You are browsing the archive for 2011 May.

Microsoft System Center Operations Manager 2012: Setup and Config

8:30 am in Uncategorized by Christopher Keyaert

The TechEd 2011 is now finished, for the one who didn’t get the chance to be there, the Microsoft System Center Operations Manager 2012: Setup and Config session is now available online. (Speaker : Maarten Goet, Rob Kuehfus)

How to start, stop and delay an Opalis Policy

12:00 pm in Uncategorized by Christopher Keyaert

Hi all,

Today, I will present a little case that I need to deal with at one of my customer. My case Study is quite simple, I’ve got a Monitor Policy which creates an Incident/Ticket each time that a critical alert is raised in Operations Manager.

I will simplify this policy to the one below :

clip_image001

The scenario, a maintenance is planned on my Incident management platform, so at the convenience time I need to stop my Monitor Policy, wait the end of the maintenance window and after start my Monitor Policy again. As Opalis allows us to orchestrate our activities, I want to automate that task.

No object presents in the default integration packs allow us to do these actions easily.

· How could I stop an Opalis policy through another policy ?
· How could I schedule the start of an Opalis policy ?
· How could I pause my policy for some minutes ?

So we just have to create it with the Opalis Quick Integration Kit (QIK). J

Basically, I need to schedule an action, stop a policy, wait the end of the maintenance window and start my policy.

clip_image003

I invite you to read carefully the post of Adam Hall, Snr. Technical Product Manager for System Center Opalis/Orchestrator : Migrating a PowerShell script to an Opalis Activity

Thanks to this article and some PowerShell command I’ve been able to create three 3 new Opalis objects :

clip_image004

1. Sleep object: As input it simply takes a number of seconds and your policy will pause for the define time.
2. Start At: Specify a date and time for starting/continuing your policy.

3. Stop Policy:
This object allows you to stop an Opalis policy from another one. It uses the sp_StopAllRequestsForPolicy SQL store procedure. As input it needs the Opalis Sql server name, database name, and the name of the policy that you want to stop.

Be carefull, the policy name that you specified must be unique, because this object will stop all the policies that are using the specified policy name. For example, if you’ve go more than one policy that is named “1.Monitor”, this object will stop all of them, and that certainly not what you want because that impact directly the others running policies. So be careful with it and always use an unique name for the policy that you want to top.
Now, we will use these news objects for stopping the Monitor Policy below during a maintenance window and restart it after, for that we created a Maintenance Window Policy.

Let’s configuring it

Monitor policy (Policy that we want to plan the stop)
clip_image001[1]

Maintenance window policy

clip_image003[1]

Start At: We decided to plan the stop of the Monitor policy the 05/17/2011 at 04:28 PM.clip_image005

Stop Policy: We want to stop the Monitor policy (which is my OEA-IncidentCreation).
image

Sleep: Here we defined a maintenance window of 5 minutes.clip_image007

Start Policy: Simply use the Trigger Policy object provided in the default integration pack for starting the Monitor Policy.clip_image008

 

Let’s testing it

1. Now, we just have to start the Maintenance Window policy and go on weekend, Opalis will orchestrate the maintenance for us.
clip_image009

2. The Start At object will wait the specified date/time for releasing/continuing the rest of the policy.
clip_image010

3. At the defined date/time, the policy is released and our Monitor Policy well is stopped by the Maintenance Policy.
clip_image011

4. Our monitor policy is stopped
clip_image012

5. The sleep object will now pause the policy for the duration of your maintenance window.
clip_image013

6. When the maintenance window is ended, the monitor policy will start automatically.clip_image015

7. Our Monitor Policy has been well started.
clip_image016

You can directly download the integration pack which is containing these news objects and the source code: Download.

Remember, this is provided “As is” without any support and/or guarantee.

Feel free to contact me through the blog comments for any questions and/or remarks.

Christopher KEYAERT

Microsoft System Center Operations Manager 2012: Overview

6:50 am in Uncategorized by Christopher Keyaert

The first of four sessions on Operations Manager 2012 has been presented at the Tech Ed North America 2011. This session provides you with an overview of the capabilities in Operations Manager 2012.

 

ACS Part III : Forwarder deployment

2:27 pm in Uncategorized by Christopher Keyaert

I invite you to read the previous posts :

ACS Part I : Introduction & Collector Installation
ACS Part II : ACS Reports Deployment & Access

Now that your collector and reporting servers are up and running, we will enable the Forwarder service for the servers that you want to store security events in the ACS database.

1. Go to the OpsMgr Console > Monitoring > Operations Manager > Agent State.
image

2. Select the servers for which you want to enable the ACS forwarder and in the task pane, click on Enable Audit Collection.image

3. Click on Override  and precise your ACS Collector server name in the new value field.image

4. Review your configuration :image

5. Click on Run and review the result :image

6. To check if your forwarders are well connected to your Collector, you could go to the OpsMgr Console > Microsoft Audit Collection Services > Collector > Performance > Connected Clients.
image

You have now a functional ACS environment. Smile 
The next posts will be about the ACS Reports utilization and on how to use ACS in an untrusted environment.

Christopher KEYAERT.

ACS Part II : ACS Reports Deployment & Access

5:58 pm in Uncategorized by Christopher Keyaert

Previous post about ACS :

ACS Part I : Introduction & Collector Installation

Reports Deployment

Now that you have a running ACS Collector, you have to publish the ACS Reports on your SQL Reports Services server. 

