Operations Manager Management Pack Authoring

I loved Microsoft Operations Manager 2005.  With a little bit of time and work, it was possible to get in deep and really understand how everything worked, especially the monitoring.  Everything was so logical.  Like another product I worked on years ago, Novadigm EDM, it was possible to find the starting point and logically diagram everything from discovery through to monitoring and then alerting.  Using that knowledge you could use the Administration console to author your own management packs quite easily, from windows log monitoring and text file monitoring right up to SNMP monitoring.  I could bring someone through MOM 2005 from A-Z in two days.

OpsMgr 2007 changed things drastically.  It’s a much more complicated beastie.  Getting it up and running is still relatively easy.  After that I recommend doing some reading before going any further.  I liked Sams “System Center Operations Manager 2007 Unleashed” because it was a very real book with real world recommendations based on best practice from MS.  After that, customising existing management packs is a doddle.

But creating your own management packs from scratch is really hard compared to OpsMgr 2007.  Management Packs becamse musch more complicated to add more power and flexibility, as well as some “intelligence”.  There’s loads of MS blog posts on how to create a management pack but they cannot be used in the real world, e.g. create a monitor for all machines to look for alert XYZ from an application that you may only have on 1 or 22 boxes.  MS released a management pack authoring console but it was undocumented as far as I could see.  I remember talking to a PSS engineer about it and he had heard the same thing from other customers.

But that has started to change!!!  I just read a blog post from MS that led me to here.  There are some basic guides (with screen shots) on how to do stuff like discovery (something I’ve struggled with to be honest), monitors, rules, etc.  I hope this is a sign of things to come because authoring was the only thing I was not entirely happy with in OpsMgr 2007.  Doing some documentation like this is a fantastic step in the right direction.

Windows Server Cluster Management Pack for Operations Manager 2007

Microsoft has updated the OpsMgr 2007 management pack for failover cluster management on Windows 2003 and Windows 2008:

“Some of the conditions monitored by this management pack are as follows:

  • Configuration or hardware issues that interfere with starting the Cluster service
  • Connectivity problems that affect communication between cluster nodes or between a node and a domain controller
  • Active Directory Domain Services (AD DS) settings that affect the cluster; for example, permissions needed by the computer account that is used by the cluster
  • Configuration issues with the network infrastructure needed by the cluster; for example, issues with Domain Name System (DNS)
  • Issues with the availability of a cluster resource, such as a clustered file share
  • Issues with the cluster storage”

I’d suggest that you download, test and then deploy (after satisfactory testing) this ASAP if you’re running Hyper-V clusters that are managed by OpsMgr 2007.  I will be doing just that.

Do You Remember BOFH?

Back in the day when I was an administrator with server and desktop responsibilities, I could be a very mean administrator.  Sometimes, if it was a rare boring Friday afternoon and someone in the department had asked me too many quick questions, I might start killing processes on their PC, a favourite was nlnotes.exe … mainly cos they expected that to crash anyway and it was really annoying when it would disappear half way through writing an email.

I just posted about the new management pack template in OpsMgr 2007 R2.  I think I know how to take advantage of it.  With a little customisation, you could create a target group containing one PC … say the one of a person who’s asked you too many quick questions that week.  Set up process monitoring with a twist by customising it to auto kill the process … say Outlook.exe or nlnotes.exe.  This would really put “Operator” into the O of BOFH.

I do not recommend actually doing this.  But it shows the power of this stuff if placed in the right hands; obviously not mine 🙂

Installed OpsMgr 2007 R2 Beta 1

I just installed System Center Operations Manager 2007 R2 for the first time.  As usual, the longest part of the process was getting all the pre-requisites in place.  Installing OpsMgr 2007 R2 was a breeze.  For a laugh, I went with Windows Server 2008 and SQL 2008 Standard in a Hyper-V VM.  New things I’ve noticed:

  • Prompted at the end of the install to back up the encryption key used (a) to protect RunAs account passwords and (b) can be use to promote management servers to a root management server (RMS).
  • Linux/UNIX management is possible with Cross Platform Extensions.  MS originally wanted to add this to OpsMgr 2007 but a rewrite was required for RunAs accounts.  I’m also setting up a SUSE Enterprise 10 SP2 VM for monitoring – the reason for the whole project to begin with.
  • There are 3 new management pack templates: Process Monitoring (monitor a process when it is running or alert if it is running at all – BRILLIANT!  Imagine how useful this could be for known rampant malware?), UNIX/Linux Logfile and UNIX/Linux Service.
  • Service Level Tracking is built in – as opposed to being a download for OpsMgr 2007.
  • The notifications wizards are improved.  Outlook’s rules wizard looks like it was an inspiration.  It still could do with an exemptions option, e.g. "all sub groups in this group except this group”.

The GUI has remained the same as would be expected with an R2 release.


The BEST bit of Windows Server 2008 R2 has to be the new management pack import tool.  It downloads meta data from the online catalog and allows you to directly import the latest management packs from Microsoft.  Alternatively, you can import them from disk, e.g. 3rd party management packs.  Note that the *NIX management packs are on disk, probably because they are still beta.