New release: VMware Management Pack V1.3.5.0

New release: VMware Management Pack V1.3.5.0

We have released a new update of the VMware Management Pack for System Center Operations Manager.

If you’ve already purchased the VMware Management Pack and have a valid support contract, you can log in to the customer download area and download this version.

VMware version 1.3.5.0 updates

For the new VMware management pack update, we’ve added discovery and monitoring snapshots of the VirtualMachine. For example, we’ve added a monitor to generate alerts when a VirtualMachine snapshot age has hit a threshold. From now on it’s also possible to collect and monitor extra metrics on the data stores, networks, disks and VirtualMachines.

Furthermore, the VMware  v1.3.5.0 update has the following key additions:

•    Extra datastore and VirtualMachine dashboards
•    It only generates alerts when the monitor consecutive samples are over the threshold.

For more additions, changes and fixes please refer to release notes.

Team OpsLogix

Relevant article(s)

Use OMS LogAnalytics with the OpsLogix VMware Management Pack for extended monitoring

System Center 2016 & Beyond Part 2: Microsoft OMS

System Center 2016 & Beyond Part 2: Microsoft OMS

In this second blog post, I’ll be talking about the monitoring possibilities with Microsoft OMS.

If you missed my first blog post ‘System Center 2016 Operations Manager and Beyond Part 1’, then click here to read it.

Disclaimer: Cloud solutions are always on the move so the details in this blog post are of high level. Updates and features occur regularly, so something which isn’t available today might very well be in preview tomorrow.Smile  This is completely different from on-premise solutions where you need to wait until the next wave of updates, just like System Center Operations Manager 2016, which brought you all the new goodies or baddies. Winking smile

Microsoft OMS is Microsoft’s Operations Management Suite, which means that it does allot more than just monitoring. It’s a management solution for your hybrid cloud solutions, where it manages private and public cloud solutions. At the same time, it’s extending your current solutions. It extends, so it doesn’t replace! This is very important.

“No, it extends your current environments. The structure and mechanism of Microsoft OMS  is totally different compared to SCOM.”

Microsoft OMS is a cloud solution. It’s basically a ‘management as-a-service’, where you have all the benefits of a cloud solution, only without an infrastructure, where the latest version, updates, and features are added as time goes by with no interruption.

giphy

How does Microsoft OMS work?

Before you start, you can add servers to Microsoft OMS by using two different approaches:

  • Direct approach:
    Install the Microsoft OMS agent, this agent communicates directly with the OMS platform, so no other requirements are needed. There is also no correlation with SCOM.
  • SCOM connected approach:
    Connect your SCOM management group to Microsoft OMS, this way the information will be gathered by SCOM and sent to the OMS platform.

The main difference between these two approaches is whether you send the data through SCOM to Microsoft OMS or directly to OMS:

  • The OMS agent connects to HTTPS, so this can be a reason to choose the SCOM connected approach when your servers cannot access the Internet directly.
  • High data volume will require directly connected agents into Microsoft OMS, such as security events or wired data.
  • Another option might be user role-based access. SCOM enables detailed role-based access, meaning that you can scope specific data sets.

There are several areas which make up Microsoft OMS, I will describe each area and their purpose.

What does Microsoft OMS monitor?

  • Log Analytics (event logs and events)

The first area is Log Analytics where it collects information from your servers and event logs. With the collected data you can run an analysis across the gathered information to track trends, errors and other information. You can extend this by collecting custom data sources like IIS Logs and syslogs for your non-Microsoft solutions or logs. Currently, you can also create alerts based on the collected data. OpsLogix has created great Microsoft OMS Log Analytics Solutions to monitor your Oracle & VMware environment.

  • Performance Data Collection

This area is focused on collecting performance data from Windows performance counters. It collects predefined counters and sends them to Microsoft OMS for further inspection or analysis. This will deliver a solution to predict trends from your collected performance data. You can generate alerts based on the data gathered. For example, you can send an alert when the performance reaches x.

  • Security and Audit logs

Security and audit logs collection will collect your security logs. You can compare this to Audit Collection Services (ACS) in SCOM. It collects security events and uses analysis to investigate your data. One of the reasons why ACS has always been a #$%@! to maintain is because of the amount of data it collects. You need one hell of a DB for all the collected data. The cool part about cloud solutions is that this part is covered by Microsoft, so you only need to worry about how you present your data!

Another thing to note is that the OMS solution provides you with allot of data traffic. Sending this data to SCOM first would kill your environment and therefore every Microsoft OMS connected server will always send the information directly to OMS!

