Tuesday, November 19, 2013

SCOM basics

This is the part one of a set of articles related to SCOM

What is SCOM

The defintion from Wikipedia:
System Center Operations Manager (SCOM) is a cross-platform data center management system for operating systems and hypervisors. It uses a single interface that shows state, health and performance information of computer systems. It also provides alerts generated according to some availability, performance, configuration or security situation being identified. It works with Microsoft Windows Server and Unix-based hosts.

Why is SCOM better for us than other alternatives like NAGIOS or ZABBIX?
  • The agents are easier and faster to deploy than NAGIOS/ZABBIX.
  • It fits better in multisystem environments (Linux/Windows/Solaris/HPUX).
  • Easier to costumize.
  • It has a well documented SDK for developing applications.
  • It is included in Microsoft support services, has a big company behind it.
  • Nice report system.
  • It includes APM (since SCOM 2012).
  • There are hundreds of Management packs available from a lot of partners.
Usally SCOM works with an agent in the monitored computer, but it could be agentless,  for example to monitor network devices as switches or routers.
SCOM has two main databases, which work over SQL SERVER, of these DBs one is operational and the other is a reporting database. The old data in the operational database is deleted when grooming (time)  period is reached. The reporting database is used to build reports via SSRS.

What are monitors, rules and tasks

Monitors, rules and tasks are the basic objects in SCOM.
  • Monitors
Monitors show the health status of the monitored object basically, OK,Warning or Error states.
Monitors do not write or collect information to SCOM database. For example, a monitor can show if TCP port is listening or if a process is running in monitored machine.
If a monitor detects a state change it can rise an alert.
  • Rules
Rules are objects which collect data and write it in the SCOM operations database and datawarehouse. Rules collect perfmon conunters, event logs and they can even read text file logs. Rules can rise an alert when threshold is reached or when an event or line is read.
The data generated by rules is stored on the SCOM operational and datawarehouse databases.
  • Tasks
Tasks are actions or scripts which act over the monitored object under demand. You can see the task on the action panel when you select an object in the main console.
For example they are useful  to get the top 10 CPU processes or to restart a service from selected computer.

What are management packs

Management packs are sets of monitors, rules and tasks, designed for acting over a specific product or system. For example, you can install a management pack in order to monitor Linux Machines or a management pack to monitor Microsoft Windows DNS service.

Installing a management pack

Installing a management pack is easy. You have to go to the main console and find the menu Administration, and follow these steps:
Administration --> Management packs --> Import Management pack to import from disk
Administration --> Management packs --> Download Management Packs if you want import them from Microsoft catalog.


Overrides are very useful for changing default vaules of the imported management packs. For example, by default, Windows Management Pack fixes the threshold of free space on the disk at 10% , but in case you need to rise an alert  when 20% is reached instead of 10%, you have to do an override.

Monitors and rules properties can be overriden.
You can do an override from at least two different places, from Alerts View when alert is rised and from the Health Status of an object.
There is a summary of applied overrides in menu Authoring --> Management Pack Objects --> Overrides.
It is not a good idea to apply overrides directly to the default management pack, as all guides say, you have to create a dedicated management pack where you are going to apply your overrides. If you apply the override to default management pack, in the future you won't be able to export them, and the worst part is that you can break SCOM.

Ways to build my own management pack

There are several ways to create your management pack:
  • Operations console 
It is the easiest way to build a management pack.
You can create one from Administration --> Management packs --> Createate new.
It will allow you to add custom monitors, task and rules from the management console.
  • Authoring console
It is the official way to do a management pack with SCOM 2007, but it works with SCOM 2012 too.
In our opinion it has a big learning curve and it isn´t very intuitive.
You have to download it separately from SCOM in this URL: http://www.microsoft.com/en-us/download/details.aspx?id=18222
With this console you can develop a complex management packs and sealed management packs. 
You can get more info about developing management packs via Authoring console here:
How to build a simple performance counter with Authoring console.
  • Visual Studio
Developing management packs with Visual Studio is a new way to do it, in our opinion it is easier and more clear than Authoring console, because it is focused on developers.
This is a plugin to Visual Studio and it requires at least Visual Studio 2010 professional.
Another one here:
  • Visio
Visio is also a new way to build management packs, it is an easy one as you don´t need to know how to code. It is focused on IT operations departaments, were people need a new management pack quickly without programming a lot of lines of code.
Excellent article:
  • Notepad
If you are brave enough, you can modify or build management pack directly from notepad fighting with the XML code on your own.

Finally here is another video related with SCOM management packs.

No comments:

Post a Comment