Submitted by Yoni Avital

The daily routine of a Windows systems administrator involves a variety of challenges, one of which is common to most mundane procedures, and is undoubtedly familiar to you all. The challenge is to spot and act upon irregularities among multiple machines and user sessions. The emphasis on multiple is due to the fact that many great tools are designed to work on one computer at a time (Task Manager, Registry Editor, Services console to name a few).

ControlUP

The first steps in most troubleshooting processes typically involve connecting to different machines using Remote Desktop or other remote tools, checking some performance metrics or configurations and analyzing the data – all in hope to figure out what is special about the users or computers currently experiencing the issue. The single-target nature of most traditional management tools is a major limitation at this stage. That’s why the initial investigation phase usually ends with the admin’s desktop looking like a battlefield, with numerous open consoles and remote sessions.

ControlUp is a management solution for Windows environments, which offers some new ways to perform familiar tasks, with multiple targets always in mind. Let’s take a look at a few examples:

Monitoring major performance counters

In “My Organization” view, ControlUp displays performance metrics and system information for your machines, sessions and processes. The grid can be searched, sorted or grouped in order to make irregularities easy to spot. Relevant tasks may include identifying a machine with a high disk queue length or a user session with a high idle time.

ControlUP – Performance counters

Stress Level display

A special column called “Stress Level” can be customized in order to include any parameter measured by ControlUp. That means that you can configure custom thresholds for any metric (say, when free space on C: drive drops below 10%). Then, you can sort the grid by this column in order to make performance bottlenecks and OS issues easy to track down. The console also has a system tray alerts mechanism, which can let you know when your resources are under stress.

ControlUP – Stress Level display

Aggregation of Event Logs

The “Events” pane delivers Windows Event Logs from all of your managed computers to an aggregated view, from which you can filter, sort and search for events. As seen in the screenshot, you can even conduct an online research with the event’s details directly from the product.

The tedious use of single-target tools strikes back again during the remediation phase. Now you know the cause of the issue and need to perform some tasks on dozens of machines in order to restore peace and quiet (Kill Process, Replace file, Restart machine). Here are a few more examples of maintenance tasks you might need to perform (again, think multi-target!)

ControlUP – Aggregation of Event Logs

Comparing Registry data and performing bulk Registry changes

Suppose your issue at hand requires you to locate the differences between different values in a certain registry key on multiple machines. Then you need to configure a registry value uniformly on all these machines. With the “Registry Controller” utility you can spot differences in registry data between machines or users using color codes, and then perform any editing operation, such as modifying value data.

ControlUP – Registry Controller

Managing Windows Services on multiple machines

Another common task is manipulating Windows Services. Take, for instance, a simple but tedious procedure of reconfiguring a Windows Service to use a new service account, and then restarting the service. Oh, and it needs to be done on a hundred machines. Before you start typing a script to do the job, keep in mind that ControlUp’s Services Controller can take care of this task within a few clicks.

ControlUP – Services Controller

Comparing file systems and file operations on multiple targets

In a similar vein, file systems have their own Controller. It will take care of tasks such as distributing, deleting, renaming and otherwise manipulating files and folders on multiple machines. Just as in its Registry counterpart, color codes will help to spot differences between machines up to a file’s property level.

ControlUP – File System Controller

As shown, ControlUp’s major specialty is real-time monitoring and bulk management of multiple Windows-based machines and user sessions. ControlUp is agent-based, with an option to remotely deploy lightweight agents, which uninstall themselves automatically when not in use. A Remote Desktop connection manager is included, offering an organizer for your management connections and credentials. You can run the console from standalone machines and use it to manage computers belonging to multiple Active Directory environments, which is especially handy to admins who work from their laptops.

ControlUp is free for managing up to 50 concurrent user sessions, with absolutely no feature limitations applied to free users.

ControlUp

• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• FREE: FrameFlow – Web-based Windows monitoring (1)
• Raffle: SolarWinds DameWare NT Utilities – Remote administration tools (3)
• Raffle: PA Server Monitor – Easy Windows server monitoring (0)
• Windows-to-Mac remote management with VNC and SSH (1)

VMware vCenter and ESX(i) monitoring – Veeam ONE Free Edition

If you’re working on a budget, you can take it for a test drive with no commitment. Unlike other quote on quote “Free” management application out there, Veeam ONE Free Edition does include all of the core functionality of the full version. Those Core capabilities include:

• Full Data Collection
• Multi-User support
• Microsoft SQL Server backend

Not to mention that it comes with 125 pre-built alarms for real-time monitoring and alerting. All of these alarms are tied to an extensive knowledge base that will help you troubleshoot and pinpoint the root causes of alarms and resolve any potential issues you may find. I highly recommend their built-in storage alarms. They can notify you of any possible capacity issues when V-Disks reach their configured limit, and another good one is their datastore load alarms that can notify of disk utilization of all hosts and VMs using a particular datastore. All alerts generated from these essential alarms can be routed via email and SNMP, ensuring the right people are notified not matter where they are.

VMware monitoring – Veeam ONE Free Edition

Another key function of the Veeam ONE is its ability to produce near real-time documentation of your entire virtual infrastructure. Once installed and configured Veeam ONE Free Editon will automatically discover your virtual environments, and then you can start churning up documentation on your topology and performance of your entire virtual infrastructure. This is often a necessary task that gets thrown on the back burner while we tend to other fires.

If that isn’t enough, why not whip out some reports for management that you can use to summarize your environments workload and utilization. If there is one thing I learned, it is that management likes pretty pictures of graphs and charts “metrics”. So, one way to really make them happy is to give them access to Veeam ONE’s customizable dashboard. It’s a web based interface, so it will be a snap for them to pop open a browser and enjoy all the goodness. It is customizable, so you can control what they see just in case you take the less information is better approach with management.

Veeam ONE Free Edition – Dashboard

It is free so there are going to be some limitations. You can go take look at the detailed difference on Veeam’s site Veeam ONE: Free vs Full, but here are some of capabilities that won’t be available in the free version unless you upgrade that I chose to highlight:

• Alarm modeling and custom alarms
• Full access to the knowledge base
• Management of guest, host and vCenter processes
• Historical change management beyond the most recent 24 hours
• Microsoft Visio reports for multipathing, network, vMotion and datastore utilization
• Automated report generation and distribution

If you do choose to upgrade to their full version, however, it’s just as simple as installing a purchased license key. You don’t have to reinstall the application or worry about losing your configurations and historical data.

Like I mentioned before there are no limits at all on the number of hosts, virtual machines, users, or your data archive. On top of that, they are also going to be adding full support of Microsoft’s Hyper-V in the 2^nd quarter of 2012 with Veeam ONE version 6. This will be huge and give customers a single management pane for both of their virtualized infrastructures.

Veeam ONE Free Edition

• Windows 8 Hyper-V (0)
• FREE: FrameFlow – Web-based Windows monitoring (1)
• Hyper-V cluster – Part 7: Custer Shared Volume and manage virtual machines (0)
• Hyper-V cluster – Part 6: Create a cluster (0)
• Hyper-V cluster – Part 5: Quorums and disk configuration (0)

Developed to run on Windows, FrameFlow offers out-of-the-box web-based administration and reporting without tedious config files or a hefty price tag. Unlike other Windows monitoring products, FrameFlow does not utilize any client software to perform status checks, supplanting tedious client installation/patching with existing monitoring frameworks like WMI. Administrators are not limited to monitoring only Windows hosts, either: FrameFlow can handle Linux and BSD hosts with relative ease. Let’s take a quick look at the features FrameFlow has to offer.

FrameFlow – Main window

The FrameFlow Startup Wizard

After you install FrameFlow and navigate to the server’s web address (by default, it is bound to all IPv4 addresses on your machine at port 8080), you will be greeted by the FrameFlow startup wizard. The first thing you will notice about FrameFlow is that although it is a web-based product, it is very slick and polished: it almost feels like a desktop app. The startup wizard is no exception and guides you through the process of locating/adding hosts and providing credentials to set up the default host event monitors. Particularly useful is the host finder utility, which can scan your subnet to find available hosts for monitoring.

 FrameFlow Startup Wizard

More advanced users may require the SNMP, website, and database monitoring features to be configured in the startup wizard as well. For example, you can add your client or employee-facing websites, SQL Server instances, or other host-services to be added to the list for total peace of mind, though some of these options require paid add-ons to work.

Navigating around the FrameFlow interface

The FrameFlow interface is divided into two main areas: a navigation pane and a content area. The navigation pane, located on the left, provides you quick access to all of your dashboards, hosts, monitors, events, reports, tools, and settings. The designers provided right-click context menus for all of the navigation items, allowing you to quickly add a host, edit a dashboard, or view a report, among many other options. Savvy admins will appreciate the dashboards, which can be configured to provide an “executive summary” of infrastructure according to your top priorities.

