In this final part of our overview of Orchestrator 2012 we’ll cover extending it with Integration Packs as well as look at Orchestrator as the hub of the System Center 2012 suite and the benefits the new web service brings, along with a list of resources for further learning.

Extending Orchestrator 2012

When the standard activities aren’t enough to accomplish the automation you need, the next step is to turn to Integration Packs (IP). Currently there are IPs available from Microsoft for the System Center 2012 suite as well as for earlier SC versions, there is also IPs for HP iLO hardware and HP Operations and Service Manager; IBM Tivoli and VMware vSphere. There are also community IPs available on TechNet Gallery and Codeplex for various tasks (see resources). Configuration management tools such as Remedy and CA are also slated to have integration packs. Today there are also community IPs for SharePoint and VMware’s vSphere but I would expect more IPs, from Microsoft, third parties and the community to be published as SC 2012 gains market share.

Extending Orchestrator with IPs involves several steps: download the IP(s), register them using the Deployment Manager and then deploy them to the relevant Runbook servers. Finally they need to be configured using the Runbook Designer.

(more…)

In the last part in this overview of Orchestrator 2012 we looked at creating runbooks, in part four we’ll investigate how to make good, robust, secure runbooks.

Considerations for creating a good runbook include knowing when and how often it’s going to run, which steps to include, how it’s going to start, what data is passed along from activity to activity and what’s the end result as well as how you are going to report on the results? Good design includes handling failures and warnings of activities, clear naming conventions, using link colors wisely and splitting long and complex runbooks into parent and child tasks that pass data to each other. Establishing a good naming convention and an agreed upon folder structure will minimize confusion and exporting your runbooks regularly for backup purposes is prudent.

Permissions can be set at the individual runbook level or you can group runbooks together and control security at the folder level. Read permissions let a user run and view runbooks, write makes changing possible and with full control users can alter the permissions. Security can also be controlled at the IP level, for instance you could have three different configurations for connecting to a ticketing system to match permissions for level 1, 2 and 3 help desk staff. Orchestrator provides simple version control; once a particular user has checked out a runbook for editing, no one else can alter it until it’s checked in again.

(more…)

In the previous two parts of this overview of Orchestrator 2012 we looked at what Runbook automation is and why it’s so important as well as the components of Orchestrator. In this third part we’ll look at how runbooks are created in the Runbook Designer.

Once you’ve worked through with the business which processes to automate the actual steps in Orchestrator are easy and the user experience is almost identical to Opalis. You drag Activities from panes on the right into your workspace. These activities are either Standard Activities (known as Foundation Objects in Opalis) that are available out of the box or they come from Integration Packs (IPs) that you’ve installed.

You then configure each activity to accomplish what you want and link the activities together, taking into account branching for different outcomes. Activities can also take into account variables and counters that you’ve configured as well as perform manipulation of data; this is then passed onto the next activity on the shared data bus as Published Data.

(more…)

In part one of this Orchestrator 2012 review we looked at IT Process Automation in general, in this part two we’ll look at the different pieces of Orchestrator and who in your organization is likely to use each component. We’ll also look at the installation requirements and experience.

Orchestrator 2012 Overview

Orchestrator is made up of the Runbook Designer, where IT Pros create runbooks by dragging activities into the workspace, configuring and linking them, in a similar way to how Visio works. The Runbook Server is the central hub that runs the actual tasks, the Orchestration Console is a web based interface that tracks the execution of runbooks and the new web service lets you access Orchestrator functionality from other programs. The Deployment Manager is used for registering Integration Packs (IPs) as well as deploying them to your runbook servers.

The Orchestration Console, for checking on Runbooks and their statistics as well as executing of runbooks by non-administrators.

(more…)

In this five part article we’ll look at Orchestrator as a part of the System Center 2012 suite and how automation and orchestration is going to be a part of the future sysadmins skillset. Part 1 will cover what Runbook Automation is all about.

Many years ago telephone switchboard operators were made redundant by automation and this is exactly what’s happening in the IT world. Don’t worry, this isn’t going to be another rant about how the cloud is going to do all us IT Professional’s out of a job but it is a reminder that the times are changing.

The Orchestrator 2012 Runbook Designer – a lot easier to become friends with than PowerShell.

(more…)

In this fourth and last part of this DPM 2012 review series we’ll look at a new authentication mechanism for servers in untrusted domains or workgroups and we look at some improvements that should be added to DPM and conclude the series with some overall comments.

