Exciting new features let you manage your UNIX and Linux systems alongside your Windows systems
Many enterprises today run a mix of Windows servers and desktops alongside UNIX and Linux systems, with different strategies for managing them. In most cases, the Windows systems are placed into forests and are centrally managed, but the UNIX and Linux systems might or might not be centrally managed. Rarely are Windows systems managed alongside UNIX and Linux systems. For enterprises that do want to manage Windows systems alongside UNIX and Linux systems, there have always been third-party solutions available, but these are often complicated to install and unwieldy to use. These third-party solutions can also be costly and require significant investment in training and staffing to use successfully.
Microsoft has recognized the need to manage UNIX and Linux systems alongside Windows systems, and has over the years provided a means to integrate the systems to provide centralized authentication, authorization, and auditing. With the release of System Center Operations Manager (SCOM) 2007 R2, Microsoft provides support for managing select UNIX and Linux systems through SCOM, as well as extending Audit Collection Services (ACS) to integrate UNIX and Linux event collection, processing, and storage with that for Windows systems. In this article, I describe how to configure and use these exciting new features to manage your UNIX and Linux systems alongside your Windows systems.
The ability to manage Windows, UNIX, and Linux systems together requires that you have SCOM 2007 R2 deployed in your organization. To integrate event log collection from your Windows systems with your UNIX and Linux systems, you'll also need to install ACS. In addition, only a subset of common UNIX and Linux systems are supported. The supported UNIX and Linux systems are AIX 5.3 and 6.1 (Power PC), HP-UX 11iv2 and 11iv3 (PA-RISC and IA64), Red Hat Enterprise Server 4 and 5 (x86 and x64), Solaris 8 and 9 (SPARC) and 10 (SPARC and x86 later than 120012-14), and SUSE Linux Enterprise Server 9 (x86), 10 SP1 and 11 (both x86 and x64). You'll also find that derivatives of enterprise versions of Linux—such as OpenSUSE—will work, but these are unsupported.
You'll need to install support for Web Services Management (WS-Man) 1.1 on the Windows servers that host your SCOM servers (which will manage the UNIX and Linux clients). On Windows Server 2008 R2, this is a feature called WinRM IIS Extension that you can add. You'll need to install IIS, too.
I recommend that you install the latest cumulative update for SCOM 2007 R2. You can find the latest update available at the Microsoft Download Center by searching for the keywords “SCOM cumulative update.” The cumulative updates address issues with the use of Server 2008 R2 and SQL Server 2008, and contain fixes that address many other problems. You'll need to apply the latest update to your SCOM 2007 R2 Root Management Server(s), any SCOM Gateway servers you might have, as well as every other SCOM server and all ACS Collectors. You'll also need to follow instructions for how to update the SQL Server databases that SCOM and ACS use.
You'll need to install the latest cumulative update for cross-platform support in SCOM 2007 R2. You can also find this update at the Microsoft Download Center by searching for the keywords “cross platform.” Unlike the cumulative update for SCOM 2007 R2 itself, there are separate downloads for a SCOM server and a SCOM Gateway server. You'll need to download the appropriate cross-platform cumulative updates and install them, beginning with your SCOM 2007 R2 Root RMS Server(s), then your Gateway Servers, and then every other SCOM server. Read the release notes carefully before applying the cross-platform cumulative update.
Finally, make sure you download the latest cross-platform management pack(s). Currently, there's an installer MSI file and five supporting documents for AIX, HP, RedHat, SUSE, and Solaris flavors of UNIX and Linux available at the Microsoft Download Center. (Use the search keywords “cross platform.”) Review the documents appropriate for the flavors of UNIX and Linux you intend to manage. The actual management packs are contained in the installer file. Double-click the installer file so that the management packs are extracted and written, by default, to a folder called SCOMCrossPlatformCU2MP, under C:\Program Files\System Center Management Packs. On 64-bit installations of Windows Server, the Program Files (x86) folder is used instead.
SCOM 2007 R2 uses accounts to monitor and manage UNIX and Linux systems in much the same way as it does Windows systems. SCOM 2007 R2 uses two accounts with UNIX and Linux systems. The first is called a UNIX Action Account and is supposed to be a low-privileged account. The second is called the UNIX Privileged Account and—as the name suggests—is supposed to be a superuser (or root) account. The majority of UNIX and Linux flavors recognize only two types of users: superusers and ordinary users. Superusers are identified with a user identifier (UID) of 0, such as the user root, whereas ordinary users are identified with UID of any value other than 0. When you're initially configuring SCOM 2007 R2 Action and Privileged accounts, I recommend that you use only superuser accounts for the UNIX Action and Privileged accounts. Once you have SCOM 2007 R2 successfully managing UNIX and Linux systems, you can adjust the credentials associated with the UNIX Action Account.
The next step is to associate the credentials you just created with the UNIX Action and Privileged accounts.
Remember that with this configuration, you're using a superuser account for both the UNIX Action and Privileged Accounts. Once you've verified that you can discover and manage your UNIX and Linux systems, you should change the configuration and use a non-privileged account for the UNIX Action Account, if possible.
For SCOM 2007 R2 to manage UNIX and Linux systems, they must first be discovered and management agents must be deployed. SCOM 2007 R2 includes a Computer and Device Management Wizard, which you can use to try and discover UNIX and Linux systems.
