Are you a green bar watcher?
I was talking to a friend the other day and mentioned that I have gotten used to looking down at the right hand corner of the console to watch the green bar as this means the screen I have selected is still loading. He laughed as he said he did the same.
So how many of you are green bar watchers?
Beta 2 of System Center Virtual Machine Manager is now ready for download from Connect.
Major upgrades in this release:
·Completely new, easy-to-use and intuitive UI based on the System Center look-and-feel (same as System Center Operations Manager 2007, Service Desk and System Center Essentials)
·Physical-to-Virtual (P2V) Conversions (Windows Server® 2000 or Windows Server 2003 are supported)
·Virtual-to-Virtual (V2V) Conversions – Using the Windows PowerShell® interface, converts a VMWare disk or a whole VM to the analogous VS vhd\vm representation
·64-bit VMM server support
·Every VMM component is now remotely installable, including the VMM server, library server, delegated provisioning portal, administrative console and data store
·Full Windows PowerShell support with documentation
·Better overall performance and scalability
·Every feature from Beta 1 with more functionality and enhancements
There is a document on the Connect site with the full list of changes. It is looking impressive.
If you download it you will be put into a draw for an Xbox 360T but only if you are American. Thanks guys!
Update 23rd April 2007. Apologies. It seems that I was wrong. A couple of people from Microsoft have pointed out in the comments that what I initally thought was a big download was just the agent created a local Jet database. I should have checked wih a network monitoring tool first. Obvioulsy too eager to blog about it – Horrors! I am starting to act liek a journalist. Still, in my defence, if that had been documented (especially the performace white paper where WAN traffic knowledge is useful) then perhaps I may not have jumped the gun. Now someone will point me to the white paper where it is documented!
Ian
As I was looking at the performance white paper I realised there was no mention of WANs or client sizes. If fact, in the week at MMS ,I can not recall anyone talking about these things. In contrast, when MOM 2005 was launched ,a big thing was made out of the fact that the agent was smaller, quicker and more performant. Here is a table produced by the Product Group for the MOM 2005 launch.
|
|
MOM 2000 |
MOM SP1 |
MOM 2005 |
| Scale (nodes/zone) |
1,000 | 2,000 | 4,000 |
| Alert latency (1000 nodes) |
> 600 seconds | 270 seconds | 30 seconds |
| Agent heartbeats (1000 nodes) |
> 600 seconds | > 600 seconds | 30 seconds |
| Discovery (1000 nodes) |
15 minutes | 15 minutes | 3 minutes |
| Agent push (1000 nodes) |
30 minutes | 30 minutes | 12 minutes |
| Agent footprint (idle) |
22 MB | 18 MB | 3.5 MB |
| Agent footprint (managing Exchange) |
40+ MB | 40+ MB | 12MB (agent process) 6MB (host process) |
Why was there not a similar one for 2007? Well I decided to push out an agent to server and when I looked at the directory in Program Files after it had been pushed it was 167 MB! For MOM 2005 it was 9 MB. No wonder no-one has talked about it. That is a serious amount to push down a thin pipe. In the States everyone seems to have plenty of bandwidth but in Europe that is not always the case. So now it makes sense that there is a lot of information on AD Integration so you build your agent into the server build.
So if you are pushing out agents over narrow or busy pipes make sure you do it out of hours.
One of the popular questions for 2005 was putting agents into maintenance mode and it is still popular with 2007.
From SystemCenterForum.org
“Neale has addressed the challenge of putting groups of agent-managed nodes into maintenance mode via a PowerShell script, which could easily be run as a scheduled task”
http://systemcenterforum.org/wp-content/uploads/CmdSchedMaint.zip
There are 2 scripts – one for agents and one for groups along with a PDF explaining the scripts. These are complex looking scripts so thanks to Neale for coming up with them. A good way to learn about PowerShell especially as it is documented.
This is really useful but I generally do not like just copying other posts as I assume that if you are interested in what I post on you will also be subscribed to the other blogs in this area. I keep a list of those bloggers in one of my pages (http://ianblythmanagement.wordpress.com/mom-blog-links/) so new people that find this blog can quickly add the rest. But is this true? If you read this blog do you read all the other MOM/SCOM/System Center blogs as well?
The newsgroups have an announcement that the “Operations Manager 2007 Performance and Scalability White Paper” is released but only on Connect. I have asked why it is not on the main web sites as OM is an RTM product and not in beta any more. Also released on the Connect site is the updated SDK and samples for RTM.
