Microsoft Operations Manager 2000 Ian Blyth Principal Systems Engineer Microsoft Ltd
Taxonomy Of Windows Management Solutions Function Value-add Microsoft Products Shipped in Windows Partner solutions built on Microsoft management products or directly on Windows Third Party Solutions Microsoft Management Products for the Enterprise Solutions for Consumers and Small Biz Common Infrastructure Less # of Windows IT & Admin/IT skill-set More
Management Products Database Servers Desktops Web Servers Laptops PDAs Application Servers Mail Servers Web Services Other Servers
MOM 2000 Scaleable Windows Operations Management l l Policy-based management based on rules Extremely powerful and scaleable Ø Ø l Out-of-the-Box knowledge for monitoring provides instant return on investment Ø Ø l Install the entire MP: no need to pick-and-choose rules This triage – what is important to know about – has been made for you! Self-managing Ø l event consolidation processing infrastructure Easy to use, flexible, self deploying Based on Net. IQ’s Operations Manager technology, licensed to Microsoft in October 2000
MOM 2000 The main defense Design Philosophy: “listen for everything, advise on exceptions” • • • Management by exception: “watches everything – just in case!” Interprets event/performance data generated by each app & service Additional performance monitoring through synthetic transactions Identifies components not meeting availability / performance criteria Monitoring policies simplifies / standardizes mgmt of server groups Automated actions in response to alerts
Proof Point: Microsoft IT Benelux Dublin Chicago Stockholm Munich Milan Les Ulis Building 11 Tokyo Madrid Silicon Valley Los Colinas Charlotte Singapore Sydney Regional Collection l Global Event Forwarding l l Centrally manages ~7, 300 production servers located in 168 sites Regionally collect events and forward critical alerts to the console All MOM alerts reported centrally (Redmond WA) < 2 minutes
Microsoft IT Metrics l Daily Averages Ø Ø Monitors >9000 servers WW from a single location Analyses 100% of all AD & Exchange events generated § § l Exchange: processes 42 k events, collects 1. 2 M instances of performance data, issues <1 alert per server/day AD: Issues less than 3 operator alerts per AD DC per day The value of MOM Ø Before MOM: § § § Ø Multiple products required 35 operator alerts investigated for each trouble ticket raised 100% AD problem investigations in response to helpdesk calls Since MOM: § § § MOM is the sole manager of OTG servers Intervention to trouble ticket ratio dropped to 3: 1 97% all AD issues fixed proactively
Daily Event Processing Managed Servers Collector/Gatherer Security DB 31. 5 Million Events Collected Forwarded 31. 5 Million events Alert Console 3. 5 Million Alerts 120 Million NT Events 85 Million events discarded Agent processes 1, 073 rules l l 1100 Alerts = 180 SRs 90% security log, 8% application log and 2% system log. On average, each managed node generates 24, 000 events/day. The local event agent processes each event (one event in every 4 seconds). 35 Million Events/Alerts collected daily Ø Ø Ø l 35 Million Events/Alerts Log volume by percentage: Ø l Forwarded Security Events: 31. 5 Million Application Events: 2. 8 Million System Events: . 7 Million Alert delay to the central Console under 2 minutes globally.