For example, if availability is your largest concern, you could create an “availability dashboard” that simply provided status for host uptime status. Similarly, if you were managing a group of IIS hosts, you would configure a dashboard that checked for IIS errors in the Windows Event Logs – something that is possible without ever touching the client’s configuration.

Network Device view

Other navigation options provide a more in-depth look at the different objects in the monitoring suite. The Network Device view displays all of the hosts and their respective event monitors, events and statuses. You can add new hosts (devices), remove hosts, and re-configure your hosts in this view. A typical use of the Network Device view is adding device-specific credentials to non-domain hosts, like Linux servers.

FrameFlow – Event Monitoring

Configuring new event monitors is relatively straightforward – use the event monitors view to add, edit, or delete monitors of your choosing. The usual suspects (ping, Windows Event Log, etc) are configured by default for convenience but you are free to add custom monitors or modify the default monitors. For example, you may want to increase the “warning” latency if you know that you connect to a particular host on a high-latency connection.

Reporting in FrameFlow

FrameFlow’s reporting module makes generating expressive reports a breeze. In other monitoring solutions the reporting options are either easy to configure but hard to extend or the other way around. The developers of FrameFlow seem to have found a happy middle ground in the Report Builder tool, which allows admins to connect a specific report to a set of sorting and filtering criteria. For instance, you can configure the “System Health Bandwidth Usage” report to be run only on certain host groups, within an interesting date range, and sorted by date. You can also choose to have these reports automatically emailed to your team to deliver critical information in a timely manner.

Observations and conclusions

As a Nagios administrator, I see some similarities between FrameFlow and Nagios. Both feature a web-based interface, powerful reporting/notification options, and a similar object model. I felt at ease when initially configuring the FrameFlow instance. However, there are some substantive differences between FrameFlow and open-source offerings like Nagios.

Unlike Nagios, FrameFlow is a Windows-based solution. You will need a Windows machine to run the server. While it is true that you can access the web-based interface from any platform, it is clear that the configuration options – particularly regarding event monitors – are tailored towards Windows infrastructure. For admins like myself who monitor almost exclusively Windows infrastructure this is not a problem, but others may find Linux offerings more satisfying. Like many Windows-oriented products, FrameFlow is much easier to configure than its Linux/BSD counterparts. I would argue that this ease of configuration is its best selling point. You can expend your efforts solely focused on creating an optimal configuration rather than learning an obscure syntax for another monitoring system.

Finally, it’s important to reiterate that FrameFlow is free. However, the extensions for FrameFlow are not. These “Add-Ons,” such as “Virtual Machine Pack” and “Database Monitoring Pack,” are available for a la carte purchase. Depending on your infrastructure needs they may warrant a look, but remember that Icinga and Nagios are both free and open source. As a result they already have active extensions and a community of users who are eager to help (though sometimes for the right price). If you can afford to purchase the necessary add-ons, work in a primarily Windows environment, and like to make your life easy, you should definitely add FrameFlow to your monitoring product shortlist. After all, it’s free, so what do you have to lose?

FrameFlow

• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• Raffle: PA Server Monitor – Easy Windows server monitoring (0)
• Poll: Are you currently using a monitoring solution? (12)
• SCOM 2012 review – Part 8: Dashboards (0)
• SCOM 2012 review – Part 7: Linux and JEE monitoring (6)

Power Admin raffles off a 500-server PA Server Monitor Ultra license (retails for $5500). The deadline for this contest is May 8, 2012. If you want to have a chance to win this license, please send an email with the subject “PA Server Monitor” to .

In a monitoring space dominated by Linux-oriented offerings like Nagios and Icinga, it’s difficult to find Windows-oriented monitoring products that combine flexibility with ease of configuration. It’s safe to say that Power Admin has a winner in PA Server Monitor, a GUI-based monitoring solution for Windows that allows you to set up a wide array of actions, monitors, hosts, and satellites across your Windows infrastructure.

The PA Server Monitor interface

A tour of PA Server Monitor

The first thing you will typically do with any monitoring solution will be to add monitored hosts. Adding hosts is relatively painless with PA Server Monitor. You can enter hosts manually, in bulk, or by using the smart configuration tool that locates all hosts on your monitoring server’s subnet. Depending on your network and Active Directory topology you may need to enter credentials for some or all of the added hosts. These credentials are used to connect to and audit the hosts. You can also choose whether or not to use WMI to retrieve host information. After hosts are created, you are prompted to create default monitors for ping, disk space, services, and other system performance indicators added.

The smart configuration tool in action

Additional monitors can be created after your hosts are added. PA Server Monitor includes most of your typical monitors, like Event Log, Disk Space, and SNMP. It also includes novel monitors like the Citrix host monitor, which can audit connections, login attempts, and procedures on a Citrix Server. Each monitor can be configured to run on a specific schedule and with particular host/monitor dependencies. Monitors can also be “trained” over a time interval so that they can learn to ignore excessive warnings or other false positives. This helps to reduce the high noise ratio that can render even well-tuned monitoring systems useless.

Configuring a directory contents monitor

Per each host-monitor, you configure actions that are performed upon an “error” or “resolved” monitor state. PA Server Monitor features many common notification actions, such as emailing a message, writing to a log, starting a service or application, or writing to the Event Log. Additionally, administrators can configure mobile-aware actions like SMS messaging or even iPhone notifications so their team can be notified of critical issues via their mobile devices.

You can configure Error and Resolved actions with great granularity

PA Server Monitor does not restrict you to hosting the monitoring service on a single, monolithic server. You can install “satellite services” that report to the central hub on other hosts, reducing the workload for the central monitoring service and allowing for more complex network topologies. In addition, you can enable remote access to the monitoring service, allowing you to connect to the monitoring service using the PA Server Monitor software on your local PC. This is valuable in segregating duties.

Administrators can configure the built-in web server to allow interested parties to download the reports they need. The web interface is easy-to-use and available out of the box, so there is no need to configure IIS or a similar web server product. It serves up summary views of hosts, monitors, and provides an executive-style dashboard for a quick overview of hosts and issues. Charts, graphs, tables, and other widgets are available for rapid dissemination of information. An option for export to PDF is also available for a quick and dirty hard copy of all reports.

A sample of web server report output for “Status Overview”

Observations and Conclusions

PA Server Monitor is not going to please everyone. If you have already invested your time and effort in setting up a monitoring solution like Nagios or Icinga and it is working for you, PA Server Monitor is probably not going to blow you away with functionality you do not already have. Also, if you need to monitor Linux, FreeBSD, or other non-Windows operating systems, you will not be impressed by the built-in options available in PA Server Monitor. Plus, there is some benefit to using widely-accepted monitoring solutions in lieu of proprietary ones: it is often easier to find help online, knowledgeable hires, and a community of users who are advocates for their respective solutions.

However, most of these concerns are going to persist with any proprietary Windows focused monitoring product. Power Admin has done much to alleviate these concerns by providing top-notch documentation, updates, and the ability to extend monitors and actions using scripting. PA Server Monitor is a polished Windows infrastructure monitoring solution that can help you keep your Windows hosts in check and under control “out of the box.” It’s worth a look for almost any Windows admin.

• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• FREE: FrameFlow – Web-based Windows monitoring (1)
• Poll: Are you currently using a monitoring solution? (12)
• SCOM 2012 review – Part 8: Dashboards (0)
• SCOM 2012 review – Part 7: Linux and JEE monitoring (6)

I don’t want to say much more about this poll at the moment because I somehow think that I influence readers with my introductory articles. I think, the questions speak for themselves. So, be a worthy 4sysops citizen and fulfill your voting obligations.

Note that you can select more than one answer. Feel free to tell us what monitoring solution you are using in a comment below.

Note: There is a poll embedded within this post, please visit the site to participate in this post's poll.

• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• FREE: FrameFlow – Web-based Windows monitoring (1)
• Raffle: PA Server Monitor – Easy Windows server monitoring (0)
• SCOM 2012 review – Part 8: Dashboards (0)
• SCOM 2012 review – Part 7: Linux and JEE monitoring (6)

While monitoring systems like SCOM collects vast amounts of data, it’s not a matter of collecting the data; it’s a matter of filtering and displaying the right data to the right people at the right time.

There are three primary ways of doing this, you can have alerts that tell you that something is wrong and needs attention, reports showing historical data and dashboards that show actionable, real time data in a visual fashion that can be personalised.

Whereas earlier versions of SCOM had Views and simple dashboards, SCOM 2012 takes it to a whole new level. No longer do you need to group objects before creating a view and the new wizard for creating dashboards makes it very easy to display exactly the right information in the right way. There’s no programming necessary to create your own dashboards.

The wizard is available in both the native console and the web console and the resulting dashboards can be displayed in the Console, the Web Console and SharePoint 2010 (see below) and they look identical in all three environments. SCOM 2012 can have nested dashboards where drilling down into particular data lead to another dashboard.