Having talked to a couple of PMs at the MMS I was not expecting much from this paper and so I am not disappointed. It is 20 pages long – so it is not big nor exhaustive.
The crux of what they said was that there will not be any definitive sizing like there was for MOM 2000 and 2005 but that there would be guidelines on what they tested that you can use as a starting point and they recommend that you use System Center Capacity Planner (SCCP) to model your system. That is still in beta at the moment and so is not complete and I have found issues with using it but that is a separate post.
I can see their point as SCOM is really 3 products rolled into one and each product has different requirements. See previous post on SCOM 2007 Architecture – http://ianblythmanagement.wordpress.com/2006/08/01/scom-2007-architecture/, which needs updating. And they want to be more flexible. After all if you have 10,000 desktops doing 1 alert per day then that will generate the same load as 100 servers doing 100 alerts per day. So you can create many different variations. I started to do some work on creating a deployment options post but it is turning into a major piece of work.
I did mention previously (http://ianblythmanagement.wordpress.com/2006/11/22/scom-sizing-%e2%80%93-an-easy-win/) that SCOM should be a lot more scalable than 2005 based on what I knew of how the testing was done but organisations did not go above those limits due to support requirements. But it looks like it is not so. The PM did say that the MPs are more complex etc but I was expecting a better result. I also asked him about PSS support for designs that people came up with but did not get an answer as they were Product Group people. Well, he vaguely mentioned SCCP and the white paper says that this will be the official tool. So who knows, it may be that to get PSS support you have to show them your SCCP design.
The paper does give a fascinating insight to the workings of some of the components like the RMS. Basically you need lots of memory, preferably 64 bit and in large deployments having no agents report into it. From talks with the PM and Microsoft’s internal IT it appears that Management Servers can be lighter. The testing PM had 3 coping with 5,000 agents and MS IT is considering turning their Management Servers into virtual servers which is always a sign that the load is light. In the document it mentions that 2007 Management Servers do not put all data into the disk cache like 2005 which lightens their load. The database is still the main bottleneck in 2007.
There are some obvious recommendations like the more agents and the more management packs the bigger the load on the database server and similarly for consoles. IO is the most critical part of the database server. You can up the RAM to lesson the load on the IO and again 64 bit is recommended so you can go above 4 GB.
The reporting database is different to 2005. In 2005 there was the DTS job that did a transfer at 01:00 each night but with 2007 the data is written in real time so it needs to be sized similarly to the operational database server. As the data is summarised for reports CPU and memory are also important especially when running large reports that span a big range of dates.
OM Guidelines Summary
|
|
MOM 2005 | SCOM 2007 |
| Agents per Management Server | 2,000 | 2,000 |
| Agents per Management Group | 4,000 | 5,000 |
| Agents per Gateway Server | N/A | 200 |
| Consoles per Management Group | 15 | 50 |
| Size of OM database |
30 GB | No official limit but keep small |
| Size of Reporting database | 1 TB | No official limit |
| Collective Client computers per management server | N/A | 2,500 |
Collective Client monitoring has an agent on each computer but the alerting on the individual agent is disabled and the data is gathered and aggregated to report at a collective rather than individual level.
Agentless Exception Monitoring Guidelines
|
Monitored |
Recommended Limit |
| AEM computers per Management Server | 25,000 |
| AEM computers per Management Group | 100,000 |
But the paper shows a recommended hardware configuration for a Management Server that can deal with 100,000 AEM clients.
Audit Collection Guidelines
(not in the paper but from MMS presentation)
Performance
A single collector handles up to
• Peak maximum of 20,000 events/sec
(short burst only – non sustainable)
• Continuous maximum of 2,500 events/sec
• Average byte per event over the wire < 100 bytes
Scalability
A single collector can support up to (this varies depending on factors like Audit Policy):
• 150 Domain Controllers OR
• 3,000 non-DC servers OR
• 15,000 workstations
NB – note the OR.
And if you throw disaster recovery options into this then it gets more complex.
The big question that was always asked about 2005 was how many agents a single box could handle. In this paper they show the hardware that can cope with up to 250 agents where it is a combined database (OM and DW), RMS, reporting server but it does not mention ACS or AEM. As this is a dual proc 2 GB server then coping with more agents if you have a 4 proc, 8 GB 64 bit system should be possible.
