Tag: Operations Manager

Oracle On Their Internal Systems Management

I just read a story about how Oracle consolidated their internal systems management   They decided to invest in a legacy-style solution based on SNMP and ping.  One of the things I noticed was that Oracle wanted to do lots of customization, be able to get access to the underneath data so they could manipulate it, integrate it, etc.

This is how not to do monitoring in a modern IT infrastructure.

In 1st year of college, we were taught about different ways you could buy software:

  1. Write it yourself: Takes lots of time/skills and has hidden longterm costs.
  2. Buy or download something cheap off the shelf that does 80% of what you need.  You spend a very long time trying to get the other 20%.  It ends up not working quite right and it costs you a fortune, especially when it fails and you have to replace it – of course, the more common approach is to live with the failure and pitch a story that it is fantastic.  I call this the “I’m in government” approach.
  3. Spend a little bit more money up front, buy a solution that does what you need, is easily customizable, and will work.

In Ireland, approach number 2 is the most commonly taken road.  Ping/SNMP cheapware is what most organizations waste their money and time on.  A server responding to ping does not make it healthy.  A green icon for a server that is monitored by a few SNMP rules that took you an age to assemble does not make it healthy.

Instead what is needed is a monitoring solution that has indepth expertise in the network … all of it … from the hardware, up through to the applications, has ana additional client perspective, and can assemble all of that into the (ITIL) service point of view.  Such a solution may cost a little buit more but:

  • It works out of the box, requiring just minor (non-engineering) changes along the way.
  • The monitoring expertise is usually provided by the orginal vendor or an expert third party.
  • The solution will be cheaper in the long term.

No guesses required to tell which solution I recommend, based on experience.  I’ve tried the rest: I was certified in CA’s Unicenter (patch-tastic!), I got a brief intro to BMC Patrol, I’ve seen teams of Tivoli consultants fail to accomplish anything after 6 months of efforts, and I’ve seen plenty of non-functional cheapware along the way.  One solution always worked, out of the box, and gave me results within a few hours of effort.  System Center Operations Manager just works.  There’s lots of sceptics and haters but, in my experience,  they usually have an agenda, e.g. they were responsible for buying the incumbant solution that isn’t quite working.  There is also the cousin of OpsMgr, SCE 2010, for the SME’s.

CA Report on Downtime

I’ve just read a news story on Silicon Republic that discusses a CA press release.  CA are saying that European businesses are losing €17 billion (over $22 billion) a year in IT down time.  I guess their solution is to use CA software to prevent this.  But my previous experience working for a CA reseller, being certified in their software, and knowing what their pre-release testing/patching is like, I would suspect that using their software will simply swap “downtime” for “maintenance windows” *ducks flying camera tripods*.

What causes downtime?

Data Loss

The best way to avoid this is to back up your data.  Let’s start with file servers.  Few administrators know about or decided not to turn on VSS to snapshot the volumes containing their file shares.  If a user (or power user) or helpdesk admin can easily right-click to recover a file then why the hell wouldn’t you use this feature?  You can quickly recover a file without even launching a backup product console or recalling tapes.

Backup is still being done direct to tape with the full/incremental model.  I still see admins collecting those full/incremental tapes in the morning and sending them offsite.  How do you recover a file?  Well VSS is turned off so you have to recall the tapes.  The file might not be in last night’s incremental so you have to call in many more tapes.  Tapes need to be mounted, catalogued, etc, and then you hope the backup job ran correctly because the “job engine” in the backup software keeps crashing.

Many backup solutions now use VSS to allow backups to disk, to the cloud, to disk->tape, to disk->cloud, or even to disk->DR site disk->tape.  That means you can recover a file with a maximum of 15 minutes loss (depending on the setup) and not have to recall tapes from offsite storage.

