances where you know there is a service that can use up all CPU/RAM and you want an early warning alert. NOT the best way to monitor something like Shibboleth. Recommendation here was to create a new MP for Shibboleth and create a new SCOM class. Write a discovery rule to find which servers are running Shibboleth – discovery can either look for a registry key or perhaps a folder structure. The monitors and rules can be created to monitor whatever is appropriate to that particular application.
  • Process monitoring - has a similar use for anything that runs as a process but is not a Windows service. This can also be used to as a way to check if a process is running or not and alert on this. It might be possible to use this as a way to monitor Jetty in the Unidesk service.
  • OLE DB Data Source – this is a way to check db connections, can also run a test script to show that the db is available. This can be used as a light touch monitor for dbs on linux servers without having to source and buy a full MP. This was MS suggestion for monitoring oracle on linux servers. However, it was pointed out that we would have to be careful with licensing as this monitor would require at least one oracle provider and these are licensed items.
  • Watchers - Good idea to have the watcher be the application server. This checks that the application server can contact the db. Watchers can also be in different locations depending on what you want to check. For example connection through a firewall, connections from different geographic locations
  • Web Application Availability Monitor –Best used when you want to monitor numerous web sites that don’t require an authentication check. You only need to create one monitor and then add the different sites.
  • Web Application Transaction Monitor – Use this when you want to monitor web site authentication. When creating the monitor you can record a browser session to be played back as part of the check. One monitor must be created per website.
  • Groups
  • Can only create computer groups via the MPAuthoring tools
  • Dynamic groups can use various criteria for population – for example, IP address range or AD OU.
  • Create a computer group if the group will only contain computers.
  • Roles – Devolved Access
  • Most devolved access will use operator or advanced operator
  • Advanced operator can create overrides
  • Full admin is needed to create classes, groups, DAs
  • Custom roles can be created in visual studio
  • Scope roles with only the folder structure required, this will make the console render faster – however, if no folders or views are added the role has to be manually updated – so neither way is ideal.
  • SCOM Performance
  • Generally tune SQL with SQL best practice
  • Max ram
  • Parallelism
  • Tempdb
  • 64K NTFS
  • Use the My workspace area for frequently used views and dashboards

Wednesday 16th March

  • Unix/Linux Monitoring
  • Installation of SCOM agents on linux servers will use the MS linux MP and provide monitors for the linux OS.
  • Most applications running on linux will require a third party MP (these will often have a cost)
  • There could be some discussion around what gets monitored in this scenario. So if it’s going to be costly and time consuming to have SCOM monitor applications on linux should SCOM just monitor the basics we need for the service –ie is the web site available, is the application process running and so on. This makes for a lighter touch in SCOM. For fuller monitoring the user then goes back to Zenoss or other dedicated tool.
  • Rules and monitors can be created that run scripts pulled fromZenoss or other existing scripts where available.
  • SNMP Monitoring
  • out of the box there is no snmp monitoring for linux
  • linux servers can be added as a device and then discoveries, rules and monitors would have to be built to monitor anything (this is creating a custom management pack for the servers)
  • There is no easy way to convert MIBs to MP
  • You can use SNMP traps and/or probes. The recommendation is for probes where possible
  • Network Monitoring
  • Does not monitor network traffic
  • Monitors health state and performance of the switch/router/etc
  • Can map a mac address from a server with a SCOM agent to a switch port
  • Other switch ports will be ignored by default unless explicitly told to monitor
  • To reflect VMware vmotion of virtual servers between switches network discovery would have to be run again. This could be run a few times a week or nightly depending on requirements and time taken etc. But in this scenario network switch port data for vms could be out-of-date.
  • Sharepoint integration
  • Microsoft provide connectors for SCOM and Sharepoint.
  • Requires Sharepoint Enterprise
  • The engineer didn’t think it was possible to use Office 365 sharepoint as a requirement was to install the SCOM binaries on the sharepoint server and as Office 365 was a shared and controlled environment this was unlikely to be possible. He was going to try to find out for sure. We should also be able to progress this internally.
  • If we can’t use Office 365 we can look into installing a dedicated sharepoint enterprise server.
  • Global Service Monitoring
  • This is a Microsoft service which allows you to use servers all over the world a watchers for synthetic transactions
  • Available for free if you have software assurance otherwise it is a paid for service.
  • Get a code from the software assurance portal and input this into the GSM web site.
  • Web Console
  • Only IE is officially supported
  • It is possible to make it work in firefox
  • Misc
  • Powershell Desired State Configuration
  • Bluestripe
  • Spoke briefly about Orchestrator – what be worth looking at.
  • Agent update – WSUS – SQL table agent pending action in scomdb