MOM Architecture Overview- Flexible, scalable, adaptable Console Web Console Agents: Execute local Management Packs Collect and analyze event, performance and configuration data Event correlation, automated response Single instance Ø Ø Consolidator/Agent Manager: Dispatches Management Pack Funnels data to/from Agents and DAS Dynamically installs, configures, updates uninstalls Agents Central event correlation, automated response Ø Ø Database Access Server: Brokers data between Consolidator and DB Ø Database: Ø Ø Ø Events and alerts Management Pack Policies Performance and capacity Resolution workflows Ø Ø Views Reports
Deploying MOM MMC UI Domain DC MOM Server Attributes Computer Group Def. Rules Views EX 01 added to Exchange Computer Groups Associated to Exchange Rules Heartbeat from EX 01 MOM Server passes down. Install Exchange new EX 01 assigned rules Management Pack rules run locally alerts, events, and perf sent to MOM server W 2 K 01 W 2 K 02 … W 2 K 09 EX 01 Collects Atrributes (Registry Keys)
MOM Demo
It’s All About Knowledge INVESTMENT PRESENTATION KNOWLEDGE INSTRUMENTATION 1995 2000 2005
Management Pack = Knowledge • Processing rules • Processing rule groups • Computer attributes • Notification groups • Providers • Scripts • Views
MOM Operations Manager 2000 Base License Modules l Windows NT 4. 0 (limited) l Windows 2000 l Windows 2003 l Event Collector l Component Services (MTS) DNS DHCP WINS RRAS MSMQ MSDTC NLB MSCS (Cluster Services) WSRM (Windows System Resource Manager) FRS l MOM l l (Default Windows Events) l l l l l Active Directory™ Group Policy Terminal Server IIS 4, 5 & 6. Net Framework Hardware via WMI Windows Share. Point Services Windows Media® Services 9 Series l l l
MOM Operations Manager 2000 Server Application License (AMP) Modules l Exchange 5. 5 and 2000 l SQL Server 7. 0 and 2000 l Proxy Server 2. 0 and ISA Server 2000 l Site Server 3. 0 and Commerce Server 2000 l SNA Server 4. 0 and Host Integration Server 2000 l Application Center Server 2000 Modules that only require base license l Exchange 2003 l Biz. Talk 2002 Ent Ed & 2004 l Share. Point Portal Server 2003 Microsoft Identity Integration Server 2003 Microsoft Office Live Communications Server (LCS) 2003 Microsoft Office Project Server 2003 SMS 2. 0 and 2003 l l
Net. IQ XMP Library Microsoft Technologies l XMP for Windows NT 4 Base l XMP for Windows NT 4 Apps l XMP for Windows Analytics l XMP for Microsft Apps Analytics Third-Party Applications l XMP for Oracle l XMP for Lotus Domino l XMP for Web Services Management Connectors l Tivoli Enterprise l Micromuse Netcool l HP Open. View Operations l HP Open. View Network Node Mgr l Net. IQ App. Manager l Net. IQ End 2 End Hardware l XMP for Server Hardware Ø Compaq/HP, Dell, IBM l Upcoming: Brocade Switches Security Management l XMP for Windows Security l XMP for Anti-Virus Ø Mc. Afee, Symantec, Trend Micro l Security Analyzer MP Platform Agents l XMP for Novell Netware l XMP for Sun Solaris l XMP for Red Hat Linux l Upcoming: IBM AIX and HP-UX
Other Partners Extending MOM l l l HP – Insight Manager Dell - Open. Manage Citrix – Meta. Frame XP and WMI Provider Quest – integration of Spotlight with MOM e. Xe – WMI Event Providers for MVS, AS 400, Unix, Linux & network equipment Metilinx – UNIX, Linux HP - HP Openview Service Desk Netreon – Brocade SAN management CA Unicenter TNG – connector included in latest version Jala. SOFT - Cisco Network Devices, APC UPS, F 5 Big. IP Full Arour Ø l l l Audits GP changes and feeds into MOM Actional Web Services MP Unicenter Web Services MP Amberpoint Net. Pro Skywire – i. Wave Integrator Veritas
Itheon Total. View for MOM l l Service Level Management representation from MOM data Business Service View Ø Ø Ø Business Process Geography Responsibly
MOM Demo Creating you own Management Pack
MOM Integration with Heterogeneous Systems
Connecting MOM and Third Party Management Systems 3 rd Party Management System e. g. Tivoli, HP Openview, etc. MOM 2005 Management Group MCF Product Connector MCF Web Service MCF Management Pack Product Connectors Available in Resource Kit Tivoli TEC HPOVO HP NNM MOM Generic (web service)
Extending MOM Heterogeneous platform support l l l MOM MP for IBM AS/400 MOM MP for IBM z/OS MOM MP for non-Windows Ø Ø Ø Unix, Linux Networking equipment, Firewalls, Power devices SAN, NAS Applications Any Vt 100, Telnet and/or SSH capable device SNMP l All products ship with the same components: Ø Ø WMI Event Provider (generates extrinsic events) MOM MP Reports Support Tools § § § Configuration Tool (Win 32 GUI) Management scripts (provide same functionality as Configuration Tool) Software License Program