Creating custom Dashboards is not only useful, it’s also very easy with the new wizard.

There are three steps to creating a dashboard in SCOM 2012: first select a layout based on the number of cells or columns desired; then add a widget in each cell (types include Alert, Performance and State) and finally configure each widget with a particular scope and criteria as well as display preferences. The Performance widget can now display data from either the Operational or DataWarehouse databases; increasing its usefulness. Apart from the comprehensive built in dashboards third party management packs can add feature packs to support their own widgets. Both SQL Server and Hyper-V have dashboards in the works.

For each cell define what widget you want and configure it’s properties.

To extend the reach of SCOM to non-IT personnel dashboards can now be integrated into SharePoint 2010 using a web part. If the people who are going to view the dashboards aren’t SCOM users the web part can be configured to user shared credentials. The integration works with SharePoint Server 2010 Standard and Enterprise as well as the free Foundation version. In the latter case you can only deploy the web part in the same domain as the web console and you won’t be able to use shared credentials.

The web part comes in the Microsoft.EnterpriseManagement.SharePointIntegration.wsp and is installed using the install-OperationsManager-DashboardViewer.ps1 PowerShell script. The web part is linked to a web console so you’ll need to obtain the exact URI for the dashboard you want displayed by navigating to it in the Web console and copying it from the address bar. If you get an error message that the ticket has expired you need to synchronise the clocks on the server running the Web console and the SharePoint server, they can’t be more than five seconds apart.

The final dashboard in all its glory, best of all it looks the same in all three environments.

Personalisation of dashboards by a user are now stored in the database and thus roam with the user to different PCs and environments, in SCOM 2007 R2 they were stored in the registry on the local machine and thus didn’t follow the user. Dashboards in the web console all have a distinct URL, this also makes it easy to disseminate information to non-technical users, as they can simply bookmark particular dashboards.

The most popular built in dashboard might be the new Management Group Health Dashboard console, also known as the “coffee break”, so named by the developers because it’s designed to give SCOM operators a quick overview of the health of their environment, thus answering the question “can I take a coffee break?”. It monitors both the infrastructure and the functions delivered by the SCOM system.

Conclusion

Although there’s no native support for Windows clustering and we’d like to see deeper monitoring of clustered Java applications in JEE overall SCOM 2012 is a thorough revamp with some very useful new features. The simplified infrastructure and no-brainer High Availability will be welcome in all but the smallest environments while the network monitoring should make all IT Pros troubleshooting lives easier. The extended *nix monitoring and JEE monitoring will be handy in the right environment but perhaps the most intriguing feature will be seeing how SC Orchestrator will glue the entire Systems Center suite together.

Resources

Official SCOM blog

Operations Manager 2012 on the Connect site (Windows Live ID login required)

• System Center 2012 – Orchestrator 2012 – Integration Packs (0)
• System Center 2012 – Orchestrator 2012 – Runbooks best practices (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• System Center 2012 – Orchestrator – Creating Runbooks (0)
• System Center 2012 – Orchestrator – Installation (0)

Unix and Linux monitoring in SCOM 2012

Monitoring Unix and Linux (*nix) machines is necessary in larger environments because there’s almost always some *nix servers; even in mostly Windows shops and SCOM 2012 brings some very important improvements. The Unix/Linux monitoring covers HP-UX 11i v2 / v3 on PA-RISC and IA64, Sun Solaris 9 on SPARC as well as 10 on SPARC and x86, Red Hat Enterprise Linux 4, 5 and 6 on both x86 and x64, Novell SUSE Linux Enterprise Server 9 on x86, 10 SP1 and 11 on both x86 and x64 along with IBM AIX 5.3, 6.1 and 7.1 on POWER.

SSCOM 2102 Linux monitoring

Compared to SCOM 2007 R2; the 2012 version drops support for Solaris 8; Solaris 11 being very new might make it into RTM, there’s also added support for the iNode filesystem. Preliminary scaling numbers indicate that you can have up to 6000 Unix / Linux computers per management group if you have 50 consoles open, 10 000 per MG if you have 25 open consoles.

SCOM 2007 R2 uses two accounts for monitoring *nix, the Monitoring account is used for 85-90% of the monitoring and was an unprivileged account whereas the Action account that’s used for Syslog gathering and agent maintenance needs to have root credentials on managed systems. SCOM 2012 “fixes” this issue that has caused major issues for security conscious *nix administrators by adding support for sudo and SSH keys.

Sudo support means that a standard account can be setup on managed machines with exactly the required amount of permissions and the latter ensures that all agent maintenance that’s done via SSH is secure. SSH keys need to be in Putty format, if you’re using OpenSSH the keys need to be converted with PuttyGen.

SCOM 2012 also adds new templates for customized monitoring, the new Process Monitor lets you monitor by count (number of processes for instance) and identifies processes by command line arguments (instead of all processes being called “java” for instance) as well as accepting regular expression input for filtering.

Java Enterprise Edition monitoring in SCOM 2012

Brand new in SCOM 2012 is comprehensive support for monitoring Java Enterprise Edition (JEE, formerly known as J2E) application servers. The four most common platforms are supported; IBM Websphere 6.1 and 7; RedHat JBoss 4.2, 5.1 and 6; Oracle Weblogic 10g Rel3 and 11g Rel1; and the open source Apache Tomcat 5.5, 6 and 7 on both Windows and Linux with Websphere also supported on AIX and Weblogic on Solaris.

When you’ve imported the Java Management packs matching your environment the application servers will be automatically discovered and standard monitoring will let you know if the application server is running and if resource utilization is within defined thresholds.

If deeper monitoring is needed Microsoft offers an Open Source Java Management Extension (JMX) application called BeanSpy (known during the beta period as JMX Extender) that you load on the application server, it reports to SCOM via either HTTP or HTTPS, with our without basic authentication. BeanSpy being Open Source should allay fears that some companies might have about Microsoft code running on their application servers.

BeanSpy communicates with MBean counters (which are a bit like performance counters in Windows but more feature reach) to monitor individual applications running, frequency and time spent on memory garbage collection as well as over performance of the application server. Memory garbage collection is particularly important as the application is unresponsive during this period.

For custom monitoring SCOM 2012 offers two templates for building your own monitoring management packs; one for Monitoring and one for Performance; both lets you monitor any simple MBean property.

In the next part in the SCOM 2012 review series we’ll look at the vastly improved Dashboard functionality in SCOM 2012 and how to integrate DashBoards into SharePoint.

• System Center 2012 – Orchestrator 2012 – Integration Packs (0)
• System Center 2012 – Orchestrator 2012 – Runbooks best practices (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• System Center 2012 – Orchestrator – Creating Runbooks (0)
• System Center 2012 – Orchestrator – Installation (0)

What’s better than being able to check on server health status through the Nagios monitoring views? Having Nagios notify you of server health status automatically! If you have ever had a server fail, shut down, or hang—only to learn about it later from disgruntled users—you’ll understand why this feature is so valuable.

Creating and Managing Contacts

Nagios can notify you of certain changes or issues in server configuration that may occur. Sometimes you want different alerts sent to different email addresses. For example, you may want to send alerts about a database server’s health to the DBA, and send all other alerts to the systems administrator. To define a single contact, navigate to your ICW root and go to folder /etc/nagios/nagwin. Open the contacts.cfg file in your favorite text editor. Let’s get started on defining contacts. A contact definition has the following form:

define contact {   
contact_name           systems_admin_1; short name of contact
usegeneric-contact     default contact template
alias                  Johnny Bernard Doe; full name
email                  jdoe@mycompany.com; email address
}

The “use” directive informs Nagios of which contact you would like to use. For now, use the default generic-contact option; we will explore contact templates in a bit.

Once you create several contacts, you may want to group them together, like you would with an email alias. Suppose we have four contacts: two admins and two DBAs. We might want to create two contact groups: sysadmins and dbadmins.

define contactgroup {    
contactgroup_name sysadmins;                 system alias
alias Systems Administrators;                full name of alias
members systems_admin_1,systems_admin_2;     comma separated list
}
define contactgroup {
contactgroup_name                            dbadmins;
alias                                        Database Administrators;
members                                      dba_1,dba_2;
}

Configuring Notifications

Nagios allows the administrator to configure notifications at different levels of granularity, including, but not limited to:

• Who is being notified
• Type of notification event (host status vs. service)
• How severe the event is (from service flapping to host downtime)
• When the event occurs

Notification options are defined in the templates.cfg file using host, service, and contact template directives. You can find an exhaustive list of directives with explanations here, but let’s start out by exploring some simplistic templates and directives.

