Latest posts by Paul Schnackenburg (see all)
- Office 365 Secure Score – Securing Exchange Online - Thu, Aug 3 2017
- Office 365 Secure Score - Reporting and monitoring - Tue, Aug 1 2017
- Office 365 Secure Score - MFA for users and auditing - Mon, Jul 31 2017
The artists formerly known as Intelligence Packs have changed their name to Solutions. These are the real powers behind the Operations Management Suite and where it differs from System Center Configuration Manager (SCOM) and other traditional monitoring solutions. The problem with SCOM, as any old hand will tell you, is the time it takes to configure alerts and overrides to block unimportant stuff to make sure that you see the important alerts but don’t overwhelm operators with insignificant ones. Because OMS takes log data from many different sources and uses cloud compute power to analyze, it can bubble up relevant information more quickly.
The Solutions Gallery has a lot more to offer now than when we looked at the preview more than a year ago, and there’s more coming. The AD and SQL Assessment solutions are a bit like Best Practices Analyzers, looking at your topology and configuration and recommending changes. Here you can see the SQL Assessment giving me three high-priority recommendations for my client’s production environment.
SQL Assessment overview
If I dig into one of them by clicking on the tile, I find detailed instructions for what to do.
SQL Assessment detailed instructions
The System Update Assessment tells me which systems are missing patches, as well as the individual installation time (based on averages gathered from all OMS users) for each patch, and an aggregate time for all missing patches on a particular server. Very useful.
Update Assessment installation time
Note that the Capacity Planning solution works only if you have a virtual machine monitor (VMM) and SCOM installed and configured to talk to each other. Another thing I really like about the Operations Management Suite is that if I find that a Solution isn’t applicable to a situation, I can simply go back into the Solutions Gallery and remove it. It’s a lot easier than uninstalling an SCOM Management Pack in a production environment.
Tracking changes and configuration drift across servers is tedious work, and thus, using the power of the Change Tracking solution to find out what software and configuration changes have occurred on each server can be a real boon.
And for the few lucky ones out there with the budget and connections at Microsoft, there’s even a Solution for the Surface Hub.
As you add Solutions from the gallery, be aware that it can sometimes take a few hours for data to show up; in other cases, additional configuration of Solutions is required. If you use OMS to monitor internet information services (IIS) logs, it’s a good idea to wrap them hourly (the default is daily). If you have a busy web server, a full daily log can be several gigabytes, and if it’s changed, the Operations Management Suite will upload the whole file again; thus, it’s better to break it into smaller chunks.
The “Suite” part ^
OMS now includes Azure automation (you get 500 free minutes of automation jobs per month) and Azure Backup/Azure Site Recovery (you get 31 days of free backups with the OMS trial) as well as Desired State Configuration (DSC). This qualifies OMS for the “suite” moniker. We’ve covered these Azure services at 4Sysops before; just follow the links. Note that Azure automation now has a graphical authoring environment (a bit like System Center Orchestrator), and DSC is a cloud service, negating the need to set up your own server to house the configuration files.
Another new feature is that the Search part of OMS now has an application programming interface (API), as long as you’ve linked OMS to Azure. Here you can access and manipulate OMS data programmatically, so if you don’t like the easy-to-use console, you can build your own. This also opens OMS to third-party developers. I suspect it won’t be long until we see third-party Solutions (that won’t be free) on offer in the Solutions Gallery.
As with most things cloud, you can try out features that are not quite finished baking yet. On the Settings tab, click Preview Features and enable what’s on offer to try out new things.
Try out Preview Features
Another big request from customers has been performance monitoring (something SCOM can do), and back in October 2015, the Near Real Time (NRT) performance counter collection was introduced. Go to the Settings area, click Data, and select which counters to collect.
Performance Counters data gathering
Visualizing the data is easy once the performance metrics have been gathered; here’s the disk queue length for the SSD drives where the three VMs are stored:
Disk Queue Length Visualization
Another useful addition that’s coming soon is the ability to collect wire data to analyze network captures. This will work initially only for Windows Server 2012 R2 (and 8.1) or later. And there’s a Solution for the Docker container log and performance data coming soon.
Something that’s going to “close the loop” and bring the Operations Management Suite closer to SCOM are the new OMS alerts that trigger based on criteria you set. Still cooler is that you can link an alert to an Azure Automation runbook, so that it runs when the alert fires.
A replacement for Operations Manager? ^
The fact that OMS is a “suite” by combining several cloud services is an interesting approach. I suspect it matches up with Enterprise Mobility Suite (EMS), which also bundles several “better together” cloud services at an attractive price point.
Clearly OMS isn’t going to be as capable as SCOM is (today); you can’t customize what Solutions do (as you can with a Management Pack), and there are lots of devices, platforms, and applications that aren’t supported by the Operations Management Suite. But it’s clearly complementary to SCOM. And it’s becoming more capable very quickly. I think there are many small to medium businesses that wouldn’t take on the overhead of SCOM but could benefit from OMS. I suspect that if you give it a year or two, OMS might be a valid alternative to SCOM, not just a useful addition to it.
Many people said that Intune wouldn’t ever be a competitor to Configuration Manager; today I think there are many small and medium enterprises that could quite comfortably do without System Center Configuration Manager (SCCM) and manage all their PCs and mobile devices with Intune.
A question is the impact that using the Operations Management Suite will have on your servers. In my testing, I find it’s minimal; on a busy DC you might see 5–10% CPU overhead. I did notice a once-off spike on one server, which was probably the initial setup and encryption/upload of log data after I’d added it to the Operations Management Suite. Another thing I’ve found is that as I find “big noise” sources in the logs and attend to them, less data is generated overall. With syslogs from Linux now supported, Microsoft shows that it’s sincere about supporting all popular platforms.
I think the Operations Management Suite is one of the most interesting cloud services that I’ve evaluated; the concept of using the cloud and Big Data concepts to bring insight and correlation into large amounts of machine data through easy-to-use Search and focused Solutions is very powerful. There’s a lot of buzz around OMS; if you’re a sysadmin, I highly recommend you take the free trial for a spin.