System Center 2012 Operations Manager is Microsoft's product for monitoring servers, services, devices, and applications. It provides a central console from which you can view the status of all these components within your environment.

Related Articles:
"What’s New with System Center 2012 Service Manager SP1"
"Understanding Microsoft System Center 2012 Licensing"
"Understanding System Center 2012 Configuration Manager"
"Getting Started with System Center 2012 Orchestrator"

You can install System Center 2012 Service Pack 1 on computers running Windows Server 2008 R2 and Windows Server 2012 and use either the Standard or Datacenter editions of SQL Server 2008 R2 or the Standard or Enterprise editions of SQL Server 2012. In this article, I present an overview of the core Operations Manager concepts in System Center 2012.

Operations Manager Agent

The Operations Manager agent is responsible for gathering data from a host computer. You install the agent on a computer that you want to monitor. The agent reports to a management server. The management server then writes the information to the Operations Manager database. You configure which information the agent gathers by importing management packs and configuring monitors and rules within those packs. You can deploy the Operations Manager agent directly from the Operations Manager console or include it in a deployment image.

Although most computers that you monitor have the agent installed, it's possible to monitor services and devices that don't have the Operations Manager agent installed. This is known as agentless monitoring. For example, you can configure the agent to monitor the health of a web application based on its response to a specially crafted HTTP request or monitor whether a router is available based on its response to Internet Control Message Protocol (ICMP) traffic. You can also use agentless monitoring to indirectly monitor a computer; however, agentless monitoring uses remote procedure call (RPC), which means that it won't work in all situations because of limits to connectivity and in functionality. You also should be aware that not all management packs work when a computer is monitored in agentless mode. Additionally, agentless monitoring places greater resource requirements on the management server than does traditional agent monitoring.

Management Packs

Management packs are collections of stored wisdom about what constitutes the acceptable health and performance of specific products. Put another way, management packs tell Operations Manager what to look for and when to flag something that requires attention. For example, the Microsoft Exchange Server 2010 Management Pack contains a set of instructions that lets Operations Manager look for specific events, performance data, and configuration settings and report back when these items fall outside the parameters of what's defined as a healthy Exchange server. Management packs exist for almost all Microsoft products and a large number of third-party products, too.

Management packs include:

  • Monitors that let you watch a computer for the status of specific events, scripts, services, or performance counters.
  • Rules that specify which items should be monitored, what data should be collected, and the action that should be taken.
  • Attributes that an object can have.
  • Object Discoveries that find objects that Operations Manager can monitor.
  • Overrides that let you configure custom settings different from the default in a management pack (e.g., the severity of an alert).
  • Service-Level Tracking that lets you monitor service-level objectives for an application.
  • Tasks (e.g., restarting application pools, restarting services, or running scripts) that can be performed against managed objects.
  • Views that display specific information, including alerts, events, and performance data.

Operations Manager ships with approximately 100 management packs. You can download additional management packs through the Operations Manager console (Figure 1) from the Management Pack Catalog Web Service hosted by Microsoft. You also can obtain management packs from third-party vendors, or you can create your own.

Figure 1: Operations Manager Console Showing Management Packs

Tuning. The trick with management packs is to realize that you need to spend time tuning them. You tune management packs by overriding default alert settings (e.g., changing an existing alert severity), changing the target of the rule or monitor, or disabling the rule or monitor entirely.

Many administrators new to Operations Manager install a management pack and then feel overwhelmed by the number of alerts that it generates. This happens for a couple of reasons:

  1. The servers you are monitoring probably aren't configured according to best practices and should be brought up to an appropriate configuration standard. Until the servers are properly configured, they'll spew alerts like a fire hose.
  2. The authors of some management packs have gone overboard and configured them with alerts for things that are only mildly important as opposed to extremely critical.

Microsoft recommends you import one management pack at a time and spend time tuning it before you import additional management packs. If you don't tune management packs properly, you'll end up ignoring not only the unimportant alerts, but the critical ones as well.

Rules. Management packs have rules that specify which items and data an agent collects from a computer that it's monitoring. Rules also specify what action should be taken with that information. A rule can be as simple as creating an alert if a specific item is written to an event log, or a rule can trigger another task such as running a script.

For example, to create a rule that triggers an Operations Manager alert when event ID 12345 is written to the System event log, perform the following steps:

  1. In the Authoring workspace of the Operations Manager console, expand Management Pack Objects and click Rules.
  2. In the Tasks pane, click Create a Rule.
  3. In the Rule Type dialog box of the Create Rule Wizard (Figure 2), expand Alert Generating Rules and then expand Event Based. Click NT Event Log (Alert) and select a destination management pack.
    Figure 2: Creating a Rule
  4. In the General dialog box, provide a rule name and select the Rule target. A rule target can be any object defined in a management pack, from a security group and service to a hardware device.
  5. In the Event Log Type dialog box, click the ellipsis (...) button, click System log, and click OK.
  6. In the Build Event Expression dialog box, enter event ID value 12345 and the event source.
  7. In the Configure Alerts dialog box, choose the alert Name, Priority, and Severity, as well as the alert description text.