Contact Templates

Contact templates allow us to define shared notification attributes for different contacts. Some contact template directives include:

• service_notification_period: When the contact can receive service notifications
• host_notification_period: When the contact can receive host notifications
• service_notification_options: What kinds of service notifications the contact receives
• host_notification_options: What kinds of host notifications the contact receives
• service_notification_commands: How service notifications are handled
• host_notification_commands: How host notifications are handled

We can put together an “admin” contact that receives only host notifications on a 24×7 basis and for all types of notification events:

define contact {    
name                             generic-admin-contact;
service_notifications_enabled    0; don’t enable service notes    
host_notifications_enabled       1;    
host_notification_options        d,u,r,f,s; all   
host_notification_commands       notify-host-by-email; send email
register                         0; because this is a template
}

Note that we can also define these options on a “per contact” basis; the only difference is that these directives would be specified in the contacts.cfg definition for that contact rather than in the templates.cfg contact template definition.

Host Templates

Host templates enable administrators to define some shared notification options for different host templates. Consider the default Windows Server template. By now, most of the directives should be fairly self-evident because they are so similar to the contact template directives:

define host {
name                   windows-server; alias
use                    generic-host; base template definition
check_period           24 x 7;
check_interval         5;
retry_interval         1;
max_check_attempts     10;
check_command          heck-host-alive; typically use this notification_period
notification_interval  30;
notification_options   d,3;
contact_groups         admins;
hostgroups             windows-servers;
icon_image             win40.png
register               0; because it’s a template
}

Imagine we wanted to create a Windows DB server template that had all of the attributes of the Windows Server template, with two exceptions: you want notifications to be pushed to only those in the dbadmins group, and you want to change the notification options to include all states. You would add the following definition:

define host {
name                   db-windows-server; new name
use                    windows-server; base template
notification_options   d,r,u,f,s; new options
contact_groups         dbadmins; new group to notify
}

Service Templates

Service templates allow you to configure how services will be handled with regard to notifications. We will not be covering these directives in the interest of your time, but they are explained in several other guides online.

End Result

Once you have configured your contacts, contact groups, and notification templates to your liking, restart the Nagwin_Nagios service in services.msc. Upon restart, your configuration will kick in. You can verify any contacts you’ve created in the Configuration -> Contacts section of the Nagios web administration interface.

• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• FREE: FrameFlow – Web-based Windows monitoring (1)
• Raffle: PA Server Monitor – Easy Windows server monitoring (0)
• Poll: Are you currently using a monitoring solution? (12)
• SCOM 2012 review – Part 8: Dashboards (0)

Troubleshooting application performance issues is a very difficult area, often requiring intimate knowledge of the workings of a particular program. Is the problem in the code, the server hardware, the server software or in the network? Developers need deep insight and detailed logs to debug whereas IT Professionals need standard metrics across all applications and a way to easily pinpoint in which tier the problem might lie.

Microsoft acquired AVIcode in late 2010; this product is designed to look for performance problems in application code without requiring instrumentation to have been built in by the developers. The standalone AVIcode product version 5.7 will be the last as it’s now integrated into SCOM as Application Performance Monitoring (APM).

If you’re a current user of AVIcode 5.7 be aware that its management packs won’t work in SCOM 2012 (templates still work though) ; also APM will only work with .NET / web applications, not stand alone executables and it will only monitor IIS 7 / 7.5 not IIS 6. On the upside the infrastructure is totally integrated in SCOM, there’s no separate database and if it’s monitoring a Server 2008/2008 R2 machine with the IIS management pack the agent will automatically be deployed, although it’s not activated. Another improvement is that you can set an overall SLA for all web applications rather than having to configure monitoring for each individual application, the SLA can then be tweaked for particular programs as needed.

For corporations with many IIS web applications the power of APM might just be the feature that justifies the upgrade to SCOM 2012.

When the interceptors are activated and loaded into IIS the server will require a restart, after that, even if you add additional applications to be monitored; only the particular app pool needs to be recycled.

The beauty of the integration becomes apparent when you see network, hardware and OS monitoring right next to the application performance information, making it much easier to zero in on exactly where the problem lies. The actual monitoring is done in the Diagnostics and Advisor consoles. Similar events are grouped and it also lists Session events or “what else did the user do when this problem happened”. Performance counters are also displayed; 15 minutes of OS and hardware data leading up to the event to let you easily determine if the problem is the underlying platform or in the application code. All of this data enables the IT Pro to communicate facts when liaising with developers and DBAs.

The separate Application Diagnostics and the Application Advisor web consoles is probably where developers are going to spend their time troubleshooting, without having to deal with a full SCOM console.

APM can monitor both the server side of an application and the client side (IE only at this stage but support for other browsers is coming) which gives visibility into performance and reliability. The synthetic transaction feature already in SCOM on the other hand gives insight into availability and together the two provided excellent data on overall application performance. APM monitoring carries minimal overhead, as a rule of thumb is uses about 100 MB of memory and increases the CPU load by 5%.

Today there’s no explicit support for APM monitoring of SharePoint 2010 although that is coming and there’s no way to put Advisor reports into a dashboard as there’s no widget for it yet. What’s more concerning is that there won’t be built in support to use APM to monitor cloud applications in Azure at RTM, although this support is “on the roadmap”.

In the next part of this series we’ll examine what’s been improved in the native Unix/Linux monitoring that debuted in SCOM 2007 R2 as well as the brand new Java Application Server monitoring.

• System Center 2012 – Orchestrator 2012 – Integration Packs (0)
• System Center 2012 – Orchestrator 2012 – Runbooks best practices (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• System Center 2012 – Orchestrator – Creating Runbooks (0)
• System Center 2012 – Orchestrator – Installation (0)

Because big organisations often separate the network administration from server operations it can sometimes be difficult to efficiently narrow down if a particular problem is due to the network, the OS, the application or hardware. The new native Network monitoring feature is designed to increase visibility and help IT admins solve problems quicker, it’s not designed to replace specialist network monitoring tools that are probably already part of the network administrator’s toolkit.

Whilst SCOM 2007 R2 offers basic network device monitoring it doesn’t extend to the port level (unless you manually do the work for each individual device based on its Object Identifier (OID)). SCOM 2012 offers support for SNMP 1.0, 2.0 and 3 (but not Netflow) and works with both IPv4 and IPv6. Initial device discovery requires IPv4 addresses on devices so if you have a pure IPv6 network with no IPv4 address allocation this will be an issue. Devices in this context can be switches, routers, load balancers and firewall as well as any other network connectivity gadget that responds to SNMP monitoring.

Make sure your discovery rule(s) is properly scoped to find all the devices you want as you can only have one rule per server.

Discovery of devices can either be explicit where you define (by IP address or ranges) the devices; or recursive in which case SCOM 2012 will glean information from one device to attempt to find other devices. During discovery all SNMP community strings you’ve entered for a Run As account are tried until a correct one is found, be aware that some devices will generate an SNMP trap if too many invalid credentials are tried. The SNMP stack is now native to SCOM 2012 in contrast to SCOM 2007 R2 which used the SNMP stack of the OS. To monitor across firewalls you need to allow SNMP (UDP) and ICMP bi-directionally and port 161 and 162 have to be open (including on the Windows Firewall on management servers). SCOM provides the required firewall rules for Windows Firewall but doesn’t enable them by default.

Beyond the basic monitoring there’s extended monitoring where processor and memory utilization and memory fragmentation along with other device specific objects are tracked if the device is supported by SCOM 2012. To date there are more than 80 vendors on the list and over 800 devices, see the Excel spread sheet here. When a device supports SNMTP traps for system changes (card added, changes to chassis configuration) SCOM 2012 will listen for them. The supported information for each interface depends on how the device manufacturer has implemented monitoring; Management Information Base (MIB) based on RFC 2863 and MIB-II RFC 1213 provides deeper information.

Deep information about each monitored device is only a mouse click away.

In strictly controlled environments where even read only SNMP monitoring is restricted you can opt for ICMP only which will let you know whether a device is responsive or not. If a node is down, all other monitoring is suppressed so that you’re not flooded with alerts about ports and links being down.

But the coolest part of Network Monitoring has to be the port stitching feature that shows which agent monitored node is connected to each port. SCOM will also discover all VLANs and what switches participate in each VLAN, note that only connected ports will be monitored unless you manually add ports to the Critical Network Adapters Group in which case it will always be monitored. For routers it will identify which Cisco Hot Standby Router Protocol (HSRP) groups they participate in. The end result is clear network diagrams that show exactly what systems are connected to witch switch port as well as visually indicating where a problem might lie.

SCOM 2012 has over 200 new items of knowledge for network monitoring and will report on packet errors per switch port for instance. At RC the recommended scalability numbers are about 500 devices per Management Server and about 2000 devices per Management Group; however there’s a comprehensive sizing guide forthcoming. Be aware that you can only have one discovery rule per Management Server so make sure it encompasses all the devices you need to find.