1. From the Operations Manager source, copy the files and folders present in the ReportModels\ACS to temporary folder, for example: D:\ACS
clip_image002

2. Open a command prompt
3. Go to the folder you just created (D:\ACS)
4. Executing the following command

UploadAuditReports.cmd reportsrvfqdn http://reportsrvfqdn/ReportServer ACSFOLDER

clip_image003

5. Don’t take care of the two warnings

clip_image004

6. Start your web Brower and go to http://reportsrvfqdn/Reports

clip_image006

7. Click on Show Details and go to DB Audit.
8. Adapt the Connection String field to point to your ACS Database
For example:
data source= xxxx\SQLDB1;initial catalog=OperationsManagerAC;Integrated Security=SSPI

9. If you are using the same reporting for Operations Mananger and ACS, select also the option Credentials supplied by the user running the report and check Use as Windows Credentials when connection to the data source.

clip_image007

10. Click Apply.

Access Control List

1. Create a new Active Directory group for your Security Administrator and add them as member. (By example: SCOM2007-ACSAuditors)

2. Go to your Database server and add the group as Users for you ACS DB.

clip_image001

3. Grant your group as db_datareader of your ACS database.

clip_image002

4. Your Security Administrator could now access to the ACS Reports through the SQL Reporting Services Web Interface : http://reportsrvfqdn/Reports  > Audit Reports

The next post will be about the ACS Forwarder Configuration.
Feel free to contact in case of any remarks and/or comments.

Christopher KEYAERT

Extend System Center to VMware – Don’t miss Veeam Free Webinars in May!

2:27 pm in Uncategorized by Christopher Keyaert

Extend System Center to VMware

Protect your investments in Microsoft System Center and manage your physical and virtual environment from one console with the Veeam nworks Management Pack™ for VMware.

The nworks Management Pack provides scalable, fault-tolerant and agentless VMware infrastructure monitoring and management directly in Microsoft System Center, eliminating the need for a separate monitoring framework.

Discover the results of our valued customer feedback and what version 5.6 of nworks Management Pack includes.
May 9, Mon,
starts at 10:00 am (GMT+01:00)
Register

Learn how you can protect your investments in Microsoft System Center and manage your physical and virtual environment from one console.
May 25, Wen, starts at 10:00 am (GMT+01:00)
Register

Christopher KEYAERT

ACS Part I : Introduction & Collector Installation

5:40 pm in Uncategorized by Christopher Keyaert

Hi everyone,

With Operations Manager 2007, Microsoft introduces Audit
Collection Services (ACS) as an optional but integrated component of an OpsMgr
management group. By deploying and using the ACS components of Operations
Manager, the administrator will be able to store and present security audit
information.

What is the idea?

ACS Forwarder: It’s your servers/workstations where you
installed an OpsMgr Agent and for which you want to collect the security event
log.

ACS Collector: It’s an OpsMgr management server which will be
designated as an ACS collector.

ACS DB: ACS requires having his own database. Depending of the
numbers of you forwarder, the DB could grow really fast. Satya Vel, a System
Center Program Manager, published an Excel sheet for helping you to size the
ACS DB. (http://blogs.technet.com/b/momteam/archive/2008/07/02/audit-collection-acs-database-and-disk-sizing-calculator-for-opsmgr-2007.aspx)

ACS Reporting: ACS is using SQL Reporting Services, so you have
the choice to install a new fresh server, or using the one that you already
used for OpsMgr reports. If you want to use your existing SQL Reporting server
and want continue to be in a Microsoft supported configuration, each time that one
of your Security Administrators want to generate an ACS report, he will have
to enter his credentials.

The best practice is to generate ACS reports directly from
the SQL Reporting web interface and not directly from the integrated reporting
pane available in SCOM console. This is due to the fact that ACS reports could
contain sensitive information and you don’t want that all your SCOM Operators
could see that information. The other advantage, and that you just need to
provide the web url to you Security Administrators, no need to install the SCOM
Console.

Security Administrator: Is the person of you company that will
be able to generate ACS Reports through the web interface of SQL Reporting
Services.

Pre-requisites

I invite you to take a look to the Operations Manager Supported Configuration page available on Technet : http://technet.microsoft.com/en-us/library/bb309428.aspx

What do you need :

  • OpsMgr infrastructure.
  • Service Account (a simple domain user).
  • A database server (Grant your service account to
    interact with the DB Server.
  • A dedicated management server that you will use as ACS Collector. (Grant your service account as Local Administrator).
  • Active Directory Group which contains your
    Security Administrators.
  • A reporting server (Dedicated or the one used
    for OpsMgr reporting).

Collector Installation

1. Log on to your dedicated management server with
your service account.

2. Launch in the OpsMgr setup and click on Install
Audit Collection Server.

 

3. Choose Create a new database.

 

4. ACS uses a ODBC connection to SQL, here you can
modify the Data source name.

 

5. Select Remote database server

 

6. Select Windows authentication

 

7. I suggest keeping the default parameter, Use
SQL Server’s default data and logging file directories.

 

8. Number of day an event is retained in
database
, is the maximum age for which you’ll be able to generate ACS
report. Keep in my that higher the number of days is, more space your DB will
use.

 

9. In the case, we use only one ACS DB, select Local.

 

10. Summary of the installation options

 

11.  
Click ok to confirm Authentication information

 

12.  
Installation of the ACS Collector finished

Now, you have your first collector installed [:)]
The next post will be about the publication of the ACS reports on the reporting server.
Feel free to contact in case of any remarks and/or comments.

Christopher KEYAERT