Extending MOM Heterogeneous platform support Get Connected! Features and Benefits: • Meti. Linx Connector for MOM captures unique, correlated system health measurements. • It then normalizes and integrates this data with MOM, enabling managers to greatly expand this already powerful tool. • Meti. Linx can transform MOM into a heterogeneous tool for analysis and reporting. • Monitoring and analysis of: • Windows NT 4 • Windows 2000 • Windows 2003 • HP-UX • Solaris • AIX • Linux • Monitoring of non-Microsoft server hardware. • Management of non-Windows partitions and powerful virtualization capabilities allow groups of servers to be monitored and measured as one entity, to conform more closely with business SLA’s • Centralized alerting • Advanced analysis and reporting
Able to Handle Solaris, AIX, HP-UX Also Supports Red. Hat and Su. SE Linux Sends data from non-Windows platforms to MOM and the Meti. Linx Connector can now alert on non-Windows platforms
Microsoft Solutions For Management Increases your effectiveness of Solution Accelerators managing an IT Lifecycle l Software Update Address primary workloads Ø Critical Patching People, process, and technology l Desktop Deployment Plan, build, deploy, operate Ø New Desktop Provisioning Microsoft Management Technologies Ø Account Management Ø l Server Deployment Ø l Applications Deployment Server role provisioning Service Monitoring Ø Custom MOM reporting
Service Monitoring Solution Accelerator Guidance about which parameters should be monitored Agents Design different configurations MOM DB Multiple geographic locations Master Config Group MOM DB Apply MOF IT processes for incident management MOM DB Agents Agents Build MOM custom reports SQL Reporting Services Templates, Whitepaper Zone Config Group A Zone Config Group B
Futures MOM 2005 and System Center
MOM 2005 New Look
Alerts View
MOM 2005 Web Console
State View
Diagram View
Console Task (Response)
MOM 2005 New Reporting
Reporting l Based on SQL Reporting Service and the System Center Data Warehouse: Ø Ø Ø l Service specific reports out of box Ø Ø Ø l Long term data storage Customization Dynamic/Sophisticated reports Per report security Exporting data to other formats Summary reports Capacity and performance trend graphs Operations reports Resources Availability and Reliability Capabilities Ø Ø Ø View or print Publish to Web site Schedule generation offline
MOM 2005 Reporting
Service Monitoring Version 2. 0 (H 2 CY 04) l l Developed for MOM 2005 Auto-ticketing Ø l Send MOM notification to a different target Alert Tuning Ø l Minimize MOM down time in the event of a disaster Notification workflow Ø l Best practice guidance on alert to ticket properties mapping with sample code snippet Service Continuity Ø l db Optimizing MOM management packs Tiered Data Warehousing Ø Propagate data from multiple MOM 2005 management groups into a central System Center data warehouse db
Service Monitoring Auto Ticketing Scenario for MOM 2005 Enterprise Management Data Center Exchange db Incident Ticketing Systems db MO Con M nect or Management Framework Exchange DOS db MOM 2005 Exchange
Custom Reporting SQL Reporting Services Record Failure Events MOM Event collection Automated Enterprise event collection Rules based filtering and consolidation Proactive alerting/action response Performance thresholds MP - Rules libraries Built-in knowledgebase Historical Data Action MOM - Automated Script, Email, Pager, Send to other tools… MOM Connectors for other 3 rd Party Management tools Enterprise Incident Management Practice MOM Performance collection Historical DB Whitepaper for Custom Reporting with SQL Reporting Services Reporting Management Trend reports
Reporting Server Distributed Enterprise
Desired State Capacity Planning Data Reporting Warehouse Server Distributed Enterprise
MOM 2005 Schedule l Beta 3 Ø Ø l l l March 10 http: //beta. microsoft. com Guest ID = MOM 2005 Beta Release Candidate June RTM CYQ 4 RTM + 60 Localized (Japanese, German, French)
Case Studies l l l l Avenade ALTO Group/Clear. Pointe Australian Taxation Office Center. Beam Cinergy Commonwealth Games (Manchester, UK) Erste Bank Gmb. H Greater Shepperton City Council (Australia) HNTB Corporation Intersil Microsoft Operations Technology Group OTP Bank Rackspace Managed Hosting Scottish & Southern Energy (UK) SUVA WCI (UK)
Microsoft Operations Manager Solves the Management Issues l l Enables single-point-of-management of highly distributed enterprise Proactively delivers on service level management Scales both technologically and organisationally Eliminates the need to “manage the management system” WM I Performa nce Thre sholds ta lanning Da Capacity P SNM ps Tra P Operations Manager nts Eve tion lica App Events ows 2000 Windo w UN IX s NT Event s Sys tem Log s
Resources Microsoft Operations Manager 2000 § http: //www. microsoft. com/mom Management § http: //www. microsoft. com/management Microsoft Solution for Management § http: //www. microsoft. com/solutions/msm Microsoft Management Alliance § http: //www. microsoft. com/management/mma Microsoft Systems Management Server v 2 § http: //www. microsoft. com/smsmgmt Microsoft Application Center 2000 § http: //www. microsoft. com/applicationcenter Tech. Net