There are four dashboards built in for network monitoring with the Network Vicinity Dashboard providing a visual representation of connected devices within one hop to the selected node, you can increase the number of hops up to five. Be aware that this dashboard won’t identify teamed NICs as such, nor will it show Unix / Linux computers and VMs will be associated with the same network device as the host; the Hyper-V switch does show up as an SNMP device.

The Network Summary Dashboard lets you easily spot the device with the slowest response, highest CPU or interfaces with the highest utilization, most send/receive errors or nodes with the most alerts. From this dashboard you can then pivot into the Network Node Dashboard that lets you view availability statistics for the last 24 or 48 hours, last seven days or last month; this dashboard also shows other utilization statistics for the node. The Network Interface Dashboard drills down to an individual port and lets you see packet statistics for the last 24 hours as well as alerts and interface properties.

There are also five new network monitoring reports and some new tasks in the console such as opening a Telnet session to a device, doing a quick SNMP “get” or performing an SNMP walk of a device. Note that if you’ve authored management packs for network monitoring in SCOM 2007 R2 these will need updating to work with the new functionality, see here for more information.

In the next part of this eight part SCOM 2012 RC overview we’ll look at another crucial piece of the IT puzzle that needs monitoring – applications.

• System Center 2012 – Orchestrator 2012 – Integration Packs (0)
• System Center 2012 – Orchestrator 2012 – Runbooks best practices (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• System Center 2012 – Orchestrator – Creating Runbooks (0)
• System Center 2012 – Orchestrator – Installation (0)

Root Management Server (RMS) in SCOM 2007

Because of the unique role that the RMS plays in SCOM 2007 R2 it’s a single point of failure. It’s the connection point for consoles / web consoles, it runs the configuration service, it handles connectors and health aggregation as well as role based access control. The way to build High Availability (HA) in SCOM 2007 R2 is to cluster the RMS server which is operationally and technically complex and also relies on an active / passive model with the associated hardware and licensing costs. There’s also the option to manual promote a secondary management server to RMS in a disaster situation but this isn’t straightforward.

SCOM 2012 high availability

SCOM 2012 changes the game by doing what Exchange and other Microsoft applications have already done by providing HA out of the box. Management servers are pooled and automatically share the load, no server is more important than any other and simply by having several of them availability is ensured. Each server runs the configuration service and they store their data in the database instead of in an XML configuration file / memory like SCOM 2007 R2 did (this file could be up to several GB in large environments), leading to quicker start-up of each management server.

Failover is not instantaneous and it can take up to two minutes whilst the pool reloads managed instances. All management servers should be located in the same datacentre (less than 5ms latency) and you should deploy Gateway servers in other locations. These servers connect SCOM to branch offices or untrusted domains and can also be in resource pools but you can’t mix Management and Gateway servers in the same pool.

In SCOM 2007 R2 the RMS has special characteristics and some current management packs (Exchange 2007 and 2010 are examples, a full list is forthcoming from Microsoft) rely on a RMS to report to. Since there isn’t an RMS server in SCOM 2012 one management server is assigned the RMS Emulator role to provide compatibility with these MPs. This role can be manually moved between management servers (using the PowerShell cmdlet Set-SCOMRMSEmulator) and there’s a management pack coming that will automate the failover of the role. Management Groups don’t rely on the RMS emulator; it’s there for backwards compatibility with MPs.

SCOM 2012 Resource Pool

Know that all management servers are treated as having equal capacity; differences in processors and memory capacity are not taken into account so it’s best to plan on having all servers identical. Different workloads are also not taken into account and are simply distributed amongst the available servers in a pool. There’s are three default pools ; All Management Server Resource Pool, the Notification Pool and an AD Integration pool but you can create your own pools for specific monitoring situations.

The three built in Resource Pools

Roles within a pool can be manually controlled, this is suitable for instance if you have a hardware text/SMS alerting device connected to a particular management server, there’s no point in failing that function over to a server without the hardware attached. Cross platform (Unix/Linux) monitoring and network device monitoring is also targeted at pools rather than individual management servers.

SCOM 2012 maintenance mode

An issue in SCOM 2007 R2 is when you put a management server into maintenance mode, because the workflow to take the server out of maintenance mode after the designated time is also running on that server it never automatically comes out of maintenance mode, in SCOM 2012 the workflow is moved to the All Management Servers resource pool negating the need to manually take a server out of maintenance mode.

The new Silverlight based web console is your friend when you’re away from your monitoring station.

The new home on the web for all management packs is http://systemcenter.pinpoint.microsoft.com and for those who’ve been less than impressed by the Pinpoint site and finding management packs in the past it’s good to know that the above address is focused solely on System Center.

In the next part of this SCOM 2012 RC technical review series we’ll look at my favourite new feature: Network Monitoring, what’s required and how it works.

• System Center 2012 – Orchestrator 2012 – Integration Packs (0)
• System Center 2012 – Orchestrator 2012 – Runbooks best practices (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• System Center 2012 – Orchestrator – Creating Runbooks (0)
• System Center 2012 – Orchestrator – Installation (0)

Interoperability in SCOM 2012

Because a modern enterprise is heterogeneous SCOM sometimes needs to integrate with other monitoring solutions such as IBM Tivoli, HP OpenView and others. In SCOM 2007 R2 this is accomplished with connectors, but these are not supported in SCOM 2012. The integration between SCOM and other management systems will now be accomplished through System Center Orchestrator 2012.

The different programs in the System Center suite are essentially different applications with little integration in the current version. System Center Orchestrator 2012 is about to change this in the 2012 wave by providing Integration Packs (IP) for each of the major Systems Center applications including SCOM. The SCOM IP can create and interact with Alerts and Monitors as well as start and stop maintenance mode.

There’s also IPs for System Center Service Manager (SCSM) that can create incidents automatically based on alerts in SCOM for instance; the IP for System Center Virtual Machine Manager (SCVMM) will push information about VMs, services, private clouds and hosts into SCOM. In a future review here at 4sysops we’ll look at this approach for integrating the System Center suite and if it’ll provide the tight glue that many have asked for.

PowerShell in SCOM 2012

The good news is that SCOM now comes with full PowerShell 2.0 support and a host of new cmdlets. The less good news is that there will be a learning curve as the new cmdlet nouns have “SCOM” in their names; the old cmdlets still seem to work however. There are also new cmdlets for monitoring Unix and Linux machines (see part seven), these rely on PowerShell 3.0 (in CTP at the time of writing) for easy scripting and background operations.

To execute PowerShell cmdlets you have to establish a connection to a management group, this can either be persistent so you can run multiple cmdlets or a temporary connection allowing you to run a single command.

A new cmdlet that might come in very handy is Export-SCOMEffectiveMonitoringConfiguration that looks at a specific monitored instance (or a list), finds the monitors, rules and overrides that apply to it and exports the effective monitoring to a csv file.

The main console in SCOM 2012 follows the familiar System Center look and is easy to work with.

Consoles in SCOM 2012

Sysadmins familiar with SCOM 2007 R2 will feel right at home in the console, apart from some cosmetic changes (the “Actions” pane is now the “Tasks” pane and is split into two tabs, one for actions and one for help) it’s almost identical. The Web console on the other hand has received a major Silverlight overhaul and is now a joy to work with. Note that the Web console provides a monitoring workspace only although you can create dashboards in it with the same functionality as in the full console (see part eight) .You’ll need a 32 bit version of Word 2010 to edit custom information in the Knowledge Base, Office 2010 x64 won’t work.

In the next part of this series we’ll look at the flagship feature of SCOM 2012; built in High Availability as well as how the new Resource Pools work.

• System Center 2012 – Orchestrator 2012 – Integration Packs (0)
• System Center 2012 – Orchestrator 2012 – Runbooks best practices (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• System Center 2012 – Orchestrator – Creating Runbooks (0)
• System Center 2012 – Orchestrator – Installation (0)

Upgrading to Operations Manager 2012

Only SCOM 2007 R2 can be upgraded to Operations Manager 2012 so if you’re on an earlier version you have to upgrade to this level first. If you’re an early adopter and trialled the beta it can be upgraded to the current Release Candidate and it in turn is supported for upgrade to RTM. You can’t however upgrade from the beta directly to RTM, nor can you upgrade to RC from a SCOM 2012 beta that was originally upgraded from SCOM 2007 R2.

The most important prerequisite however is that all SCOM 2007 R2 management servers that you want to upgrade are 64 bit on x64 hardware and run 2008 R2 SP1 as the OS. If this isn’t the case in your environment, fear not, you can spin up a new server and start the upgrade from there. If you’re doing your upgrade this way back up your encryption keys from the current RMS and restore them on the new SCOM 2012 server.