DPM 2010 provides the ability to protect servers in workgroup or non-trusted domains, using local accounts and NTLM based authentication. This capability proved less than popular in large enterprises because of the inherent weakness in NTLM, auditing difficulties and local account management. DPM 2012 adds another authentication method (the previous capabilities are still available); certificate based authentication. The following workloads are supported; SQL Server, File Server, Hyper-V and these can be clustered as well as standalone (note the missing pieces here, no Exchange, SharePoint, System State / Bare Metal Recovery or client computers). A secondary DPM server for DR can also use this authentication method.

All protection in DPM is done around the concept of Protection Groups.

(more…)

In this third part of the review of Data Protection Manager (DPM) 2012 we’ll cover a host of different improvements such as Item Level Recovery (ILR) from host level backups even when DPM is installed as a VM, ILR improvements for SharePoint recoveries and tape co-location enhancements.

In a virtualized environment the issue is whether to backup from inside the guest or from the host. The latter provides “bare metal restore” of an entire VM where something’s gone catastrophically wrong with a VM (or the host) but in general it doesn’t provide granular restore of files / folders. DPM 2010 added Item Level Restore (ILR), allowing you to restore individual files or folders within a VM even though it had only been backed up from the host. But this capability was only available when DPM 2010 ran on physical hardware, if the DPM server itself was in a VM this capability was not available. DPM 2012 fixes this glitch and can now do ILR even when the DPM server is a VM.

(more…)

In this second part of this four part series reviewing DPM 2012 we’ll look at the new Role Based Access feature and dive into the scoped DPM console.

The scoped DPM console

The Central Console also enables another nifty troubleshooting feature – the scoped DPM console. When an alert is raised in SCOM you can click the Troubleshoot button which will take you to a DPM console which only shows the data sources, backup jobs and agents that are affected by this particular issue. Even better, once you have resolved the underlying cause you can run a test backup with a single click before resuming the entire backup job. It also provides context; the ticket number, alert and DPM server is listed in an area at the top of the scoped console.

Centralizing management inside of SCOM doesn’t just mean an aggregated view of all backups across many DPM servers; it also lets you work on more important issues first, for instance by showing issues that affect multiple data sources. Segregating errors into infrastructure and backup failures enables Tier 1 or 2 support to focus on backup failure alerts, whereas Backup Admins work on infrastructure problems and Tape Admins focus on tape errors.

(more…)

In this first part of this four part series on Microsoft Data Protection Manager (DPM) 2012 I cover the installation as well as the new Centralized Console.

Introduction

Protecting your data and systems running Microsoft workloads is paramount and the best way to do that is with Microsoft Data Protection Manager (DPM). This is an enterprise class product that’s gone from strength to strength over the last few versions. In this review we’ll look at DPM 2012 Release Candidate.

DPM 2012

(more…)

In this final part of the eight part technical review of SCOM 2012 we’ll look at the new dashboard functionality and how they can be displayed in different environments, including SharePoint 2010 and we’ll add some final remarks around SCOM 2012.

While monitoring systems like SCOM collects vast amounts of data, it’s not a matter of collecting the data; it’s a matter of filtering and displaying the right data to the right people at the right time.

There are three primary ways of doing this, you can have alerts that tell you that something is wrong and needs attention, reports showing historical data and dashboards that show actionable, real time data in a visual fashion that can be personalised.

Whereas earlier versions of SCOM had Views and simple dashboards, SCOM 2012 takes it to a whole new level. No longer do you need to group objects before creating a view and the new wizard for creating dashboards makes it very easy to display exactly the right information in the right way. There’s no programming necessary to create your own dashboards.

(more…)

In this seventh part of the eight part technical review of SCOM 2012 we’ll look at cross platform monitoring of Unix and Linux and some welcome improvements there as well as how the new Java Enterprise Edition (JEE) application server monitoring fits in.

Unix and Linux monitoring in SCOM 2012

Monitoring Unix and Linux (*nix) machines is necessary in larger environments because there’s almost always some *nix servers; even in mostly Windows shops and SCOM 2012 brings some very important improvements. The Unix/Linux monitoring covers HP-UX 11i v2 / v3 on PA-RISC and IA64, Sun Solaris 9 on SPARC as well as 10 on SPARC and x86, Red Hat Enterprise Linux 4, 5 and 6 on both x86 and x64, Novell SUSE Linux Enterprise Server 9 on x86, 10 SP1 and 11 on both x86 and x64 along with IBM AIX 5.3, 6.1 and 7.1 on POWER.