The bottom line is that Microsoft has produced a set of options that they have tested but the onus is on each organisation to ensure that they specify the hardware correctly and Microsoft will recommend that organisations use System Center Capacity Planner.
Operations Manager 2007 uses AD a lot more than 2005. I have collected some links that may help. I have included the link to the AD MP as that is essential for setting up AD monitoring correctly but you need to know about overrides to configure the MP and if you have a large number of DCs then there is a PowerShell script that can switch the proxy setting off for all of them. In the GUI you would have to do each one separately.
SCOM 2007 uses Kerberos to do mutual authentication between the agent and the management server. Unlike MOM 2005 this can not be switched off. In order to monitor systems that are not part of the domain or forest that do not have a two way trust you need to use certificates and perhaps the Gateway server. Although related to AD I do not cover PKI, certificates or Gateway servers in this post.
Installing 2007 – AD Domain Prerequisites
If fact before you can install 2007 you must have the domain level right. Operations Manager 2007 requires that the domain functional level be Windows 2000 native, Windows Server 2003 interim, or Windows Server 2003. For Operations Manager to function properly, you must check the domain functional level and raise it to at least Windows 2000 native. The lowest level of the 4 levels is called Windows 2000 Mixed and that is the only one of the 4 that OM 2007 can not work in. Note – this is the default domain functional level for Windows Server 2003 domains. See http://technet2.microsoft.com/WindowsServer/en/library/da255f53-ae6c-4af8-80f1-9b3c046022311033.mspx?mfr=true
Note – there are no schema changes with OM 2007 that I have come across. Containers do get created though.
AD Integration with security and controlling access to the console
One thing I have not come across is any papers looking at the use of AD integration to help lock down the console. There is this mini video though.
Create User Roles
Presenters: Joseph Chan, Microsoft
This video demonstrates how to create user roles to control access to Operations Manager data and monitoring objects like tasks and views according to the users business responsibilities and needs.
Running Time (minutes): 5:39
Date Posted: March 18, 2007
AD Management Pack
What’s new
• Domain discovery that enables Operations Manager 2007 to automatically discover domains in your Active Directory environment
• New performance and client monitoring views to provide more ways to view your monitoring data
• A new child domain topology view, allowing you to see subdomains of other domains
• New dashboard views that combine multiple views into one view to allow analysis of trends and similarities between related metrics
Caveats
• Neither of the Management Packs (the AD Client Monitoring is considered a separate pack and to be deployed on Exchange servers that are clients to AD) support agentless monitoring.
• The Active Directory Management Pack does not support monitoring across multiple forests. (This is strange as using the Gateway tool allows servers in multiple forests to be monitored by one OM management group.)
• You cannot monitor a domain controller running on the x64-bit version of Windows Server 2003 with Operations Manager 2007 and Microsoft Operations Manager 2005 simultaneously.
• If an Operations Manager 2007 64-bit agent is installed on a domain controller running in 64-bit mode, the existing 32-bit version of OOMADS remains and will not be upgraded. This means that the 2007 Active Directory Management Pack monitoring will not work. The Microsoft Operations Manager 2005 monitoring will continue to work.
Active Directory Management Pack Guide for Operations Manager 2007
March 27, 2007
This document includes a Management Pack overview, deployment procedures, and monitoring scenarios for the two Active Directory Domain Services (AD DS) Management Packs
Download the Guide
Enabling the Agency Proxy allows each domain controller to discover its connection object between other domain controllers. Connection objects are hosted by the forest, and the forest is discovered by the topology discovery, which is run on the Operations Manager 2007 principal Management Server. (I take it that they mean Root Management Server).
Agent “Act as a Proxy” Bulk Update zip file from systemcenterforum.org
2007/04/12
A PowerShell script that will enable the ‘Act as a Proxy’ functionality on a group of agents. This is useful when an MP requires a large number of agents to have this functionality enabled.
In order to make any changes to the AD MP, such as changing the value for the “Intersite Replication Latency Threshold Value” you will need to use overrides as the MP is sealed. Although this video is not covering AD overrides it is useful to see the process especially as the menu options in the GUI are not that intuitive.
Adjusting Monitors with Overrides
Presenters: Lorenzo Rizzi, Microsoft
This video provides and overview of the overrides feature in Operations Manager 2007.
Running Time (minutes): 5:37
Date Posted: March 18, 2007
AD Integration
AD integration is new to OM 2007. This allows the agent to be deployed in a server build or by SMS and use the AD to notify the agent where to go for the management group, management server and failover management server. As you can see there is a lot of information covering this.