The general sequence for an upgrade is: secondary management servers, gateways and agents first, then the Root Management Server (RMS). If any management servers or gateways are still 2007 R2 the final RMS upgrade will be blocked. If agents are still 2007 R2 this will be highlighted during the RMS upgrade but it won’t block the upgrade. Be aware that these agents won’t be able to report to SCOM until they have been upgraded to SCOM 2012 agents.

If yours is a smaller environment with a single SCOM 2007 R2 server you can either upgrade in place (provided your server meets the hard- and software requirements) or you can set up another management server and start the upgrade from there. If you upgrade in-place be aware that you have to upgrade all the agents before they’ll report to SCOM 2012.

To assist with your upgrade plan there are clickable flow diagrams on TechNet that clarifies what options you have, the same page also provides links to checklists with step by step instructions. There’s also an upgrade helper Management Pack (MP) that walks you through the upgrade and gives you an overview of what parts of your infrastructure has been upgraded.

Once your environment has been upgraded to Operations Manager 2012 you can take advantage of the new reporting functionality.

Further points for your upgrade planning includes backing up the databases, disabling notifications to prevent false alarms and stopping connectors to avoid false tickets being generated as well as making sure agents don’t report directly to the RMS as your upgrading it. Most importantly, check the event log for any problems, you can’t upgrade away from problems so ensure your SCOM environment is healthy before you upgrade.

If you used Operations Manager to deploy agents they will show up as pending upgrade in the console and you can push out the upgrade from SCOM; if you use an alternate method of deploying agents (such as SCCM) you have to upgrade them using your chosen deployment method but it’s simple MSI file so that should be easy. The native consoles are version specific so if you need both the old and the new console on a machine upgrade to the SCOM 2012 console and then reinstall the SCOM 2007 R2 console afterwards.

Depending on the size of your environment you may have a mix of SCOM 2007 R2 and SCOM 2012 management groups and servers in your environment for some time so be aware that the SCOM 2012 agent will communicate with SCOM 2007 R2 servers. The reverse isn’t true however so an important step in your upgrade process will be upgrading agents to the 2012 version. The new Control Panel applet makes it easy to identify which management groups an agent reports to and adding and removing of management groups from agents can now be centrally controlled via scripts.

The new scriptable control over agent assignments will be a boon in large environments as will the Control Panel applet for troubleshooting.

Management packs that work in SCOM 2007 R2 should work in Operations Manager 2012 because the MP schema is unchanged. The few exceptions are where third party management packs require new modules on the agent, new MP templates or new view types due to API changes; or if they attempt to create or update other MPs or elements within other MPs.

In the next part of this series we’ll look at PowerShell enhancements in SCOM 2012, interoperability with other platforms as well as improvements in the Console.

• System Center 2012 – Orchestrator 2012 – Integration Packs (0)
• System Center 2012 – Orchestrator 2012 – Runbooks best practices (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• System Center 2012 – Orchestrator – Creating Runbooks (0)
• System Center 2012 – Orchestrator – Installation (0)

Long gone are the days when monitoring your IT environment meant waiting for the phone to ring and your users tell IT that something wasn’t working. Keeping an eye on your infrastructure is important for businesses of all sizes and Systems Center Operations Manager (SCOM) has been very good at providing that visibility for Microsoft’s platforms for many years, the current version (2007 R2) added native cross platform support for Linux and Unix.

SCOM 2012 – Main Console

The new kid on the block is SCOM 2012, currently in Release Candidate and it adds some really cool features for network monitoring, High Availability (HA), application monitoring and dashboards. In this eight part article we’ll dive into these and other improvements; giving both sysops with SCOM experience and other IT admins insight into what SCOM 2012 can bring to your environment.

Article Parts:

1. SCOM 2012 Installation
2. Upgrading to SCOM 2012
3. Interoperability, PowerShell and Consoles in SCOM 2012
4. Infrastructure improvements in SCOM 2012
5. Network Monitoring in SCOM 2012
6. Application Performance Monitoring in SCOM 2012
7. Unix and Linux monitoring and Java Enterprise Edition monitoring in SCOM 2012
8. Dashboards in SCOM 2012 and Conclusion

SCOM 2012 Installation

The overall installation experience for SCOM has been improved; the most obvious change is that the operational and data warehouse databases are created during the installation, in earlier versions they had to be created prior to the SCOM installation. The pre-requisite checker is also built into the installation wizard; this simplifies the overall installation process. Any problems during the steps in the installation wizard are highlighted and the error message is copied to the clipboard. Credentials that you define are tested from within the wizard to make sure they work before proceeding to the next screen.

SCOM 2012 – The Installation Wizard has been improved, providing for a smoother setup experience.

The installation program will assign the Administrators group on the local computer to the Operations Manager Administrators role which is a change from SCOM 2007. During installation you specify the management server action account and the Configuration service and Data Access service, and although it’s not recommended from a security standpoint you can use the same account for both roles. The former should be a domain-based account and not a domain admin account. The latter account is used to read and update information in the operational database and can either be assigned to Local System or a domain account, where the management server and the databases are on separate servers it has to be a domain based account.

Make sure you plan your accounts for SCOM 2012 correctly.

All SCOM 2012 servers (Management Servers and Gateway Servers) are supported to run as Virtual Machines with the recommendation to run the SQL server database on physical servers or virtual servers with direct attached disks for performance reasons. VM snapshots are not supported for use in conjunction with SCOM 2012. Management and gateway servers have to run on Windows Server 2008 R2 SP1, recommended memory is 2GB or more with a 2.8 GHz CPU. Prerequisite software is PowerShell 2.0, Windows Remote Management (WinRM), Core XML Services and .NET Framework 3.5 SP1 as well as .NET Framework 4.

The SQL Server backend has to run either 2008 SP1 x64 or later or 2008 R2; on a server with at least 4 GB of memory, with database collation set to SQL-Latin1_General_CP1_CI_AS and full text search enabled. If you need to provide high availability for the SQL Server databases both the Operational database, the Reporting data warehouse and the Audit collection database are recommended and supported on separate Active-Passive clusters as long as no other SCOM 2012 services run on these servers. Other supported configurations (but not recommended due to potential SQL performance issues) include Active-Active clusters and putting the Operational, Data Warehouse and Audit Collection databases on the same cluster, see here for more details.

The Data Warehouse database is now a required component in your SCOM environment, it was optional in SCOM 2007 R2, but it can be shared between Management Groups. The Operational database retains data for seven days by default, the Data Warehouse for 400 days by default.

The Windows agent comes in both a 32 and 64 bit version, as well as a 64 bit Itanium version, the 32 bit version can’t be installed on an x64 OS. The RC limits on objects and monitored items are 3000 agent monitored computers reporting to a management server and 2000 agent monitored computers to a gateway server but expect these figures to change for RTM.

In the next part of this SCOM 2012 RC overview we’ll look at how you can upgrade from your current SCOM environment and in which order this has to be done as well as the help available for your upgrade planning.

• System Center 2012 – Orchestrator 2012 – Integration Packs (0)
• System Center 2012 – Orchestrator 2012 – Runbooks best practices (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• System Center 2012 – Orchestrator – Creating Runbooks (0)
• System Center 2012 – Orchestrator – Installation (0)

One of the duties of many Windows systems administrator is network management. That is, you may be called to detect, diagnose, troubleshoot and resolve network interface slowdowns.

As your network grows in complexity to include multiple line-of-business (LOB) Web applications, load-balancing configurations, and the like, interface troubleshooting and performance monitoring can easily become extremely cumbersome and complex.

Monitoring an interface with SolarWinds Real-Time Bandwidth Monitor

To assist us in this effort, SolarWinds gives us the Real-Time Bandwidth Monitor. This is a free utility that enables us to monitor network bandwidth utilization statistics for multiple interfaces in real time.

Setting up interface bandwidth monitoring

The Real-Time Bandwidth Monitor software can be installed on any modern 32- or 64-bit edition of Windows desktop and server operating systems.

However, it should be noted that because the interface polling and statistics gathering in this product relies upon Simple Network Management Protocol (SNMP), you need SNMP turned on for any device you will be monitoring, which it will be by default for your network devices.

In some cases, you will prefer to have an SNMP server in place in your domain prior to using this tool.

For instance, you can fire up Server Manager in Windows Server 2008 R2 and install the SNMP Server feature, as shown in the following figure.

Windows Server 2008 R2 – Install SNMP Server feature

Once you have SNMP Server installed, you can configure SNMP-related metadata like the community name and trap destinations by modifying the properties of the SNMP Service Windows service. This process is depicted in the following screen capture.

SNMP Service Windows service

Upon first launch of the application, you are asked to create a monitor. This task includes three pieces of information:

• The IP or hostname of a device (desktop PC, server, switch, router, wireless access point, etc.)
• The SNMP version in use on your network (1,2, or 3)
• The SNMP credentials (community name for SNMPv1 and v2; username, context, and authentication method for SNMPv3)

Configuring the device

The next step in the setup process is selecting the desired interface. If you are connected to a switch, then you will be able to monitor individual port IDs; if you are connected to a Windows server, you can choose among physical and virtual network interfaces.