Microsoft offers more examples of how to create rules in System Center 2007 Operations Manager online.

Alerts

Alerts notify you when something requires your attention. Figure 3 shows the Create a unit monitor screen for configuring an alert for a monitor. Alerts have one of three priorities: Low, Medium, and High. Alerts also have three severities: Informational, Warning, and Critical. You also can set the alert severity to match the health of a monitor by selecting Match monitor's health on the severity drop-down list. Monitor health can be Healthy, Warning, or Critical.

Figure 3: Configuring an Alert for a Monitor

Monitors

Monitors let you watch a computer for the status of specific events, scripts, services, or performance counters. There are three types of monitors you can create:

  • Unit Monitor—Lets you monitor one item, such as a counter, event, script, or service.
  • Dependency Rollup Monitor—Lets you monitor the status of items based on an existing relationship (e.g., the health of Active Directory (AD) based on the health of the DNS server).
  • Aggregate Rollup Monitor—Lets you group monitors together. This is useful when a service or application is dependent on a number of components. If any of those components fail, the application or service will not function.

To create a unit monitor that monitors the status of a service such as the DNS client service, perform the following steps:

  1. In the Authoring workspace of the Operations Manager console, click Create a Monitor on the Tasks pane.
  2. Choose Unit Monitor.
  3. In the Select the type of monitor to create window in the Create a unit monitor dialog box (Figure 4), select the type of monitor you want to create and the destination management pack.
    Figure 4: Selecting a Monitor Type
  4. In the General dialog box, specify the name of the unit monitor and set the Monitor Target.
  5. In the Service Details dialog box, click the ellipses (...) button. You can select the computer that hosts the service you want to monitor, as well as select the service that you want to monitor.
  6. In the Configure Health dialog box, choose the health state for the service. By default, if the service is running, the health state is set to Healthy; and if the service is not running, the health state is set to Critical. You can configure the health state to be Critical, Warning, or Healthy.
  7. In the Alert settings dialog box, you can configure whether an alert is generated if the monitor is in a critical or warning state. If you choose to generate an alert, you can specify alert name, priority, severity, and alert description.

Network Monitoring. You also can use Operations Manager to monitor physical and virtual network devices such as routers and switches. You can monitor network device statistics related to traffic volume, utilization, dropped packet rate, and broadcast traffic at the port and interface level. Operations Manager supports SNMP v1, v2c, and v3.

Additionally, Operations Manager also supports monitoring the health of Virtual LANs and Hot Standby Router Protocol. The Network Vicinity View feature lets you view network topology information, including which computers are connected to specific network devices, and the health of those connections (e.g., monitoring the functionality of ports on a switch as well as the health of network adapters on a server).

Distributed Application Monitoring. Distributed Application Monitoring lets you monitor multi-tiered applications. For example, you might have an application that includes three servers hosting a load-balanced, web front end and two servers in a SQL Server AlwaysOn Availability Group as a back end. Distributed Application Monitoring lets you monitor this application as a whole, but also drill down and view the state of locate-specific components that comprise the distributed application.

Notifications

While information about servers, services, applications, and devices is available from the Operations Manager console, you aren't always in front of the console to see it. The Notifications feature lets you configure Operations Manager to send information through email, IM, SMS, or by running a script that triggers an alternative method of notification. The main trick with notifications is to only configure notifications for alerts to which you would respond. A rookie mistake is to configure notifications for everything. The result is that the Operations Manager administrator is flooded with medium- and low-priority information—and ends up missing the high-priority alerts.

Channels. Channel defines the method of communication used to notify someone. You can configure an SMTP, SMS, IM, or command-based channel. Most organizations use an email message to notify an administrator because almost all of them have an email-capable smartphone.

Subscribers. Subscribers are the people who receive notifications. You associate a subscriber with an AD user account, an address, and times at which the subscriber will receive notifications (Figure 5). When configuring notifications, you can specify multiple subscribers. Subscribers will be notified based on the settings in their schedule.

Figure 5: Scheduling Notifications

Subscriptions. Subscriptions let you specify which subscribers are notified through particular channels when a specific type of alert occurs. Through subscriptions, you ensure that the Exchange administrator is notified when an alert related to Exchange arises, and that the SQL administrator is notified when an alert related to the health of the organization's instances of Microsoft SQL Server occurs. Creating a subscription involves setting the

  • Conditions (Figure 6)
  • Subscribers
  • Channels

Figure 6: Setting the Conditions for Alerts

Going Further

Operations Manager has greater functionality than an introductory article—or even a book—could cover. You can configure comprehensive security roles and tasks for Operations Manager that let users with appropriate authority respond to alerts only for specific servers. You also can integrate Operations Manager with other System Center products such as Service Manager (where service tickets can be automatically populated with the contents of Operations Manager alerts) or with Orchestrator (where sophisticated runbooks can be triggered by Operations Manager alerts). Operations Manager helps you manage the massive volume of telemetry generated by your organization's servers so you can respond to important issues without getting distracted by trivial ones.