Manage your operating environment

Microsoft is getting serious about the way you manage its OSs and applications. The latest product that the company has added to its management lineup—Microsoft Operations Manager (MOM) 2000—complements two other Microsoft management packages: Systems Management Server (SMS) 2.0 and Application Center 2000. Whereas SMS helps you with change and configuration management and Application Center assists with deployment and management of Web- and component-based applications built on Windows 2000, MOM's job is to simplify your day-to-day management of servers and applications.

To provide meaningful reporting and trend analysis, MOM offers centralized monitoring capabilities and intelligently analyzes and distills data from monitored systems. MOM also lets you configure rules so that the system can recognize symptoms and automatically resolve problems. I installed MOM in the Lab and looked for ways in which the product might help us manage some of our systems.

Meet MOM
MOM's architecture comprises four primary components: a Microsoft SQL Server database, a Data Access Server (DAS), a Consolidator, and agents. The SQL Server database stores event information, rules logic, prescriptive advice, and links to Microsoft's Knowledge Base or your company's knowledge base. MOM services use the DAS to access the database. The Consolidator handles all communications with MOM-managed computers and updates the database through the DAS. The Consolidator also contains an Agent Manager, which deploys and updates agents on each managed Windows computer. The agents are the primary mechanism for collecting and analyzing information and executing MOM commands.

An installation that consists of one database, one or more DASs, one or more Consolidators and Agent Managers, and any number of agents is called a Configuration Group. You can use multiple Configuration Groups to organize groups of computers according to geography, organization, or bandwidth.

MOM uses Management Packs to intelligently assess management data and suggest or perform corrective measures. The documentation describes a Management Pack as a collection of modules, which are sets of knowledge (i.e., an understanding of the meaning and importance of events), predefined rules (which define how the system reacts to specific circumstances), alerts, and actions specific to a service or application. According to Microsoft representatives, however, the term Management Pack applies to not only the collection of modules but also the individual modules. Whatever the terminology, Management Packs and modules interpret and correlate events to find the root of a problem and—if necessary—take appropriate action.

The standard MOM 2000 release includes a Management Pack for managing a Win2K network environment. (Table 1 lists the modules that this Management Pack contains.) The Management Pack contains more than 5000 rules for managing a wide array of integral Windows products and services. Expect Microsoft and third-party vendors to produce additional Management Packs that address management of enterprise applications.

On any system from which you want to administer or report on MOM, you can choose among three UIs, depending on the task you want to perform. (The system must meet the minimum requirements for the type of interface you want to install.) The MOM Administrator Console, which Figure 1 shows, is the central monitoring and configuration point; the Web Console provides remote-monitoring capabilities and easy access for roaming administrators; and the MOM Reporting interface utilizes Microsoft Access 2000 to generate reports.

Installation and Configuration
The Installation Assistant guided me through MOM's preinstallation tasks. A Verify Prerequisites dialog box let me check my system for all required components before I chose the Setup option. The Setup Prerequisites window prompted me to install a few Microsoft Office 2000 components and make some minor changes to my system before installing MOM. Then, I chose the Typical installation option (which installs all the components on one computer) and provided accounts for the DAS, Consolidator, and Agent Manager to use. The computer that hosts these components is called the central computer.

I accepted the default changes to the local security groups, which would provide varying levels of access to MOM. I also accepted the default installation of all Management Pack modules. The setup process took about 10 minutes to install files and create necessary database entries.

Post-Installation Tasks
After I installed MOM, I used the Installation Assistant to perform the post-installation tasks of installing agents, configuring notification, and configuring Management Pack modules and reports. First, I familiarized myself with the MOM Administrator Console—a Microsoft Management Console (MMC)-based interface that contains Monitor, Rules, and Configuration snap-ins.

Systems that MOM manages must have a management agent installed. To install agents on the computers I wanted to manage, I opened the Agent Manager Properties dialog box and modified the Managed Computer Rules. You enter the NetBIOS names (which can include wildcards) of computers that you want to include. However, IP addresses and Fully Qualified Domain Names (FQDNs) aren't acceptable entries in the Computer name field. After I specified the rules for my environment, the system installed agents on the appropriate computers and they began to communicate with MOM.

You configure notification in three different areas in MOM. First, under the Configuration snap-in's Global Settings object, you specify a Microsoft Exchange Server account to use for sending email notifications. Second, under the Rules snap-in, you configure Notification Groups, which let you logically group operators and determine which operators to contact by email, pager, or external command for a given alert type.

Finally, the Rules snap-in's Processing Rule Groups option organizes the processing rules within Management Pack modules and lets you customize the rules to suit your environment. Microsoft's Knowledge Base and the Management Pack Module Configuration Guide contain information about modifying the rules. For the time being, I chose to leave the processing rules at their default configurations.

Getting Down to Business
After I finished installing and configuring MOM, I was ready to check out some of the product's capabilities. To get a glimpse of the status of my managed environment, I selected Microsoft Operations Manager from the MOM Administrator Console tree. The resulting view—the Microsoft Operations Manager 2000 Today console, which Figure 2 shows—provides summary management information and links that let you drill deeper into specific areas. You can also use the Monitor snap-in to drill down through the product's default views, and you can create custom views that present alerts, events, performance data, and computer-specific information the way you want. You can place a custom view in the My Views folder to restrict access to the administrator who created it, or you can place it in the Public Views folder to permit access to any MOM user.