High Availability

Clusting.  That word sends shivers down many spines.  I starting doing clustering on Windows back in 1997 or thereabouts using third party solutions and then with Microsoft Wolfpack (NT 4.0 Advanced Server or something).  I was a junior consultant and used to set up demo labs for making SQL and the like highly available.  It was messy and complex.  Implementing a cluster took days and specialist skills.  Our senior consultant would set up clusters in the UK and Ireland, taking a week or more, and charging the highest rates.  Things pretty much stayed like that until Windows 2008 came along.  With that OS, you can set up a single-site cluster in 30 minutes once the hardware is set up.  Installing the SQL service pack takes longer than setting up a cluster now!

You can cluster applications that are running on physical servers.  That might be failover clustering (SQL), network load balancing (web servers) or us in-built application high availability (SQL replication, Lotus Domino clustering, or Exchange DAG).

The vast majority of applications should now be installed in virtual machines.  For production systems, you really should be clustering the hosts.  That gives you host hardware fault tolerance, allowing virtual machines to move between hosts for scheduled maintenance or in response to faults (move after failure or in response to performance/minor fault issues).

You can implement things like NLB or clustering within virtual machines.  They still have an internal single point of failure: the guest OS and services.  NLB can be done using the OS or using devices (use static MAC addresses).  Using iSCSI, you can present LUNs from a SAN to your virtual machines that will run failover clustering.  That allows the services that they run to become highly available.  So now, if a host fails, the virtualization clustering allows the virtual machines to move around.  If a virtual machine fails then the service can failover to another virtual machine.

Monitoring

It is critical that you know an issue is occurring or about to occur.  That’s only possible with complete monitoring.  Ping is not enterprise monitoring.  Looking at a few SNMP things is not enterprise monitoring.  You need to be able to know how healthy the hardware is.  Virtualisation is the new hardware so you need to know how it is doing.  How is it performing?  Is the hardware detecting a performance issue?  Is the storage (most critical of all) seeing a problem?  Applications are accessed via the network so is it OK?  Are the operating systems and services OK?  What is the end user experience like?

I’ve said it before and I’ll say it again.  Knowing that there is a problem, knowing what it is, and telling the users this will win you some kudos from the business.  Immediately identifying a root cause will minimize downtime.  Ping won’t allow you to do that.  Pulling some CPU temperature from SNMP won’t get you there.  You need application, infrastructure and user intelligence and only an enterprise monitoring solution can give you this.

Core Infrastructure

We’re getting outside my space but this is the network and power systems.  Critical systems should have A+B power and networking.  Put in dual firewalls, dual paths from them to the servers.  Put in a diesel generator (with fuel!), a UPS, etc.  Don’t forget your Aircon.  You need fault tolerance there too.  And it’s no good just leaving it there.  They need to be tested.  I’ve seen a major service provider have issues when these things have not kicked in as expected due to some freak simple circumstances.

Disaster Recovery Site

That’s a whole other story.  But virtualisation makes this much easier.  Don’t forget to test!

Writing of Mastering Hyper-V Deployment Nearing Completion

I’ve just submitted the last of my content to Sybex for Mastering Hyper-V Deployment.  It’s been a long and tough road.  Early work started on the project in February.  I’ve been doing my normal day job and trying to squeeze in chapters in a rush schedule.  I’ve been working during the morning commute, at lunchtime, the evening commute, into the night, and at weekends.  My co-author is close to finishing his chapters on schedule.  I’ve been doing the first of the reviews as we’ve moved through the project.  I’m probably already a third of the way through the copy edits (2nd set of reviews).  After that comes the final set (I hope) of layout edits.  And then off it goes to the printers for release in November.  I can’t wait!

Powered Down Virtual Machines on a Hyper-V Cluster

From time to time, I’ll be asked to power down virtual machines in our production environment.  I also run a test virtual machine on the cluster to test things like Live Migration after doing upgrade work.  Normally, I’d like to keep it powered down, just to save 512MB of RAM and the occasional CPU cycle.  But it seems to me, that Microsoft does not like us to keep powered down virtual machines on the cluster.