MOM Demo Backup slides
ASP-SQL Error > ASP SQL Alert! (based on 2 events) ‘n’ events) Back End SQL Server MOM Server IIS Server 1 IIS Server 2 Event Web Clients
ASP SQL Demo Pinpointing problem, event consolidation and company knowledge
Security Scenario Login Attack A security administrator wants to monitor the number of servers in a domain where more than 3 unsuccessful logon attempts have been logged within a 30 second time span When the number of servers where such an occurrence is verified is greater than 10 in the space of an hour, the administrator wants to create a security breach alert
The “Engine” ID 529 Consolidation rule • Consolidate all 529 events within 30 seconds • ID 529 • Repeat Count > 3 } Event rule Agent Global. Failed. Logons++ Timed rule { Consolidator <= 10 then Global. Failed. Logons = 0 Global. Failed. Logons > 10 then create alert Global. Failed. Logons = 0
Processing Rules l Consolidation Rule Bundles all events that happen within a time span l Event processing Rule Increments a global state variable if criteria is met l Timed Rule Triggers a script that: Resets state variable OR Generates an alert and Resets state variable
Login Attack Demo Consolidating events from multiple servers
Code Red Worm l l Self-propagating malicious code Attempts to connect to TCP port 80 on a randomly chosen host Attacking host sends a crafted HTTP GET request to the victim Worm activity on a compromised machine is time sensitive Ø Ø Ø Day 1 - 19: The infected host will attempt to connect to TCP port 80 of randomly chosen IP addresses in order to further propagate the worm. Day 20 - 27: A packet-flooding denial of service attack will be launched against a particular fixed IP address Day 28 - end of the month: The worm "sleeps"; no active connections or denial of service
Code Red Demo Monitor for Code Red by checking threshold for Total Not Found Errors on Web Service
WMI Architecture And Events WMI Consumers (MOM, scripts, etc) CIMOM Query Service Exchange . NET Event Service NT Event Log WMI Providers Common Information Model Repository SQL Server SNMP Active Directory
Using WMI Event Queries l l Use WQL (a SQL subset) to define event subscriptions Queries specify: Ø Ø Ø l l What kind of event you want to receive What conditions are necessary for an event If applicable, how often to watch for changes State change events vs. system events WMI events can be from Windows® or. NET applications – there is no difference
State Change l Example: Check every 10 minutes to see if any logical drive has fallen below 10 MB of free space Ø l Event received is an __instancemodificationevent object Ø l l Select * from __instancemodificationevent WITHIN 600 WHERE Target. Instance ISA ‘Win 32_Logical. Disk’ AND Target. Instance. Free. Space < 10000000 AND Previous. Instance. Free. Space > 10000000 There also creation and deletion events Polling is generally needed but there are exceptions. Events come from monitoring changes in instance data The current/previous instance data is returned as embedded objects for modification
System Events l Example: Send an event when a power state event occurs in the system Ø l l Select * from Win 32_Power. Management. Event received is a Win 32_Power. Management. Event object No polling required; event is driven from an actual notification/callback
Sound Volume Demo Alerter Service Demo Using WMI to monitor and take multiple actions
Rules and Notification Groups Processing Rule Group (PRG) Provider l l NT Event Log WMI SNMP Log Files Criteria l Computer Group (CG) Response Where source=DCOM and Event. ID=1006 l l Alert Script SNMP Trap Notification
“Sources” for MOM
Application Log l l IIS Logs Unix Syslogs SQL Trace Logs Generic Single Line provider Ø Text file with CR
Creating Your Own Rules Demo Creating an event rule with multiple responses
What if there is no event? l l Use a timed rule to run a script Scripts have context objects that allow then to alert into MOM Scripts can be VBScript, JScript or Custom - Perl or Rexx for example All scripts provided are visible and so can be used as templates for your own scripts
Script Demo Script rule to regularly check a server is alive
Monitoring and Reporting l Provide useful reports Out of box Ø 140+ predefined reports § § l l l Summary reports Capacity and performance trend graphs Operations reports Application specific monitoring of resources, traffic, availability View/print reports on demand Publish reports on the web Schedule offline generation of reports
Reporting Demo Reports via Access or Browser Reporting against a reporting database
Скачать презентацию Microsoft Operations Manager 2000 Ian Blyth Principal Systems
723e6c851e579b4f73059e1ee14f63a2.ppt