I browsed through the various views and noted that, because I'd set up multiple Win2K domains and hadn't monitored or resolved any events, my servers had generated enough alerts to test MOM thoroughly. I also examined the performance data that MOM collected; I could use this data to display trending information and gain insight into performance problems (e.g., bottlenecks). For a given event or alert, MOM lets you assign a Resolution State, view Microsoft Knowledge Base information, and add information to the company knowledge base. These capabilities represent a key MOM feature that increases the efficiency of operation management.

Another key feature is MOM's duplicate-alert-suppression provision, which combines multiple identical events into one alert that contains information about the number and duration of the suppressed alerts. I applied some quick fixes to minor licensing and time-synchronization problems, then changed the Resolution State for those alerts to Resolved.

Tailoring MOM to Your Environment
MOM's predefined alerts provide a robust management scheme for a typical Windows network environment; however, for more enterprise-specific management capabilities, you can use processing rules to define custom alerts and automate event response. Processing rules define what data MOM collects, which alerts it generates, and which responses it uses for identified conditions. MOM gives you three types of alert-processing rules—event rules, missing-event rules, and threshold rules. Event rules generate an alert when a specific event occurs. Missing-event rules generate an alert when an expected event doesn't occur. Threshold rules generate an alert when a performance counter or Windows Management Instrumentation (WMI) value falls outside a user-defined range.

Within the Rules snap-in's Processing Rule Groups object, you'll find three containers: Event Processing Rules, Alert Processing Rules, and Performance Processing Rules. To modify existing processing rules or create new ones, you can select an appropriate container, then select New from the Action menu. I used this method to create a simple rule and modify some existing rules, but a simpler mechanism is also available. From the Monitor snap-in, you can select an event, then create or modify a rule based on that event. When you use this method, MOM inserts the selected event's contextual information (e.g., the event ID and provider) in the appropriate fields when you specify the rule's properties. Another advantage to this approach is that you don't need to drill through the Processing Rule Groups hierarchy to find the rule you want to modify.

Other features that can help you tailor MOM to your needs include alert customization, custom tasks, and multiple methods for customizing the Monitor. Beyond the myriad options that processing rules provide, you can further customize alerts by adding custom fields, Resolution States, and enterprise-specific alert knowledge to the company knowledge base. To modify custom alert fields and Resolution States, you select the Configuration snap-in's Global Settings object. On the Knowledge Base tab of any Alert Properties sheet, you can add company-specific knowledge about an alert so that you can quickly resolve a problem if it recurs.

To create a custom task (e.g., launch a script or executable file) for any alert, event, attribute value, or computer item displayed in the Monitor view, you select Monitor and choose Action, New, Custom Task. Then, you specify who can execute the task, which type of object the task applies to, and what command to attach to the task. After you create custom tasks, you can select an item in the Monitor and choose a task from the Action menu's Custom Tasks item.

To make a subset of MOM's functionality available to a group of administrators, you can customize the MOM user groups (which you created during installation) to restrict access to the Monitor, Rules, and Configuration snap-ins. Additionally, because the MOM Administrator Console is an MMC snap-in, you can create custom consoles that contain only the objects needed to perform specific delegated tasks, then save the custom consoles and distribute them to appropriate administrators.

Reporting
An attractive benefit of a central repository for all of your event and performance data is the ability to create insightful reports. Access 2000 provides MOM's reporting capabilities. MOM includes a runtime version of Access 2000, but to customize existing reports or create new reports, you'll need a full version of Access 2000 (or later).

I opened MOM Reporting from the Start menu, and MOM presented me with an Access program that displayed a selection of available reports. This intuitive program let me create some useful reports in minutes, view them, then publish them to the Web Console with a few mouse clicks. Figure 3 shows a Web Console Reports window that displays one of the reports that I published.

MOM Reporting also features a command-line interface to facilitate batch reporting. You can use Win2K's Task Scheduler to schedule reports to run at off-peak times and deliver the reports you need when you need them. You can publish reports to the MOM Administrator Console, or you can publish HTML-format reports directly to the Web Console or another location that you use a Web browser to access.

Base Your Decision on Your Needs
MOM's relatively simple implementation and easy-to-use interface belie the product's powerful capabilities and scalability. The MOM feature that most impressed me was the amount of knowledge jammed into the Management Pack. Also, Microsoft promises add-on Management Packs for BackOffice and .NET Enterprise Server management. The ability to focus MOM on the information that's important to you and tune out the rest also has tremendous value to overburdened administrators.

MOM is very forward-looking—in fact, the included Management Pack isn't much help if you're managing a Windows NT 4.0 environment. If you work for a smaller organization or if you aren't concerned about proactive systems management and monitoring, MOM might not benefit you. MOM requires a certain investment in time and money, and a continued commitment is necessary to keep MOM in tune with your environment. If you can't dedicate the necessary resources, you probably won't see a significant return on your investment.

Microsoft Operations Manager 2000
Contact: Microsoft * 800-426-9400
Web: http://www.microsoft.com/mom
Price: $849 for the Base Processor License; $949 for the Application Management Pack Processor License
Decision Summary:
Pros: MOM is scalable and highly customizable; Management Packs help you diagnose and solve problems quickly
Cons: Requires significant planning, implementation, and ongoing configuration; doesn't provide much help for Windows NT 4.0 administrators