My first clue was in VMM.  VMM tries to protect the cluster reserve in a Hyper-V cluster.  In other words, VMM will change the status of a cluster object to a warning if you overcommit the resources.  For example, if you have 58GB of RAM for VM’s across your N+1 3 node cluster, then it’ll complain when you deploy 58GB+ of VM RAM.  One would assume that VMM would only calculate the running VM’s.  However, I can confirm that it does include the RAM assignments to powered down VM’s as well.  I can understand this conservative approach … it’s the sort of thing a banker would do if they didn’t want to bankrupt their bank’s loan book ;-)  You have to allow for a scenario where the VM will be powered up.  Who’s to say that there isn’t a tester or developer at the other end of a Self-Service Portal, consuming their quota points, and eager to power up the VM’s at any moment.

The next clue is in OpsMgr.  I’ve imported the Microsoft Windows Cluster management pack.  A highly available virtual machine is a resource from clustering’s point of view.  Surely you deployed it on a cluster (as a highly available virtual machine) for a reason?  Shouldn’t it be running?  That’s how the management pack sees it.  An object is created in OpsMgr for every monitored cluster resources, i.e. virtual machine, and its status will go to critical if the resource is stopped, i.e. the virtual machine is powered down.  You’ll get an alert and notifications will go out.  If you are running SLA reporting then you’ll get a nice red mark all over your SLA.  Whoops!

So what should you do with those powered down VM’s?  If it is going to be down for a long time then you should move it to the VMM library.  There you have cheaper storage, and hopefully lots of it.  Importantly, the VMM cluster reserve will be OK.  OpsMgr will stop complaining after a little while about a failed cluster resource.

What if this power down is a short term thing?  You should obviously add resources to the cluster to resolve the VMM cluster reserve warning because you won’t have an N+1 (or greater) cluster with enough resources to handle a failed host (or hosts).  You can use the Health  Explorer in OpsMgr to put the critical resource (the powered down VM) in the cluster into maintenance mode, thus eliminating alerts.  You should do that before powering down the VM.

Long term, if lots of VM’s will be powered down and up, you might want to create a dedicated, lower priority, cluster for this.  You can customize the monitoring not to care about cluster resources being up or down.  You can probably safely ignore warnings about VMM cluster reserve being exceeded too.

VMM Integration Setup with OpsMgr Fails

This deals with a scenario where you run the Configuration Operations Manager setup routine for VMM 2008 R2.  The setup fails at the Administrator Console stage with the following error:

<Problem>

"Setup was not able to retrieve the service account from the specified Virtual Machine Manager server.

Specify a different VMM server and then try the operation again.

ID: 10207"

I had this issue while setting up my lab environment for the book.  I’d never seen it before.  No matter what I did, it kept repeating and stuffed the schedule for a chapter, forcing me to move to the next chapter (after wasting 4 or 5 days).

I searched all over and found no help at all, but plenty of people who had seen this problem.  Some solutions included setting up the prerequisites.  I was 100% sure that I had done that: management packs, console installs, OpsMgr admin rights to the VMM service account, etc.  AD and accounts were all healthy.  I uninstalled and reinstalled VMM (retaining and reusing the database) and even created a new VMM server from scratch.

Eventually, I opened a call with MS PSS.  Within a couple of hours an engineer named Ganesh called me up – well ahead of the 8 hours SLA (nice!).  We fired up an easy assist session and went through all the steps.  We were both sure of a problem on the VMM side; OpsMgr was behaving perfectly.

Note: A handy troubleshooting step is to install a VMM Admin console on another machine and try that.  That can ID a cause of this issue – there appear to be many including dodgy DNS records and missing prereqs.   The setup log in the hidden (by default) ProgramData folder doesn’t give very much detail on the integration setup failure so you have to go through everything.

Ganesh wanted to look at the service account in ADSIEdit.  We browsed to it.  The first suspect was the SPN records.  SPNSETUP –L led us to believe everything was OK there.  We opened up the properties of the VMM service account and confirmed that.  However, when we expanded the service account we did notice something.  The SCP (it appears like a sub-folder in ADSIEdit under the VMM service account and is called CN=MSVMM) was missing.  This should be created by the VMM setup on the VMM server.