Selecting an interface to monitor

We are almost finished. The final step in the configuration process is setting threshold values. The percentages that you specify for warning and critical values enable the Real-Time Bandwidth Monitor to give you feedback regarding degrees of bandwidth utilization.

Note in the following screenshot that you can also limit the chart date to a particular time interval or data points (sampling is performed at the half-second rate). Click Launch Monitor to start the monitor. Yes, you can have more than one monitor running on a host computer simultaneously.

Setting threshold values

Monitoring an interface

As you can see in the following screenshot, the monitoring screen is a resizable dialog box that is laid out in a very easy-to-understand manner. Inbound and outbound traffic on the selected interface are color-coded, as is the data line if it exceeds a threshold value.

Monitoring an interface

The line chart is active; you can analyze data points simply by hovering your mouse over them. This is shown in the following screen capture.

Analyzing a data point

You can make use of another of SolarWinds tools (this one is not free) called WAN Killer to simulate loads through monitored network interfaces.

While we are on the subject of related SolarWinds software, the Real-Time Bandwidth Monitor is a “smaller sibling” to their enterprise Orion Network Performance Monitor (NPM) software. NPM is a one-stop solution for automatically discovering and monitoring interfaces in your LAN and WAN environments. You can download a free demo from SolarWinds if you are so interested.

Conclusion

In summary, the SolarWinds Real-Time Bandwidth Monitor gives us systems/network administrators the ability to visualize network bandwidth utilizations on our interfaces. This data is extremely important not only for troubleshooting speed and access problems, but also for application performance tuning and enhancing the overall health of our network. Please feel free to leave your questions in the comments portion of this post.

Real-Time Bandwidth Monitor

• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• FREE: FrameFlow – Web-based Windows monitoring (1)
• Raffle: PA Server Monitor – Easy Windows server monitoring (0)
• Kiwi CatTools – Back up and manage network configs (0)
• Poll: Are you currently using a monitoring solution? (12)

Spiceworks is a great free network inventory and monitoring tool that is very useful for administrators and help desk staff. Spiceworks supports hardware and software inventory, facilitates network monitoring, and offers help desk functionality. For a more detailed feature list, please read this overview of Spiceworks’s functionality. In this article, I will help you get started quickly with Spiceworks.

Spiceworks

Requirements

First, make sure you have a user that has full administrator rights to all resources in your network. You have to provide that user for the Spiceworks scanning utility. Since the tool can also scan VMware virtual machines, you might need the corresponding login information.

Second, make sure you have exception rules in your firewalls to allow the following: Ping, Windows Management Instrumentation (WMI), and RDP. I suggest doing this using Group Policies so you’ll be sure everything is configured properly on all PCs.

Third and finally, you need to make sure that the WMI service is enabled and running on all computers. This is likely the most important part, as Spiceworks uses this service to get all of its information.

Spiceworks installation

After you download the latest version, execute the installer on either a server or a powerful PC. The reason for this is that Spiceworks does require quite some processing power depending on the size of your network.

1. Specify the port on which you’d like it to run (port 80 is the default setting).

2. Accept the terms and choose the installation path.

3. Start up the application (via the shortcut).

4. If your firewall asks, allow Spiceworks to access your network; the corresponding executables are spiceworks-httpd.exe and spiceworks-finder.exe.

5. If you already have a Spiceworks account, you still need to create a new user unless you want to copy the database information of an existing installation.

Spiceworks login information

6. Click “Inventory” to start scanning your network.

Spiceworks start screen

7. Enter the range of your network.

Network range

8. Provide the credentials for the different account types. Here is where you need to supply the administrator credentials for Windows, Unix, and switches/printers (via SNMP). “Unix” is the one you want to use to detect VMware virtual machines. If you use different passwords for your network devices, just provide the one that is the most used. You can go into the configuration later to provide logins for specific devices.

Spiceworks scan settings

9. Allow some time for the scan to execute.

Spiceworks scan results

10. If many error messages are displayed, try to determine what caused them. Usually Spiceworks will give you a good starting point, like indicating that a certain port is not available.

11. If only a few errors occurred, you can start browsing your inventory.

12. I suggest that you run Spiceworks as a service. To do so, right-click the Spiceworks icon at the bottom right and click “preferences.” Check “Spiceworks is running as a service” and provide the user/password. Running Spiceworks as a service will allow it to scan even if you are not logged on to the corresponding computer.

Spiceworks service preferences

Now you can start to explore the possibilities of this powerful network tool. You can set up email properties, monitors, and alerts. Almost everything is customizable; you just need to search a little. If problems come up, the Spiceworks community is a great resource for help. You also have access to a variety of Spiceworks extensions.

• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• FREE: FrameFlow – Web-based Windows monitoring (1)
• Microsoft Desktop Optimization Pack (MDOP): MED-V (0)
• Microsoft Desktop Optimization Pack (MDOP): Advanced Group Policy Management (AGPM) (0)
• Raffle: PA Server Monitor – Easy Windows server monitoring (0)

You probably know Event Viewer, a baked in Windows tool. For sophisticated event log analysis, you often need additional tools. Some of the tools discussed here are applications, and some are websites.

EventID.NET

I have a paid subscription for EventID.NET, and use this database for event ID searches. The site is a repository of almost all Windows event IDs and offers in-depth write ups, screenshots, and links to external sources. A one year subscription for an individual costs $29 USD.

EventID.net -Search for event IDs

ServerFault.com

The consistently useful ServerFault.com website has served me well since its inception. It is a crowd-sourced community of experts based on a Digg type voting system, in which a poster asks questions based on issues they are confronted with, usually scenario based, with Event IDs.

ServerFault.com – Question and answer site for admins

Experts-Exchange.com

Experts-Exchange.com is another community site which is not limited to any platform or architecture. It has a similar voting system as Serverfault.com and issues awards based on the helpfulness of the “experts”.

Notice that Experts-Exchange.com is not free. After the 30-day free trial, prices vary from $12.95 USD for the monthly plan to the the two year plan for $189.95 USD.

Experts-Exchange.com – Tech support from experts

ManagEngine EventLog Analyzer

I have used many of ManageEngines free tools, and EventLog Analyzer is my favorite. The tool works with Unix/Linux/Windows and can be configured to give real time alerts and offers sophisticated reporting features. The holy grail of all IT logging is the centralized logging ability. EventLog Analyzer can also collect logs from devices such as routers, web services and FTP servers. The free version supports up to 5 hosts. The Professional Edition starts at $395 USD for 10 hosts. Check out the price list for other configurations.

Eventlog tool ManageEngine EventLog Analyzer

GFI EventsManager

GFI EventsManager provides similar features as the ManageEngine product offering real time alerts and support for SNMPv2 traps. I like the auto archive feature and its search filters. GFI doesn’t offer a free edition but you can download a free trial. For a Server and 10 clients, GFI EventsManager costs $440 USD.

Event log tool GFI EventsManager

Netikus.net EventSentry

EventSentry offers quite a few interesting features that go far beyond event log monitoring and analysis: Compliance tracking, package managing, compliance tracking, log file monitoring, system health monitoring, and web reports. EventSentry Light is its free version and is a must-have tool for every admin doing event log analysis. Check out the comparison table to get an overview of the capabilities for its free and full version. A configuration with 10 hosts will cost you $698 USD. The complete price list can be found here.

Event log tool – Netikus.net EventSentry

Do you know any other good event log analysis tool?

• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• FREE: FrameFlow – Web-based Windows monitoring (1)
• Raffle: PA Server Monitor – Easy Windows server monitoring (0)
• Poll: Are you currently using a monitoring solution? (12)
• SCOM 2012 review – Part 8: Dashboards (0)

Submitted by Eugene Rublovka

Verax NMS supports network elements (CISCO, Juniper, Adva, Foundry , etc.), applications (MySQL, Oracle RDBMS, Microsoft Internet Information Server, Apache Tomcat, IBM WebSphere, etc.), and data center elements (IP cameras, power supplies, etc.) in a single, integrated system.

Network and application monitoring – Verax NMS – Sensor summary

The Rich Internet Application (RIA) front-end GUI is a differentiator, as well as built-in business reports (users can design their own), plugin based architecture (SDK available) and rules engine (for event processing and IT automation).

Network and application monitoring – Verax NMS – Business Reports

Verax NMS

• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• FREE: FrameFlow – Web-based Windows monitoring (1)
• Raffle: PA Server Monitor – Easy Windows server monitoring (0)
• Poll: Are you currently using a monitoring solution? (12)
• SCOM 2012 review – Part 8: Dashboards (0)

In the first guide we installed Nagwin on a Windows host, configured the process, and set up an additional Windows host for monitoring. In this guide we will explore how to use Winrpe – a Nagios monitoring client for Windows – to check on all kinds of server health indicators including CPU load, memory allocation, and error events in the Windows Event Log.

