Upload
jeffry-barber
View
219
Download
4
Tags:
Embed Size (px)
Citation preview
MOM Essentials 3: Extending Microsoft Operations Manager (MOM) 2005 - Part 1Paul Collins
Microsoft UK
Welcome to this TechNet Event
FREE fortnightly technical newsletter: “The TechNet Flash”
FREE regular technical events hosted across the UK
FREE quarterly technical magazine – “TechNet”
FREE weekly UK & US led technical webcasts
FREE comprehensive technical web site
Monthly CD / DVD subscription with the latest technical tools & resources and full-version evaluation and beta software. 30% off until 31 March 2006
We would like to bring your attention to the key elements of the TechNet programme; the central information and community resource for IT professionals in the UK:
To subscribe to the newsletter or just to find out more, please visit www.microsoft.com/uk/technet or speak to a Microsoft representative during the break
Agenda
Creating Custom Management Packs
Managing Non-Windows Devices with Microsoft Operations Manager (MOM) 2005
Overview
MOM 2005 Introduction
What’s new for MPs with MOM 2005
State Monitoring
Tasks
Responses
Service Discovery
Management Pack Tools
MOM Architectural Overview
Data sources –Events: Windows, application, WMI, service change, SNMP traps,
timed events, missing events, UNIX syslogs…
–Performance data: Used for graphs, reports, and to set thresholds
Alerts–MOMs indication of a particular issue
What operators see first
–Based on events, performance thresholds or script output
Response–Reaction to an alert (auto-resolve, send e-mail, page, run script)
Management Pack (MP)–Set of Processing Rules to monitor applications
–Supporting views and reports
MOM Rule: Unit Of Instruction/PolicyEvent Rules
– Collection rules
– Filtering rules
– Missing event rules
– Consolidation rules
– Duplicate Alert Suppression
Performance Rules
– Measuring
– Threshold
Alert Rules
RuleRule
ProviderProvider
NT event logNT event log
Perfmon dataPerfmon data
WMIWMI
SNMPSNMP
Log filesLog files
SyslogSyslog
CriteriaCriteria ResponseResponse
AlertAlert
ScriptScript
SNMP trapSNMP trap
PagerPager
E-MailE-Mail
TaskTask
Managed CodeManaged Code
File TransferFile Transfer
WhereWheresource=DCOM source=DCOM and Event and Event ID=1006ID=1006
KnowledgeKnowledge
Product Product KnowledgeKnowledge
Links to Vendor Links to Vendor
Company Company KnowledgeKnowledge
Links to Links to Centralised Centralised Company Company knowledgeknowledge
What Can Management Packs Provide?
Monitor line of business applications or business process
Monitor the state of your business
Monitor third party applications and components
Understand how applications are actually being used
What’s New For MPs With MOM 2005?
State Monitoring
Topology
SQL Server Reporting Services Reports
Tasks
Service Discovery
Improved Knowledge
Management Pack Features
Alerts: Calls attention to critical events that require administrator intervention
– Product Knowledge: Provides guidance for administrators to resolve outstanding alerts
Views: Provide targeted drill down details about server health
– Performance plots, collections of specific events/alerts, groups of servers , topology, etc.
State Monitoring: At a glance view of the state of my servers and applications by server role
– Detail to component level
Tasks: Enable administrators to investigate and repair issues from the MOM console
– Context sensitive diagnostics and remediation
Reports: Historical data analytics
– Assess operations performance and capacity planning
Health And Diagnostic Modeling Concept
What is a Health Model?
– Health States
– State Transitions: Defined by indicators (e.g., events)
Organizes health indicators into an end-user digestible context
Alert = actionable health state transition
EG2
EG1
Stopped
EG3EG4
Running
Failed
Health Modeling Process
List all Events and Performance Counters
Analyze each Event and Performance Threshold
–For each define
– State Before, State After
– Probability
– Auto-Retry (self-healing)
– “Anti Event” (indicates situation was corrected)
– Resolution (action required)
Analyze data to define Event and Performance Threshold Groups (e.g., EG1;PG1)
Produce Health Model Diagram
State Rules
Advantages
–State is always current
– “What is the server status now?”
–Problem taxonomy
– What aspect of my server is having the problem?
– Role (Exchange, DNS, etc.)