We reinstalled VMM on the VMM server once again.  Still no sign of the SCP.  This was a very unusual one.  Ganesh needed some time to do some research and to contact Redmond.

<FIX>

A day later I got an email from Ganesh.  There was a way to create the SCP.  Pop the VMM 2008 R2 media into the VMM server.  Browse to the <architecture>Setup folder using command prompt.  Run CONFIGURESCPTOOL.EXE –INSTALL from that folder.  This will create the SCP; I confirmed this in ADSIEdit.  I reran the integration setup and it completed perfectly.  After a while all of the VMM content started appearing in OpsMgr.

Note: If you do uninstall/reinstall VMM then make sure you patch it to the level it was at before.  Up-to-date VMM agents cannot communicate with out-of-date VMM servers.

Thanks to Ganesh over in PSS for your help!

My Hyper-V Presentations at PubForum Frankfurt 2010

I’m exhausted.  I’ve done 2 presentations this week at Pubforum, one after the other with a quick break.  3 hours of me talking.  Phew – those poor people who had to listen to me!

I’ve posted both presentations.  As usual, they are only my cue cards.  Most of the content is me speaking or answering questions.

This is the 2 hour class that I presented:

And this is the one hour class that I presented:
 
 
 

Bridgeways Management Pack for Hyper-V

Matt Mc Spirit has just blogged about a new free Operations Manager 2007 R2 management pack for Hyper-V.  This is intended to give you additional monitoring functionality, including lots of performance metrics gathering.  Take a look at Matt’s blog to learn more.

Will I deploy it?  It’s unlikely.  We’re a “upgrade it as soon as it’s ready” company.  I don’t know that Bridgeways will be keeping up to date with a Windows 8 Hyper-V management pack or not.  But, if I work for one of the many upgrade-every-3-or-4-years companies then this management pack just makes sense.

Which Linux Distribution, Version and Architecture for Hyper-V?

I thought I would revisit this subject now that version 2.1 of the integration components has reached release candidate stage.  You really will want to use v2.1 because it introduces SMP support for multiple vCPU’s (up to 4) in a Linux VM as well as clock synch and host power integration (for clean guest shutdown or state save).

My original discussion said that if you were doing enterprise Hyper-V then you are probably also running Operations Manager.  The beauty of System Center and Hyper-V being used together is that you get a single management system for the entire computing stack.

OpsMgr 2007 R2, with Cumulative Update 1 supports a certain set of Linux distributions, versions and architectures.  Hyper-V’s Linux Integration Services 2.1 supports another set.  You really want to pick a Linux from the commonly supported distros.  The below diagram should help with that.

image

Note that RHEL x64 does not support the Pluggable Time Service integration service.  It also doesn’t have support from Project Satori (MS/Citrix project) for the VSC to capture a mouse.

It appears that SLES 11 (x86 and x64) and with RHEL 5 (x86 and x64) are the two to go with for deployment in the near future.  You might steer clear of RHEL x64 (and choose RHEL x86) if the partial support exceptions are an issue.

Microsoft Ireland – Best of #MMS2010

I arrived in about an hour late for this event because I had to present at a cloud computing breakfast event in the city.  Writing until midnight, doing work until 1am and getting up at 05:30 has left me a bit numb so my notes today could be a mess.

The ash cloud has caused last minute havoc with the speakers but the MS Ireland guys have done a good job adjusting to it.

System Center v.Next

I arrived in time for Jeff Wettlaufer’s session.

The VMM v.Next console is open with an overview of a “datacenter", giving a glimpse of what is going on.  We see the library and shares which is much better laid out.  It includes Server App-V packages, templates, virtual hard disks, MSDeploy packages (IIS applications), SQL DAC packages, PowerShell, ISO and answer files.