Installing and configuring Winrpe

Like Nagwin, Winrpe is an Open Source port of a Nagios client (nrpe) that is maintained by the folks at ITeF!x. It is available for download on SourceForge. You will need to download and install Winrpe on each Windows host you would like to monitor. The installer will ask you for the installation path and the service account Winrpe will use. The path isn’t as important but be sure to note the service account name and randomly-generated password. Once the installation is complete, you will have a new Start menu folder with entries:

1. nrpe.cfg
2. Web site
3. Documentation
4. Uninstall NRPE

You will want to open the shortcut to nrpe.cfg with your favorite text editor and being chipping away at nrpe configuration. Nrpe comes with a default configuration but you will need to tweak it according to your needs. Let’s look at the more important directives:

• allowed_hosts: Informs nrpe of hosts that are allowed to connect to the daemon. This list should include the IP address of your Nagios server and always the loopback address, 127.0.0.1
• command_timeout: The amount of time nrpe will try to execute a given command before it gives up, or times out. I like to use a setting of 20 seconds for newer systems and 60 seconds for older systems, but your mileage may vary.
• connection_timeout: The amount of time nrpe will wait for a TCP connection to be established. You may want to set this to a fairly high value (60-120 seconds), especially if you are monitoring hosts across a site-to-site VPN or the Internet.
• include and include_dir: Used for including directives (usually commands) from another file. This is great if you have a shared config file for multiple hosts; for example, you may have a shared drive at \\fileserver\winrpe\base.cfg and other clients use this base configuration. Include_dir includes all config files in a directory.

Command Directives

Command directives define commands that Nagios can use to access nrpe. The basic format is as follows:

command[ALIAS]=actualcommand.exe --params -w # -c #

The ALIAS is what Nagios will use to access your command. The actual command is placed on the right of the equals sign and indicates what the alias does. All command paths are relative to the ICW\bin folder and you will find that Winrpe pleasantly includes some useful tools in that folder.

Winrpe foder

• check_nrpe: Verifies that nrpe is installed and listening on a host
• check_pdm: Checks processor, disk, and memory
• check_winevent: Checks Windows Event Log entries
• check_winfile: Checks for the presence and attributes of Windows files
• check_winprocess: Checks Windows processes
• check_winservice: Checks Windows services

In addition, you can specify warning and critical values for each command. For example, if your command checks for error events, you might set only a critical value of 0, meaning that if your system has experienced any error events in the past 24 hours (>0) it will be marked as critical.

We will define a sample command here for CPU load since most administrators would be interested in that sort of thing.

command[pdm_cpuload]=check_pdm.exe --processor -w 50 -c 80

• Our alias is pdm_cpudload
• The command definition is the built-in utility check_pdm.exe
• We have one parameter, which is processor
• The warning level is 50 (percent)
• The critical level is 80 (percent)

This command definition is usually included by default in your nrpe.cfg file so you can see it in action. It will check CPU load when requested, issuing a warning at 51% and a critical alert at 81%.

Once you have setup your nrpe.cfg file to your liking, go ahead and start the nrpe service through services.msc on your host. You may want to make this an automatic service.

Winrpe on Windows 64-bit

For some reason Winrpe does not play well on 64-bit Windows environments and it will eventually stop working. So, you need to create a scheduled task to execute the following batch script every 15 minutes or so (adjust as necessary):

net stop "Nrpe"
taskkill /F /IM nrpe.exe
net start "Nrpe"

Winrpe restart

As you can see, this simply stops the nrpe service, kills the associated process, and starts the service again. Not the most elegant solution, but it’s the only one that I’ve found to work!

Configuring the Nagios Server

It’s time to wire everything up. Return to your Nagios Server and navigate to the ICW\etc\nagios\nagwin directory. Open the hosts.cfg file in your text editor and find your host definition. Below the host definition we will add a new service definition for that host.

define service {

This will define a new service for host fileserver. The service_description is what will appear for that row in your Nagios administration server, and the check_command is the command in nrpe (on your client) that you would like to run. In this case, it’s check_nrpe!pdm_cpuload.

Finally, you will need to restart your Nagwin_Nagios service to reflect these changes. When you restart Nagios and login to the administration console, you will see the following line item in your “Services” section:

Restart Nagwin_Nagios service

In the next guide we will explore Nagios notifications and contacts.

Winrpe

• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• FREE: FrameFlow – Web-based Windows monitoring (1)
• Raffle: PA Server Monitor – Easy Windows server monitoring (0)
• Poll: Are you currently using a monitoring solution? (12)
• SCOM 2012 review – Part 8: Dashboards (0)

Nagios is one of the most popular Open Source IT infrastructure monitoring tools available. Originally developed to monitor network hosts for uptime, latency, and health, Nagios has been extended to perform a variety of functions through its plugin interface. Though it is Open Source and generally intended for the Linux crowd, the folks at IteF!x have developed a port of Nagios for Windows – or Nagwin – to allow a Windows host to run the Nagios process.

Nagwin – A complete Nagios implementation for Windows

Installing Nagwin

Nagwin uses several packages to acheive Nagios functionality on Windows, including lightweight versions of Cygwin (a Linux API for Windows), PHP, Perl, Blat (SMTP server), and Nginx (web server). Thankfully all of these are included in the download for Nagwin at SourceForge.

Once you download the installer, unzip and run the resultant Nagwin_1.2.0_Installer executable to get started. During the installation, you will be prompted for where you want to put the “ICW” folder (the cygwin root). I like to put this directly on the hard drive so it is easy to get to “C:\ICW,” but this is a matter of personal taste. Next, you will be prompted to enter a service account name and password. Accepting the defaults here is fine unless you would rather use an existing service account. The password that is prepopulated is randomly generated and if you accept defaults you should save this password somewhere safe. Click “Install” to proceed.

Configuring the Nagios process

Assuming you want Nagios to start automatically when your server starts, you should run the MMC console “services.msc” and scroll down to where all of the Nagwin services are. By default, these are manual startup services. If you go to Properties for each service you can configure them for an automatic startup. If they are running already, go ahead and stop them.

By default, the Nagios admin account (nagiosadmin) has the password “nagios” and that will not do, so let’s go ahead and change it. In a command prompt window, navigate to the ICW directory that you chose in the installation, then navigate to the “bin” folder. Now, run the command, replacing the italicized bit with your desired password:

htpasswd2 -b /etc/nginx/htpasswd nagiosadmin your_password_here

You can create additional accounts but that’s what we will use for now. You can also change the port that is used to access the web management interface. By default, this is port 80, but you will probably want to change it to a lesser known (and less likely to conflict) port. I chose port 81 but you can choose any TCP port that is not already in use. To do so, navigate to the folder “\etc\nginx\nginx.conf” under the ICW directory and find the “server” block. Now change the “listen” directive from 80 to whatever you desire.

Configuring Nagios to monitor a host

Now the real work begins. Let’s assume that our Nagios server is located at 10.1.1.14 in a 10.1.1.0/24 subnet, and that we want to monitor another Windows host located at 10.1.1.10 (called “fileserver”) on the same subnet. To monitor the host we simply define a new host in the file “\etc\nagios\nagwin\hosts.cfg” and restart (or start) the Nagios process. First, open the hosts.cfg file in your favorite text editor (if it does not exist, create the hosts.cfg file in the “\etc\nagios\nagwin” directory). Using our example above, the host configuration is as follows:

# Define a host for the local machine

Note: alias is simply what Nagios calls the host, and in many cases it is appropriate to have the alias match the host_name. The important pieces here are the use, host_name, and address directives.

That’s it! Now we need to start all of our Nagwin services (there are four) in services.msc.

Once you have started these services, navigate to http://localhost:PORT_NUMBER and login using the username “nagiosadmin” and the password you defined earlier. Go to “Hosts” and voilà! Our newly defined host should appear along with “localhost” (where the Nagios process is located). You will notice that it provides detail regarding packet loss, latency (ping), and host uptime. Nagios saves this information in a repository that allows systems administrators to check the health of hosts as well as connectivity.

Nagwin – Connectivity

In the next guide we will learn about Winrpe, a small daemon installed on Windows hosts to provide more detailed information about their health – CPU load, memory information, event logs and statuses – so that the Nagios process can probe these services and provide the administrator the information he or she needs to nip Windows host problems in the bud.

Nagwin

• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• FREE: FrameFlow – Web-based Windows monitoring (1)
• Raffle: PA Server Monitor – Easy Windows server monitoring (0)
• Poll: Are you currently using a monitoring solution? (12)
• SCOM 2012 review – Part 8: Dashboards (0)