– Component (Services, Queues, Mail Flow, Databases)
Typical candidates for state-based rules
–Numeric thresholds (e.g., perf counters)
–Service State
Event Monitoring
Event rules can be used for state monitoring
An event rule which adjusts state must match at least two event IDs using a regular expression
Regular expressions are written in the form 1 | 2 | 3 and wrapped with ^(expression)$ to prevent mismatches
Event Monitoring in ActionRule - Microsoft Operations Manager\Operations Manager 2005\Agents on all MOM roles\The incoming agent queue is full
Performance Monitoring
Query and threshold Windows Performance counters as part of your management pack
Specify counter attributes to query
–Object
–Counter
– Instance
Excellent targets for easy state monitoring
Performance Monitoring in ActionRule - Microsoft Operations Manager\Operations Manager 2005\Agent\Performance Threshold: MOM Service CPU
Management Pack Wizard
Ships in the MOM 2005 Resource Kit
Build a management pack in 5 clicks containing
–Rule Groups
–Service Monitoring
–Performance Thresholds
–Event Monitoring
The wizard automatically generate scripts and underlying logic including regular expressions
Management Pack Wizard Advantages
Easy to use, requires no real Technical Knowledge
Good with any application that writes to the event log and\or has performance counters
Automatically creates a service discovery rule
Automatically creates a service checking rule with State aware properties
Management Pack Wizard Disadvantages
It is dependent on the application writing to the event log and\or performance counters
Application needs an Windows service to utilise discovery\service checking rules
Event data extracted can be quite raw depending on the application vendor
You need to add your own product specific Knowledge
Needs to be updated manually when new features or updates are added to the application
Clear Text Log File Monitoring
MOM comes with custom App Log provider
Gives the ability to read a clear text log file
MOM parses each line of log file as a windows event
Custom rules can then be created that will search for keywords in the event
Ideal when application does not write to event log
Steps for Creating a Clear Text Log Provider
1. Create a Provider:
Provider Name: MyApp_Provider
Provider Log Type: Generic single line Log
Format: Generic
Directory: c:\<my app directory>
Pattern: MyAppSampleLogFile*.txt2.
2. Create a Collection Rule
Data Provider: MyApp_Provider
Store All the Parameter - This will show all the events for the log file
3. Create a Event Rule:
Data Provider: MyApp_Provider
Criteria: Parameter 4 matches Boolean regular expression '(Error;)'
This will alert for the entry which has 'Error;' in the text
SNMP Trap
If application is SNMP enabled then MOM can collect SNMP specific data using SNMP WMI Provider
SNMP must be set up on Agent
Application SNMP MIB must be compiled on MOM agent using SMI2SMIR command
Collection rule must be created to get the SNMP traps from application
SNMP trap is turned into an event
Event rule created to search for specific text
Example SNMP Trap
__CLASS=SnmpV1Notification__DERIVATION=SnmpNotification,__ExtrinsicEvent,__Event,__IndicationRelated,__SystemClass__DYNASTY=__SystemClass__GENUS=2 (0x2)__NAMESPACE=__PATH=__PROPERTY_COUNT=7 (0x7)__RELPATH=__SERVER=__SUPERCLASS=SnmpNotificationAgentAddress=1.1.1.2AgentTransportAddress=1.1.1.2AgentTransportProtocol=IPCommunity=publicIdentification=1.3.6.1.4.1.318.0.47TimeStamp=2660305 (0x2897D1)VarBindList={instance of SnmpVarBind {1.3.6.1.4.1.318.2.3.3.0 = UPS: Batteries discharged.;}, instance of SnmpVarBind {1.3.6.1.6.3.1.1.4.3.0 = 1 (0x1),0 (0x0),0 (0x0),0 (0x0),3 (0x3),0 (0x0),0 (0x0),0 (0x0),6 (0x6),0 (0x0),0 (0x0),0 (0x0),1 (0x1),0 (0x0),0 (0x0),0 (0x0),4 (0x4),0 (0x0),0 (0x0),0 (0x0),1 (0x1),0 (0x0),0 (0x0),0 (0x0),'>' 62 (0x3E),1 (0x1),0 (0x0),0 (0x0);
Missing Event Rule
Allows you to alert when an expected event does not occur
Ideal for instance where a job is expected to run or a service is expected to start
Created in the same way as a standard event based alert rule.