“Although Microsoft now takes care of your data, you need to be aware that your OMS bill will be affected by the amount of data. However, this is only a fraction of the costs you make when you’re setting up and maintaining ACS onsite.”

  • Wired Data

With wired data, you can collect network data and send this to OMS for further analysis. This solution will let you discover patterns in the network communications for further analysis. Again this solution provides you with allot of data traffic and therefore agents using the wired data solution will communicate directly to Microsoft OMS. This solution cannot replace any detailed network traffic analysis tool, but it will provide you with insight on network communications and what processes communicate over the “wire”.

“Although Microsoft now takes care of your data, you need to be aware that your Microsoft OMS bill will be affected by the amount of data. However, again, this is only a fraction of the costs you make when you’re setting up and maintaining ACS onsite.”

  • Solutions

This is it you might ask? Well no! But this is a small overview of the data collected by OMS. Microsoft OMS uses “solutions” that you can compare to SCOM Management Packs. A solution provides pre-configured dashboards and data queries to analyze data. These solutions are created by Microsoft to analyze certain components. The solutions are closely connected to data delivered and maintained by Microsoft, just like premier support data on common issues or security and malware data, collected by security teams. This data is completely integrated into these solutions and provides you an easy (almost one-click) access to tons of valuable information.

Below you can see a subset of currently active OMS solutions:
image Legenda:
Available – solutions which you can use currently.
Coming – solutions which are still in private preview.
Preview – solutions which are currently in public preview.
Owned – solutions which are already installed.

There are allot of types of solutions, however, please note that I only explained four types of these solutions, in ‘How does Microsoft OMS work?’

Why? Might you ask? Well like I said before, SCOM is NOT Microsoft OMS and even though this is true, I need to correlate the two, to give my personal view on the future. On top of that, there are several Microsoft OMS solutions which are on OMS, which require extra components. It’s hard to see when looking at the solutions page, but one would need to divide the solutions and note the prerequisites in a list…hmm wait:

Available solutions  (both on premise as in Public Cloud)

  • AD Assessment: this is the Active Directory Assessment solution where it assesses your AD for common configuration, security and health issues and it will present you with options on how to resolve these issues. For this, you only need Microsoft OMS agents on your Domain Controllers.
  • Alert Management of your OMS and SCOM alerts: you can create alerts based on performance or error logs. The notifications can be sent to an email address. You’ll optionally need a SCOM or Microsoft OMS agent.
  • Anti-Malware Assessment: this solution uses Microsoft’s Anti-Malware tools to analyze your system. For this, you need a Microsoft OMS agent & Microsoft Anti-Malware tooling.
  • Change Tracking: track and analyze configuration changes on your servers. For this, only a Microsoft OMS Agent is required.
  • Security and Audit: this is the ACS Solution from Microsoft OMS. Only an OMS agent required.
  • SQL Assessment: this solution gathers information from your SQL Servers and informs you regarding common configuration, security and health issues and it will present you with options on how to resolve these issues. For this, again only a Microsoft OMS agent is required.
  • System Update Assessment: this solution assesses your server and gives you an overview of the current update status. For this again, only a Microsoft OMS agent is required.

Preview solutions

  • Network Performance Monitor: this solution provides you the ability to monitor and collect network performance data. Only a Microsoft OMS agent required.

Coming soon solutions

  • Wired Data: this solution provides you with data for analyzing network traffic. Only an OMS agent is required.
  • Containers: this solution will provide you with information regarding the performance of your containers setup in both private as well as the public cloud. A Microsoft OMS, optionally an Azure subscription is required.

Azure Based Solutions (public Cloud)

  • Azure Automation: this solution hooks into Azure Automation and shows you the status of Azure Automation. Management and configuration of Azure Automation require an Azure portal. This only provides you with the status overview. An Azure subscription of Azure Automation is required.
  • Azure Site Recovery: this solution hooks into Azure Site recovery and shows you the status of Azure Site recovery. The Management and configuration of ASR require an Azure portal, this also only provides you with the status overview. An Azure subscription with ASR is required.
  • Backup: this solution hooks into Azure Backup and shows you the status of Azure Backup. Management and configuration of Azure Backup require an Azure portal, this, again provides you only with the status overview. An Azure Subscription with Azure Backup is required.

Preview

  • Azure Networking analytics: this solution provides you with information regarding your Application Gateway server logs and Network security groups in Azure. An Azure subscription is required.
  • Key Vault: the key vault hooks into Azure for your Key vault logs. An Azure subscription is required.
  • Office 365: this solution hooks into Office 365 where it provides you all the Office 365 related data, for example, your user activities. An Office 365 subscription is required.