VMM v.Next

The VMM model is shown next.  We can create a template for a service.  This includes virtual templates for virtual machines: database, application, web, etc.  The web VM is shown.  We can see the MS deploy package from the library is contained within the template for this VM.  The web tier in the model can be scaled out automatically using a control for the model.  The initial instance count, maximum and minimum instance counts can be set.  The binding to network cards can be sent too.

An instance of this model is deployed: lots of VM’s are included in the model.  One deployment = lots of new VM’s.  We now see the software update mechanism.  The compliant and non compliant running VHD’s are identified.  Normally we’d do maintenance windows, patching and reboots.  With this approach we can remediate the running VM’s VHD’s.  Because there are virtualised services, they can be migrated onto up-to-date VHD’s and the old VHD’s are remediated. The service stays running and there are no reboots or maintenance windows.

This makes private cloud computing even better.  We already can have very high uptimes with current technology.  The only blips are usually in upgrades.  This eliminates that.  The model approach also optimises the

Operations Manager 2007 R2 Azure Management Pack

You can use an onsite installation of OpsMgr to manage Azure hosted applications.  This is apparently out at the end of 2010.  We get a demo starting with a model, including web/database services, synthetic transactions and the Azure management pack containing Azure objects (a web front end that fronts the on-premises databases).  We see the usual alert and troubleshooting stuff from OpsMgr.  Now we see that tasks for Azure are integrated.  This includes the addition of a new web role instance on Azure.  In theory this could be automated as a response to underperforming services (use synthetic transactions) but it would need to be tested and monitored to avoid crazy responses that would cost a fortune.

Almost everything in the System Center world has a new release or refresh in 2011.  It will be a BIG year.  I suspect MMS 2011 will be nuts.

It looks like I missed 4 of the demos :-(  That’s work for ya!

Configuration Manager v.Next– Jeff Wettlaufer

Woohoo!  I didn’t miss it.

The focus on this release is user centric client management.  The typical user profile has changed.  Kids are entering the workplace who are IT savvy.  The current generation knows what they want (a lot of the time).  MS wants to empower them.  Users should self-provision, connect from anywhere, access devices and services from anywhere. 

There should be a unified systems management solution.  Do you want point solutions for software, auditing, patching, anti-malware, etc.

Control is always important.  Whether it is compliance for licensing, auditing, policy enforcement, etc.  Business assets must be available, reliable and secure.  Automation must be employed and expanded upon to remove the human element – more efficient, allow better use of time to focus on projects, less mistake prone.

ConfigMgr 2007 does a lot of this.  However, it didn’t do the last step: remediating non-compliance with policy (software, security, etc).

Notes: 75% of American and 80% of Japanese workers will be mobile in 2011.  The IT Pro needs to change: be more generalized and have a variety of skills capable of changing quickly.  IT in the business has “comsumerized”: they are dictating what they want or need rather than IT doing that.  I think many admins in small/medium organizations or those dealing with executives will say that there has always been some aspect to that.  The new profile of user will cause this to grow.

System Center ConfigMgr is moving towards answering these questions.  The end user will be empowered to be able to self-provision.  Right now, the 2007 release translates a user to a device, and s/w distribution is a glorified script.  It is also very fire and forget, e.g. an uninstalled application won’t be automatically reinstalled so there isn’t a policy approach.

The v.Next method changes this.  It will understand the difference between different types of device the user may have.  It is more flexible.  It is a policy management solution, e.g. an uninstalled application will be automatically reinstalled because it is policy defined/remediated.

Software distribution in v.Next: relationships will be maintained between the user and devices.  User assigned software will be installed only if the user is the primary user of the device – save on licensing and bandwidth.  S/W can be pre-deployed to the primary devices via WOL, off-peak hours, etc.

Application management is changing too.  Administrators will manage applications, not scripts.  The deployments are state based, i.e. ConfigMgr knows if the application is present or not and can re-install it.  Requirements for an application can be assessed at installation time to see if the application should even be installed at all.  Dependencies with other applications can be assessed automatically too.  All of this will simplify the application management process (collections) and troubleshooting of failed installations.