For the systems you selected, the Computer and Device Management Wizard will deploy and install the cross-platform agent for the architecture and install an X.509v3 certificate that the cross-platform agent will use to identify the managed UNIX or Linux system and to secure communications with the SCOM 2007 R2 infrastructure. Occasionally, a problem can occur with the certificate creation and installation, typically because of a mismatch in the system’s hostname and its DNS name. If a problem with the certificate is reported, you can follow the guidance in the Microsoft article "The Certificate Name Does Not Match the Hostname" (go.microsoft.com/fwlink/?LinkId=148011) to fix the problem, and rerun the Computer and Device Management Wizard using the process described above for the affected systems.
If you can't use the Computer and Device Management Wizard to install agents to your UNIX and Linux systems, you can manually install them. You'll find the agents for each supported platform in the folder C:\Program Files\System Center Operations Manager 2007\AgentManagement\UnixAgents. Copy these agents to an FTP server or website so that you can download them to your UNIX and Linux systems. You can also add these to baseline images if you use them in your organization. If you applied the latest cumulative update for cross-platform support, you'll find that there are different versions of the agents in this folder. You should always use the latest agents. For information about how to install the agents for each supported platform, see the Microsoft article "Manually Installing Cross Platform Agents" (technet.microsoft.com/en-us/library/dd789016.aspx).
Once you've manually installed the agents onto your UNIX and Linux systems, you'll need to rerun the Computer and Device Management Wizard using the process I described. The wizard will find the systems with agents manually installed and ask whether you want to issue new X.509v3 certificates to them. Select the systems you want to install certificates to, and click Sign. Once the certificate(s) have been issued, the Computer and Device Management Wizard continues, and you need to select the system(s) you want to add to the pool of managed UNIX and Linux servers in SCOM 2007 R2—in a process similar to the automatic discovery of UNIX and Linux servers.
With agents installed, you can begin to monitor your UNIX and Linux systems from the SCOM 2007 R2 Operations Console. Simply select the Monitoring view, then click the UNIX/Linux Servers State View node, as you see in Figure 4. When you select a system in the UNIX/Linux Servers pane with a cross-platform agent installed, you'll see a summary of the information SCOM 2007 R2 has about the system listed in the Detail View. You can also use the Health Explorer to analyze the system and core processes, such as cron, SSH, and Syslog. The information available in the Health Explorer varies depending on the target system. You can also put a system with the cross-platform agent installed into Maintenance Mode, much like a regular Windows Server. And in the State View, with the cross-platform agent installed, you can also run Tasks. There are three Tasks available: Memory Information, Run VMStat, and Top 10 CPU Processes.
Also in the Monitoring view, you can diagram and view other information about your UNIX and Linux servers, and you can configure performance monitoring. Expand the UNIX/Linux Servers folder, expand the OS folder beneath, and select the appropriate nodes. The nodes available and the data returned will vary by OS type and is dependent on support in the cross-platform agent and appropriate management packs installed, as you can see in Figure 5.
As more cumulative updates are released for cross-platform support, or as third-party management packs are released, the ability of SCOM 2007 R2 to manage UNIX and Linux systems will increase. However, if you download new agents or management packs, you'll need to rerun the Computer and Device Management Wizard to deploy these updates, or to sign certificates for agents you manually deploy.
To configure ACS for cross-platform support, you'll need to perform several steps on both your SCOM infrastructure and your UNIX and Linux servers. You can turn on cross-platform support for ACS only if you already have ACS installed and configured—including ACS Reports.
You need to download the latest ACS cross-platform support software by visiting the Microsoft Download Center and searching for “ACS cross platform.” You'll need to download both the Cross Platform Audit Collection Services software, which consists of 32-bit and 64-bit installers and supporting documentation, and the Cross Platform Audit Collection Services Management Packs.
You need a server that will act as a collector of audit events from your UNIX and Linux systems, and forward them to ACS. This server must be configured as an ACS Collector. You might want to consider creating dedicated SCOM Management Servers for your UNIX and Linux hosts, and make them ACS Collectors, too. On this server, you'll need to install the Cross Platform Audit Collection Services MSI file that you downloaded. Double-click the MSI in Windows Explorer to begin installation, and accept the license agreement.
\ ” “http:// /ReportServer\\[$ \\]” “C:\Program Files\System Center Operations Manager Cross Platform ACS”
For most enterprise deployments of Linux, there's no need to configure the servers or Syslog, and security events of interest will start to flow into ACS; you can view them SQL Reporting Services on your ACS Report Server. If you have non-standard Syslog configurations and are using Rrsyslogd or Solaris or AIX, you'll need to configure Syslog to write security-related events to /var/log/messages (for Linux-based systems). For Solaris and AIX systems, you'll need to follow the guidance available in the Microsoft article "Configure Syslog and Rules for Audit Events" (technet.microsoft.com/en-us/library/ee909515.aspx).
The steps I've described to get cross-platform support up and running for SCOM 2007 R2 aren't easy, and you might find that it takes some experimentation to get everything working correctly. That's especially true for ACS. However, the return on the time invested in getting integration working will pay off as you find that you can monitor your Windows, UNIX, and Linux systems from one place.