SSCOM 2102 Linux monitoring

(more…)

In this sixth part of the SCOM 2012 review series we’ll deep dive into Application Performance Monitoring (APM), formerly known as AVIcode before Microsoft acquired the technology, how it works as well as differences between the stand-alone product and the integrated version in SCOM 2012.

Troubleshooting application performance issues is a very difficult area, often requiring intimate knowledge of the workings of a particular program. Is the problem in the code, the server hardware, the server software or in the network? Developers need deep insight and detailed logs to debug whereas IT Professionals need standard metrics across all applications and a way to easily pinpoint in which tier the problem might lie.

Microsoft acquired AVIcode in late 2010; this product is designed to look for performance problems in application code without requiring instrumentation to have been built in by the developers. The standalone AVIcode product version 5.7 will be the last as it’s now integrated into SCOM as Application Performance Monitoring (APM).

If you’re a current user of AVIcode 5.7 be aware that its management packs won’t work in SCOM 2012 (templates still work though) ; also APM will only work with .NET / web applications, not stand alone executables and it will only monitor IIS 7 / 7.5 not IIS 6. On the upside the infrastructure is totally integrated in SCOM, there’s no separate database and if it’s monitoring a Server 2008/2008 R2 machine with the IIS management pack the agent will automatically be deployed, although it’s not activated. Another improvement is that you can set an overall SLA for all web applications rather than having to configure monitoring for each individual application, the SLA can then be tweaked for particular programs as needed.

(more…)

In this fifth part of the SCOM 2012 RC review series we’ll examine the new Network Monitoring capabilities and the benefits this will bring to IT operations.

Because big organisations often separate the network administration from server operations it can sometimes be difficult to efficiently narrow down if a particular problem is due to the network, the OS, the application or hardware. The new native Network monitoring feature is designed to increase visibility and help IT admins solve problems quicker, it’s not designed to replace specialist network monitoring tools that are probably already part of the network administrator’s toolkit.

Whilst SCOM 2007 R2 offers basic network device monitoring it doesn’t extend to the port level (unless you manually do the work for each individual device based on its Object Identifier (OID)). SCOM 2012 offers support for SNMP 1.0, 2.0 and 3 (but not Netflow) and works with both IPv4 and IPv6. Initial device discovery requires IPv4 addresses on devices so if you have a pure IPv6 network with no IPv4 address allocation this will be an issue. Devices in this context can be switches, routers, load balancers and firewall as well as any other network connectivity gadget that responds to SNMP monitoring.

(more…)

In the fourth part of this SCOM 2012 review series we’ll look at the removal of the Root Management Server (RMS), it’s replacement, how to build a Highly Available SCOM infrastructure easily and acquaint ourselves with the new Resource Pool concept.

Root Management Server (RMS) in SCOM 2007

Because of the unique role that the RMS plays in SCOM 2007 R2 it’s a single point of failure. It’s the connection point for consoles / web consoles, it runs the configuration service, it handles connectors and health aggregation as well as role based access control. The way to build High Availability (HA) in SCOM 2007 R2 is to cluster the RMS server which is operationally and technically complex and also relies on an active / passive model with the associated hardware and licensing costs. There’s also the option to manual promote a secondary management server to RMS in a disaster situation but this isn’t straightforward.

SCOM 2012 high availability

SCOM 2012 changes the game by doing what Exchange and other Microsoft applications have already done by providing HA out of the box. Management servers are pooled and automatically share the load, no server is more important than any other and simply by having several of them availability is ensured. Each server runs the configuration service and they store their data in the database instead of in an XML configuration file / memory like SCOM 2007 R2 did (this file could be up to several GB in large environments), leading to quicker start-up of each management server.

(more…)

In this third part of the SCOM 2012 RC technical review we’ll look at Interoperability with other management systems and other System Center products, PowerShell v2 and v3 support in SCOM 2012 and Console enhancements.

Interoperability in SCOM 2012

Because a modern enterprise is heterogeneous SCOM sometimes needs to integrate with other monitoring solutions such as IBM Tivoli, HP OpenView and others. In SCOM 2007 R2 this is accomplished with connectors, but these are not supported in SCOM 2012. The integration between SCOM and other management systems will now be accomplished through System Center Orchestrator 2012.

The different programs in the System Center suite are essentially different applications with little integration in the current version. System Center Orchestrator 2012 is about to change this in the 2012 wave by providing Integration Packs (IP) for each of the major Systems Center applications including SCOM. The SCOM IP can create and interact with Alerts and Monitors as well as start and stop maintenance mode.

(more…)