For the end user, there is a web based application catalog.  A user can easily find and install application.  A workflow for installation/license approval can back this up.  S/W will install immediately after selection/approval – this uses Silverlight to trigger the agent.  A user can define what their business hours are in the client to control installations or pre-deployments.  They can also manage things like automated reboots – no one likes a mandated reboot (after 5 minutes) while doing something important, e.g. a live meeting, demo, presentation, etc.  This is coming in beta2: there will be a pre-flight check feature where you can see what will happen with an application if you were to target it at a collection.  You then can do some pre-emptive work to avoid any failures.  I LIKE that!

We now see a demo of a software package/deployment.  An installer package for Adobe Reader is imported.  This isn’t alien from what we know now.  There is a tagging mechanisms for searches.  We can define the intent: install for user or install for system.  You can add deployment types for an existing application.  We see how an App-V manifest is added to the existing application which was previously contained _just_ an MSI package.  Now you can do an install or an App-V deployment (stream and/or complete deployment) with the one application in ConfigMgr.  So we now have 2 deployment types (packages) in a single application.  This makes management much easier. 

We see that the deployment of the application can be assigned to a user and will only be installed to their primary device.  System requirements for the application can be included in the package.

A deployment (used to be called an advertisement) is started and targeted at a collection.  The distribution points are selected.  Now you can specify an intent, e.g. make the application available to the user or push it.  The usual stuff like scheduling, OpsMgr integration are all present.

SQL is being leveraged more and more.  A lot of the file system and copy operations are going away and being replaces with SQL object replication.  It also sounds like the ConfigMgr server components might be 64-bit only.

The MMC GUI is being dropped.  The new UI is more intuitive, better laid out and faster.  It will filter content based on role/permissions  in ConfigMgr.  This will make usage of the console easier.  Wunderbars finally make an appearance in ConfigMgr to allow different views to be presented: Administration, Software Library, Assets and Compliance, and Monitoring.

Role Based Administration: The MMC did cause havoc with this.  A security role can be configured.  This moves in the same direction as VMM and OpsMgr.  13 roles are built into the beta1 build.  You can bound the rights and access in ConfigMgr, e.g. application administrator, asset analyst, mobile device analyst, read only roles, etc.  We are warned that this might change before RTM.  Custom roles can be created.  When a role logs into the console they will see only what is relevant (permitted).  Current ConfigMgr sites did this by tweaking files on site servers which is totally not supported and caused lots of PSS tickets.

Primary sites are needed only for scale out.  The current architecture can be very complex in a large network.  Content distribution can be done with secondary sites, DP’s (throttling/scheduling), BranchCache and Branch Distribution Points.  Client agents settings are configurable in a collection rather than in a primary site.

Note: we see zero hands go up when we are asked if anyone is using BranchCache.  That’s not surprising because of the licensing requirements, the limit of not having upload efficiencies (compared to network appliance solutions) and limited number of supported solutions.

Jeff says that client traffic to cross-wan ConfigMgr servers dropped by 92% when BranchCache was employed – the distribution point can be BITS (HTTPS) enabled.

Distribution point management has been simplified with groups.  Content can be added based on group membershpip.  Content can be staged to DP’s, as well as scheduled and throttled.

SQL investments mean that the inbox is gone in v.Next.  Support issue #1 was the inbox.  There are SQL methods for inter-site communications.  SQL Reporting Services is going to be used.  SQL skills will be required.  MS needs to invest in training people on this.

ConfigMgr client health features have been expanded.  There is configurable monitoring/remediation for client prerequisites, client reinstallation, windows services dependencies, WMI, etc.  There are in-console alerts when certain numbers of unhealthy clients are detected – configurable threshold.