Note: If you are not planning to deploy the agents within a server build, via a tool like SMS etc but instead are planning to push the agents out from the console you can ignore this section.
AD integration concept, see Using Active Directory Domain Services to Assign Computers to Operations Manager 2007 Management Groups. http://technet.microsoft.com/en-us/library/bb309470.aspx
How to Create an Active Directory Domain Services Container for an Operations Manager 2007 Management Group – http://technet.microsoft.com/en-us/library/bb309685.aspx
Provides the procedure to create in a domain an AD DS container for an Operations Manager 2007 Management Group.
How to Use Active Directory Domain Services to Assign Computers to an Operations Manager 2007 Management Group – http://technet.microsoft.com/en-us/library/bb381226.aspx
Provides the procedures to assign computers to Operations Manager 2007 Management Groups by using AD DS.
Active Directory Integration
Presenters: Joseph Chan, Microsoft
This video demonstrates how to configure Active Directory integration to automatically assign agents to management servers.
Running Time (minutes): 6:03
Date Posted: March 18, 2007
Active Directory Integration in Ops Mgrs 2007 PDF from SystemCenterForum.org
(04/11/2007)
How to configure Active Directory integration for an Operations Manager 2007 management group.
Notes on AD Integration in Ops Mgr 2007 SystemCenterForum.org
Additional info.
InFront Consulting
Additional documentation (PDF) on how to Configure Active Directory integration in Ops Mgr 2007 RC2. (Some of the issues he saw when first doing the configuration)
Active Directory Integration in Operations Manager 2007
Posted by Rory on 2/17/2007
Learn how to configure Active Directory integration in Operations Manager 2007 using the new MOMADAdmin.exe utility. MOMADAdmin.exe is a new tool included in the Support Tools folder on the Operations Manager 2007 media that allows you to prepare the Act… (Registration Required)
I went to the MP catalog to see if it was updated for 2007 and it does have the drop down for 2007. Unfortuantely it returns 0 results. Not even the managements packs that ship with the RTM code. Soon, soon.
Having installed the RTM version of SCOM in the system testing area and checked that the agents work happily with the MOM 2005 agents I wanted to install the same management packs that I have on MOM 2005 to see how the alerting compares.
I took a selection of the older MPs that do not yet have equivalents for 2007 and used the MP2XML tool in the MOM 2005 Resource Kit to covert them to XML. However OM 2007 would not import them as the XML was not correct.
[Update 11/4: you need to run MPConvert.exe (in \SupportTools) on the XML file to create a new XML file which will import into 2007. ]
The second method was to use the version with 2007. Run setupom.exe and then chose “Install MOM 2005 to OpsMgr 2007 Migration Tool”. This needs the MOM 2005 console installed on the same server as SCOM for it to install and this needs a MOM 2005 management group to enable setup to complete. Under the SCOM 2007 program group there is a new icon called Migration Tool. This gives you two methods. To migrate the MP from an active MOM 2005 management group or convert from a file. In either option the tool will do the import for you as well or save to a file.
I tried the first method and after inputting the name of the MOM 2005 server I received a list of all the management packs as well as the option to migrate the Managed Computers. A lot nicer than having to create a batch file to use the MP2XML tool. Once you chose the MPs you want, it exports them initially as AKM and then converts and finally imports with a nice details pane to show you what is happening.
I started with the Group Policy MP (GPMP.AKM) and that converted smoothly. When looking through what had been done it created a MP called Microsoft_Windows_Group_Policy (Converted), although this name can be changed, targeted at MOM 2005 Backward Compatible Windows Computer with a version number of 1.0.0.1. Interestingly it created dependencies with seven other MPs. As it is converted it is not a sealed MP. Unfortunately it called the Discovered Type “Group” instead of “Group Policy”. A Monitor called Group was also created but only the template was there.
I then went on to convert 6 more with tasks as well to see how those converted. Again the conversion went well with names similar to the above created and targeted at MOM 2005 Backward Compatible Windows Computer. These MPs had tasks and what I found was all task now reside in Windows Computers Task so you get a big list that includes the original tasks but now I have all the tasks from SMS 2003, DHCP, DNS and DFS that I imported in. This makes the list unwieldy and there are no views where you get the filter for these tasks unlike AD or SQL Databases for example. I need to do a bit of investigation so see what can be done.