Can be used in conjunction with a consolidation rule to look for multiple events
Custom Scripts
Can be used to simulate application transactions e.g. remote connectivity over WAN links
Health checks on applications to see if essential services are running
Collecting information about applications using the registry and WMI namespace
Use existing scripts for examples
Overview
Leveraging infrastructure in MOM
–SNMP
–Syslogs
MOM and Scripts/Managed Code
–MOM Scripts
–Managed Code
Third Parties
–Jalasoft
–AppMind
–Quest
Summary
What Can I Monitor?
Should be able to monitor anything that is connected and available to MOM
How can you get the data/instrumentation out of these different devices/systems and into MOM
– Instrumentation (inside out) SNMP, Syslog
–Synthetic transactions (outside in) MOM + Scripts/Managed Code
The Problem
!?i
Event RuleEvent Rule
Perf RulePerf Rule
EventEvent
Perf DataPerf Data
AlertAlert NotificationNotificationManagedManagedDeviceDevice
SNMP
WMI SNMPWMI SNMPProviderProvider
WMIWMI
Event RuleEvent Rule
SNMPSNMPCollectorCollector
ManagedManagedDeviceDevice
WMI ProviderWMI ProviderSELECT * SELECT * FROMFROMSnmpNotificationSnmpNotification
WindowsWindows
MOMMOM
Receiving SNMP
SNMP Receiver
– Install SNMP and SNMP WMI Provider
–Configure SNMP Security
–Compile MIB (SMI2SMIR utility)
SNMP Sender
–Configure community and target
MOM
–Create event rule(s) with SNMP provider
–Deploy rule(s) to SNMP receiver
–MOM alert by default is associated to the SNMP Receiver (can change through a script response)
Syslog
Application LogApplication LogProviderProvider
SyslogSyslogCollectorCollector
ManagedManagedDeviceDevice
Event RuleEvent Rule
Syslog PortSyslog Port
Receiving Syslogs
Sender–Configure Syslog target
Receiver–Create event rule(s) with Application Log provider of Syslog type
–Deploy rule(s) to Syslog receiver
MOM–Rules deployed to agent computer receiving traps and messages
–Data contained in description and parameters
–Simple string comparison or regular expression
–Alert is associated to the IP Address
How is a new computer added?
A piece of data is attempted to be inserted into the DB with a new Domain/Computer name
–Domain = NTDEV, Computer = MACHINE1 is different to MOM than Domain = BLANK, Computer = MACHINE1
Scenario
– If Domain/Computer already exists then the data item is associated to it
–Otherwise a new computer is added (Managed Type = UnManaged)
Scripts And Executables
Scripts–Script can often collect data and are a very extensible way to insert
data into mom (events, perf data, discovery data, alerts)
–Programmatically create events and perf data
–Don’t create alerts directly (insert events/perf data then use rules to create alerts)
Executables–Can be called from a MOM rule
–Challenge is getting information back to MOM
–Can either write to event log (or other source we can access) or use MCL to go directly MOM
Scripts
ScriptScript
ScriptScriptExecutionExecution
ManagedManagedDeviceDevice
Event RuleEvent Rule
Timed ProviderTimed Provider
DataDataSourceSource Script-generated DataScript-generated Data
Creating Events/Performance Data
LoggingComputer property on the Event object
SourceComputer property on the PerfData object
CreateEventCreateEvent
ScripScriptt
EventEvent
AgentAgentServerServer
LoggingComputer=DEVICE01LoggingComputer=DEVICE01LoggingDomain=NonWindowsLoggingDomain=NonWindows
CreateEventCreateEventEventEvent
CreateEventCreateEventEventEvent
CreatePerfDataCreatePerfDataPerfPerfDataData
SourceComputer=DEVICE01SourceComputer=DEVICE01SourceDomain=NonWindowsSourceDomain=NonWindows
Sample Script – ATM Devices
Set objEvent = ScriptContext.CreateEvent()Set objEvent = ScriptContext.CreateEvent()
objEvent.EventSource = "ATM Error"objEvent.EventSource = "ATM Error"
objEvent.Message = "Insufficient funds available."objEvent.Message = "Insufficient funds available."