There is a common administration experience for mobile device management – CAB files can be added to ConfigMgr applications (not just App-V and MSI/installer).  Cross-platform device support (Nokia Symbian) is being added.  User centric application and configuration management will be in it.  You can monitor and remediate out of date devices.

Software Updates introduces a group which contains collections.  You can target updates to a group.  This in turn targets the contained collections.  Auto-deployment rules are being introduced.  Some want to do patch tuesday updates automatically.  You DEFINITELY need to auto-approve anti-virus/malware updates (Microsoft Forefront updates flow through Windows Updates).  Auto-approved updates will automatically flow out to managed clients.  This has a new interface but it’s a similar idea to what you get with WSUS. 

Operating System Deployment is a BIG feature for MS in this product.  We now get offline servicing of images.  It supports component based servicing and uses the approved updates.  This means that newly deployed PC’s will be up to date when it comes to updates.  There is now a hierarchy-wide boot media (we don’t need one per site and saving time to create and manage it).  Unattended boot media mode with not need to press <Next>.  We can use PXE hooks to automatically select a task sequence so we don’t need to select one from a list.  USMT 4.0 will have UI integration and support hard-link, offline and shadow copy features.  In 2007 SP2, these features are supported but hidden behind the GUI.

Remote Control is back.  Someone wants it.  I don’t see why – the feature is built into Windows and can be controlled by GPO.

Settings Management (aka Desired Configuration Management) is where you can define a policy for settings and identify non-compliance.  V.Next introduces automated remediation of this via the GUI.  This is an option so it is not required: monitor versus enforce.  Audit tracking (who changed what) is added.

Readiness Tips: Get to 64-bit OS’s ASAP.  Start using BranchCache.  Plan on flattening the hierarchy.  Use W2008 64-bit or later.  Start learning SQL replication.  Use AD sites for site boundaries and UNC paths for content.

A VHD with a 500 day time bombed VHD will be made available by MS in a few weeks.  Some hand-on labs will be made available soon after in TechNet Online. 

Can you see why I reckon ConfigMgr is the biggest and most complex of the MS products?

Operations Manager

Irish OpsMgr MVP Paul Keely did this session.  I missed the first half hour because I was talking to Jeff Wettlaufer and Ryan O’Hara from Redmond.  When I came back I saw that Paul was talking about the updates that have been made available for OpsMgr 2007 R2.  The demo being shown was the SLA Dashboard for OpsMgr.

Management pack authoring: “you need to have a PhD to author a management pack”.  This is still so true.

Using a Viso/OpsMgr connector you can load a distributed application into Visio.  You can then export this into SharePoint where the DA can be viewed on a site.

KB979490 Cumulative Update 2 includes support for SLES 11 32-bit and 64-bit and zones for all versions of Solaris.

V.Next: MS have licensed “EMC Smarts” for network monitoring.  An agent can figure out what switch it is on and then figure out the network. This means OpsMgr can figure out the entire network infrastructure and detect when a component fails. 

Management packs are changing.  A new delay and correlation process will alert you about the root cause of an issue rather than alert you about every component that has failed because of the root cause.  This makes for a better informed and clearer issue notification.

Opalis

This is a recent System Center acquisition for automated work flows.  The speaker was to fly in this morning but the ash cloud caused airports to close.  MS Ireland have attempted to set up a Live Meeting where the speaker can present to us from the UK.

The speaker is Greg Charman and is present in a tiny window in the top left of the projector screen.

We have a number of IT silos: SQL, virtualisation, servers, etc.  Applications or processes tend to cross those silos, e.g. SQL is used by System Center.  Server management relies on virtualization.  Server management and virtualization both use System Center.

Opalis provides automation, orchestration and integration between System Center.  Currently (because it was recently acquired) it also plugs into 3rd party products. Maybe it will and maybe it won’t continue to support 3rd party products in future releases.

Opalis provides runbook/process automation.  You remove human action from the process to improve the speed and reliability.  It also allows processes to cross the IT silos.