I did have a chat with one of the Program Managers at MMS about tasks. While I like the fact that the main relevant tasks are showing I would like the ability to see all tasks as well. If I am doing AD I only see AD tasks. If I want to ping or remote desktop I have to switch to another view to bring that task up. It would be good if there was an All Tasks at the bottom of the specialised tasks that took you to an explorer view of tasks much like 2005. That way you could have the best of both worlds.
All in all it is an easy way to get those custom MPs and older MPs that have not been updated for SCOM yet into SCOM but watch out for the tasks!
I was just about to write a post saying that Microsoft did not mention licensing and prices at the MMS and there was nothing on the web site then I saw Stefan’s post (congratulations to Stefan on becoming an MVP) and now Microsoft has put up the information at http://www.microsoft.com/systemcenter/opsmgr/howtobuy/default.mspx.
The two areas I was particulary interested in was
Client prices – would they be reasonable?
Virtualisation – would the same (generous) terms be used?
I am glad to say that there is a client license and it is only $32 which is before volume discounts are applied. This is for the agent to fully monitor the client using OM and/or ACS. If you are using Agentless Exception Monitoring (AEM) to monitor Dr Watson type errors there is no charge.
The web page does not specifically call out the virtualisation like the FAQ for MOM 2005 did but simply says that you need an Operations Management License (OML) for each managed device. In 2005 a device was the hardware. So if you were running Virtual Server OR VMWare (Microsoft did not specifically mention it but it was true) you would buy one OML for the box and that covered it for as many agents as there was Virtual Machines running Windows. It would be nice to get that clarified- especially as virtualisation is becoming more prevalent.
Stefan has interpreted the Client OML to mean that you have to pay $32 for each SNMP device. Well in MOM 2005 you only paid a license if you were actively managing the device. If the device sent SNMP traps to MOM then that was considered passive and no license was needed. It would be nice to get clarification on this one as well. Especially in the light of the EMC Smarts announcement made at MMS. And if each device does require an Client OML how will that affect JalaSoft and eXc Software?
All prices
Operations Manager Server 2007 $573 U.S.
(This is the licence for the management servers)
Operations Manager Server 2007 with SQL Server Technology $1,307 U.S.
(This is the licence for the management servers but also a license for SQL 2005 Standard. There is no processor or CALs to worry about but you can only use this copy of SQL for OM. On the web site there is a deal to get 30% off buying SQL, Std or Ent, with OM)
Traditionally you only use this license for the management servers and not the servers running the OM databases if they are separate. You need an Enterprise OML for those servers. There is nothing on the we site that says that this version is different.
Enterprise OML $426 U.S.
(This is the agent license needed for OM or ACS on servers where you are monitoring SQL, Exchange etc)
Standard OML $155 U.S
(This license was introducing during MOM 2005 and covers an agent that does Windows, File and Print and Networking. It also covers ACS)
Client OML $32 U.S.
There is a link here that explains the differences between the OMLs and specifically what qualifies for the cheaper Standard OML. http://www.microsoft.com/systemcenter/opsmgr/howtobuy/opsmgrstdoml.mspx
This reads, in my opinion, that if you only use ACS and not the OM functionality you would only need the Standard OML even if the server is running an application.
The prices are lower than MOM 2005 ($729 for the server and £539 for the OML) but with a lot more functionality so that is a good deal. And all these prices are before discounts.
There is no Workgroup Edition like 2005 as that is being replaced by System Center Essentials.
Additionally if you have a volume license agreement then you can get the Standard OML as part of the System Center Server Management License (“SML”) which also includes SMS and System Center Data Protection Manager (DPM). There will be an Enterprise edition of the SML but at the end of the year when System Center Configuration Manager is released and will include the Enterprise versions of the OML and Data Protection Manager Management License, as well as the System Center Configuration Manager 2007 Server Management License, and System Center Virtual Machine Manager 2007.
A bit of a long post but that is Microsoft Licensing for you. But I do like the new client license which will be useful for monitoring ATM and POS machines and the fact that 2007 is cheaper than 2005 is a good deal.
MMS 2007 is over and I am now back home but they have told us the dates and location for next year so you can get it in your diary.
MMS 2008 will be in the Venetian at Las Vegas from April 28th to May 2nd. System Center Configuration Manage (aka sms v4), System Center Virtual Machine Manager, System Center Capacity Planner v2 and Longhorn will have been released by then and perhaps even System Center Service Manager (aka Service Desk). So lots of stuff to learn about.