objEvent.Category = "ATM"objEvent.Category = "ATM"
objEvent.EventNumber = 232objEvent.EventNumber = 232
objEvent.EventType = 1objEvent.EventType = 1
objEvent.LoggingComputer = "ATM7365"objEvent.LoggingComputer = "ATM7365"
objEvent.LoggingDomain = "ATM"objEvent.LoggingDomain = "ATM"
ScriptContext.Submit objEventScriptContext.Submit objEvent
Third Party Extensions
Value add is in the knowledge of the non-Windows device
May add other Management Pack features
–Diagrams
–Scripts
–Tasks
–Reports
Connectors
MOMMOMOther Management ProductOther Management ProductDeviceDevice
Existing monitoring tool might meet requirements
Use connector to functionally have a single monitoring environment
Might even have simpler solution than a full connector
Third Party Examples
Company Platform Strategy
AppMind VMS
Unix/Linux
MCL
eXc Unix/Linux
Network Devices
Storage
WMI provider
Jalasoft Unix/Linux
Network Devices
MCF, MCL
Metilinx Unix/Linux MCF
Quest (Vintela) Unix MCF, MCL
http://www.appmind.com http://www.excsoftware.com
http://www.jalasoft.com http://www.metilinx.com
http://www.quest.com http://www.vintela.com
Xian Network Manager 2005
Seamless Integration with Microsoft Operations Manager
In depth Monitoring and Management of Network Infrastructure Components
Cross Platform Highly Scalable Solution
Automatic Scanning / Monitoring for Device Discovery
Asynchronous / Real time monitoring Server
Linux and Solaris Monitoring
Quick n’ Simple Installation and Deployment
Xian / MOM Architecture
Transfer Data
Send Alerts and Performance Data
Retrieve data
Xian Network Manager 2005
Microsoft Operations
Manager 2005
SQL Reporting Server
Xian Database MOM Database SQL Reporting DB
Any Network Device
Linux Servers
Solaris Servers
Xian / MOM Today
Cisco Switches / Routers / PIX / VPN
HP ProCurve Switches
3COM Switches
Nortel Switches
NetScaler Switches
F5 Networks Big IP
APC UPS
Linux Red Hat, SUSE, Fedora Servers
Solaris Sun Solaris Servers
AppMind System Agent – Features
Agent technology for Unix, OpenVMS, Linux and VMWare ESX
System Monitoring of CPU, Memory, I/O, Disk etc.25-100+ metrics per OS
Process Monitoring of Applications and Daemons
Logfile Monitoring of Syslog and Application logs
Out-of-the-Box default configuration
Failover functionality for redundancy
Easily extendable through Scripting C/C++/JAVA APIs
AppMind System Agent – MOM Integration
Seamless integration, manage non-Windows systems just like your Windows systems
Dynamic integration, systems are automatically discovered and added to MOM.
250+ Event Rules all with Product Knowledge helping you manage non-Windows systems efficiently
Out-of-the-Box Performance View for real-time graphing
State View integration with 6 custom Server Roles with 2 – 7 Component each. Nearly all Alerts are Stateful.
Diagram Integration for easy graphical overview of all non-Windows systems
AppMind – Roadmap & Purchasing
Extended Platform Support: AIX, SCO, Tru64, OpenBSD, FreeBSD, NetBSD and Mac OSX
Out-of-the-Box management of Oracle, MySQL, WebSphere, SAP and many other 3rd party applications
Evaluation software at www.appmind.com
Quest VSM Components
VSM Service
OpenWBEM
Push Installation
Update Agent
Rule Processor
Provider Interface
Quest VSM
OpenWBEM (www.openwbem.org)
–Quest is the principal author of this award winning open-source implementation of the CIM specification
–VSM’s platform for MOM integration
–Open standard – Distributed Management Task Force (dmtf.org)
–Event and Numeric Event Providers
Other Partners of Quest (VSM)
–Does not extend other enterprise management product
–Does NOT work without MOM installed
Non-Windows OS Support
Linux RedHat AS/ES/WS 2.1 & 3.0 (i386)
Linux SuSe 8, 8 Enterprise, 9, & 9.1
Solaris 8, 9 & 10
AIX 5.*
HP-UX 11i (11.11 PA RISC)
Management Pack Support
Supports:
–Computer Groups
–Computer Attributes
–Rules Groups
–Event Rules
–Numeric Rules
–Performance Data Collection
–Automated Responses
–Scripting with State Variables
–Script API
–Reports
Management Packs completely supported
Summary
MOM is extremely extendable and can be used not only to manage your Microsoft Infrastructure but your third-party apps too
–Leverage in the box functionality and Resource Kit Tools
–Take advantage of our different partner solutions
MOM can be used today to manage your heterogeneous environments
–Leverage in the box infrastructure
–Take advantage of our different partner solutions