ACS Part I : Introduction & Collector Installation
Hi everyone,
With Operations Manager 2007, Microsoft introduces Audit
Collection Services (ACS) as an optional but integrated component of an OpsMgr
management group. By deploying and using the ACS components of Operations
Manager, the administrator will be able to store and present security audit
information.
What is the idea?
ACS Forwarder: It's your servers/workstations where you
installed an OpsMgr Agent and for which you want to collect the security event
log.
ACS Collector: It's an OpsMgr management server which will be
designated as an ACS collector.
ACS DB: ACS requires having his own database. Depending of the
numbers of you forwarder, the DB could grow really fast. Satya Vel, a System
Center Program Manager, published an Excel sheet for helping you to size the
ACS DB. (http://blogs.technet.com/b/momteam/archive/2008/07/02/audit-collection-acs-database-and-disk-sizing-calculator-for-opsmgr-2007.aspx)
ACS Reporting: ACS is using SQL Reporting Services, so you have
the choice to install a new fresh server, or using the one that you already
used for OpsMgr reports. If you want to use your existing SQL Reporting server
and want continue to be in a Microsoft supported configuration, each time that one
of your Security Administrators want to generate an ACS report, he will have
to enter his credentials.
The best practice is to generate ACS reports directly from
the SQL Reporting web interface and not directly from the integrated reporting
pane available in SCOM console. This is due to the fact that ACS reports could
contain sensitive information and you don't want that all your SCOM Operators
could see that information. The other advantage, and that you just need to
provide the web url to you Security Administrators, no need to install the SCOM
Console.
Security Administrator: Is the person of you company that will
be able to generate ACS Reports through the web interface of SQL Reporting
Services.
Pre-requisites
I invite you to take a look to the Operations Manager Supported Configuration page available on Technet : http://technet.microsoft.com/en-us/library/bb309428.aspx
What do you need :
-
OpsMgr infrastructure.
-
Service Account (a simple domain user).
-
A database server (Grant your service account to
interact with the DB Server.
-
A dedicated management server that you will use as ACS Collector. (Grant your service account as Local Administrator).
-
Active Directory Group which contains your
Security Administrators.
-
A reporting server (Dedicated or the one used
for OpsMgr reporting).
Collector Installation
1. Log on to your dedicated management server with
your service account.
2. Launch in the OpsMgr setup and click on Install
Audit Collection Server.
3. Choose Create a new database.
4. ACS uses a ODBC connection to SQL, here you can
modify the Data source name.
5. Select Remote database server
6. Select Windows authentication
7. I suggest keeping the default parameter, Use
SQL Server's default data and logging file directories.
8. Number of day an event is retained in
database, is the maximum age for which you'll be able to generate ACS
report. Keep in my that higher the number of days is, more space your DB will
use.
9. In the case, we use only one ACS DB, select Local.
10. Summary of the installation options
11.
Click ok to confirm Authentication information
12.
Installation of the ACS Collector finished
Now, you have your first collector installed 
The next post will be about the publication of the ACS reports on the reporting server.
Feel free to contact in case of any remarks and/or comments.
Christopher KEYAERT