In the architecture, there is an Integrated Data Bus.  Anything that can connect to this can interact with other services (in theory).  Lots of things are shown: Microsoft, BMC, HP, CA, IBM, EMC, and Custom Applications. 

A typical process today: OpsMgr raises an alert.  Manually investigate if it is valid.  Update a service desk ticket.  Figure out what broke and test solutions.  Maybe include a 3rd party service provider.  All of these tasks take time and the issue goes on and on.

Opalis: sees the alert and verifies the fault.  It updates the issue.  It does some diagnostics.  It passes the results back to the service desk.  It might fix the problem and close the ticket.  At the least it could provide lots of information for a manual remediation.

Opalis is used for:

  • Incident management: orchestrate the troubleshooting.  Maybe identify the cause and remediate the issue.
  • Virtual machine life cycle management: Automate provisioning and resource allocation.  Extend virtual machine management to the cloud.  Control VM sprawl.
  • Change and control management: This integrates ConfigMgr and VMM.

The integration for some products will be released later in 2010.  The VMM and ConfigMgr integrations are in the roadmap, along with a bunch of other MS ones.

System Center Essentials 2010

This is presented by Wilbour Craddock.  As most companies in Ireland are small/medium, SCE 2010 should be a natural fit for a lot of them.  Remember that it is a little crippled compared to the full individual products.  It can manage up to 50 servers (physical or virtual) and up to 500 clients.

  • Monitor server infrastructure using the OpsMgr components.
  • Manage virtual machine using the VMM 2008 R2 components.  This include P2V and PRO tips.
  • Manage s/w and updates using the ConfigMgr components.

The “SCE 2010 Plus” SKU adds DPM 2010 to the solution so you can backup your systems.

Inventorying: Runs every 22 hours and includes 60+ h/w and s/w attributes.  Visibility is through reports.  180 reports available.  New in 2010: Virtualization candidates.

Monitoring includes network management with SNMP v1 and SNMP v2.  It uses the same management packs as OpsMgr.  Third party and custom ones can be added.  The product will let you know when there is a new MP in the MS catalog.

Only the evaluation is available as an RTM right now.  The full RTM and pricing for it will be available in June.

Patching is done with WSUS and this is integrated with the solution.  Auto-approval deadlines are available.  It can synch with the Windows catalogue multiple times in a day.  There is a simple view for needed updates.

SCE can deploy software but it cannot deploy operating systems.  You can use the free WDS or MDT to do this.  Note that a new version of MDT seems to be on the way.  The software deployment process is much simpler than what you get with ConfigMgr, thanks to the reduced size of the network that it supports.  It assumes a much simpler network.

At first glimpse of the feature list, it appears to include most of the VMM features, but it not not be as good as VMM 2008 R2.  It cannot manage a VMware infrastructure but it can do V2V.  Host configuration might be better than VMM.  P2V is different than in VMM.  The Hyper-V console is still going to be regularly used, e.g. you can’t manage Hyper-V networking in SCE 2010.  Enabling a physical machine to run Hyper-V is as simple as clicking “Designate as a host”.  PowerShell scripts are not revealed in the GUI like in VMM but you can still use PowerShell scripts.

Software deployment now include filtering, e.g. CPU type X and Operating System Y.  You can modify the properties of existing packages.

The setup is simple: 10 screens.  Configuration is driven by a wizard.

Requirements: W2k* or W2K8 R2 64-bit only.  2.8GHz, 4GB RAM, 150GB disk recommended.  It can manage XP, W2003, and later.

The server with DPM will be around €800.  Each managed device (desktop or server) will require a management license.  You can purchase management licenses to include DPM support or not.  This means you can backup your servers, maybe a few PC’s and choose to use the cheaper management licenses for the rest of the PC’s.

Intune

Will talks about this.  Dublin/Ireland will be included in phase II of the beta.  It provides malware protection and asset assessment from the cloud.  It will be used in the smaller organizations that are too small for SCE 2010. 

That was the end of the event.  It was an enjoyable day and a good taster of what happened at MMS.