Coming Soon

  • Service Fabric: this solution will provide you with insight into your service fabric cluster running on Azure. An Azure subscription is required.

Other solution

  • Upgrade Analytics: this solution will provide you with information regarding your upgrade strategy. This component requires Microsoft telematics to be activated in Microsoft OMS.

Please note that solutions in preview do not comply with the SLA levels of generally available solutions! More on Microsoft OMS Solutions.

Monitoring examples with Microsoft OMS

There are several blogs that provide examples of how you can leverage Microsoft OMS to monitor components.

  • Oracle and Microsoft OMS

The first example is from the guys at OpsLogix. I know they have been playing with Microsoft OMS ever since it was called “Atlanta” and they have in-depth knowledge of the workings and customization of Microsoft OMS. They’ve provided a management pack which extends your OpsLogix Oracle management pack into Microsoft OMS!

image

  • VMWare with log analytics

This blog shows you how to connect Microsoft OMS to your Vcenter server and collect the VMWare logs into Microsoft OMS.

image

And again OpsLogix provides an even more sophisticated option.

image

  • Custom Performance Data in Microsoft OMS

Tao Yang explains how you can leverage Microsoft OMS to collect your nondefault data into Microsoft OMS by using custom management packs in SCOM:

image

Recap

In this blog I’ve tried to capture the capabilities of Microsoft OMS and to be honest, there is a ton of stuff which you can use in Microsoft OMS and just give it a try. Microsoft OMS is a suite of components for managing your hybrid solutions and provides you a “Single Pane” for several management solutions, both on-premise as well as public. It’s safe to say that if it is logged on a server, Microsoft OMS can pick up the logs and lets you use its analytics services to analyze the data. Microsoft OMS uses metadata and analysis to work with the data collected.

The data collection is almost real time, and when it come to large amounts of data, Microsoft OMS is a perfect solution. Microsoft OMS is a cloud solution, so changes and features are added at a rapid speed which is extending the platform while I’m writing this blog! For more advanced stuff it is wise to dive into analytics, in general, to query your data in a smart way, although Microsoft OMS provides the default ones for you. Microsoft OMS is an extension of your System Center solution, not a replacement!

If you are serious and want to know more please read this excellent white paper by my MVP buddies (Stanislav Zhelyazkov, Tao Yang, Pete Zerger and Anders Bengtsson).

Are you wondering how the future of SCOM and Microsoft OMS will look like? And why Microsoft OMS will not be the replacement of SCOM? In the third and final blog of this series, I will give you my personal insights on this and explain how it all ties together. So stay on the lookout and we’ll keep you posted!

Cheers,

Oskar Landman

Looking back at Microsoft Ignite, SCOM 2016 & OMS

Looking back at Microsoft Ignite, SCOM 2016 & OMS

It was a special time for us at OpsLogix and we were eager to learn more about what Microsoft had in store for SCOM 2016 & OMS.

 

Awesome OpsLogix

First of all, it was an awesome week in Atlanta! So we’d like to thank Microsoft and everyone who visited our booth and assisted us during Ignite 2016. We all learned about Microsoft’s latest and greatest tools for empowering IT driven digital innovation.  At OpsLogix we’ve always believed in the positive advancement of digital technology as we embrace the ever-changing digital industry! These are our top 3 takeaways from our experience in Atlanta.

1. Artificial Intelligence & EZalert

You could not have possibly missed it. Artificial Intelligence was a hot topic during Microsoft Ignite. From our side, this is a very exciting development since we already were working on an AI solution for SCOM monitoring. For this reason, we were very excited to launch our SCOM alert closing solution called EZalert during Microsoft Ignite.

Ask any consultant what the number 1 problem is for the success of new SCOM deployments, and the answer will most likely be: the number of false positive Alerts in the “Active Alerts” view of the Operations Console.

We took on the challenge to deliver a solution for this problem and at the same time make the lives of SCOM administrators easier.

EZalert is our software solution based on sophisticated machine learning algorithms that can be trained to classify alerts and filter out potential alert storms caused by false positives. This keeps the Active Alerts view of the Operations Manager console free of irrelevant alerts.  The machine learning component allows EZalert to learn from the SCOM administrator and mimic his or her behavior when automatically closing irrelevant alerts. EZalert is also fully compatible with SCOM 2016. Click here to see how to use EZalert.
How to use EZalert

(more…)