MOM 2005: Monitor Globally, Manage Locally
Microsoft Operations Manager helps your customers keep a watchful eye and steady hand over their systems.
- By Jim Thompson
- August 01, 2006
High availability, redundancy and security aren't just technology buzzwords
any more. They're essential ingredients. Your customers require 100 percent
uptime to stay in business and stay competitive. They need consistent,
stable and secure connections.
As networks grow increasingly complex with myriad business applications,
critical support servers and various security technologies, careful management
can be costly and challenging. Microsoft Operations Manager 2005 (MOM
2005 -- which will soon be re-named Systems Center Operations Manager
2007 or SCOM) helps automate those management tasks.
Microsoft made significant improvements to MOM 2005, updating the reporting
features, improving performance and streamlining the administrator and
operator consoles. Security has taken a front seat across the board in
this version. Microsoft also tasked its major product groups with creating
Management Packs and SQL report formats for MOM 2005. These Management
Packs help define the management model. MOM 2005's major functional areas
and improvements include:
- Alerting and Notification
- Management Packs
- Improved Interface
- Improved Performance
Monitoring and Management Packs
MOM 2005 can manage any size Windows network. It monitors events
on all agent-managed systems and reports back to the operator console,
the centralized consolidated view of the entire network. It can also send
alert notifications via e-mail or pager, depending on how your customers
define their rules and groups.
Processing rules are based on a set of pre-defined criteria for specific
operating system events. Once such an event (such as an application failure
or slipping below a certain performance threshold) occurs, it will trigger
an alert to the operator console or other remote notification. The rules
can be event logs, performance counters, WMI scripts or even VB or Java-based
scripts or applications.
These rules are contained within the Management Packs (MPs) -- the brains
behind MOM 2005's functionality and perhaps its most powerful aspect.
These XML-based rules define the logic that guides the systems' response
to critical errors or events within your customer's environment. The MPs
may contain as many as several thousand rules for event alerting and performance
When you consider the potential number of alerts a large enterprise
will generate, you have to be careful when deploying or recommending an
MP. Microsoft realizes this and has assembled tools like the Alert Tuning
Accelerator to provide best-practices guidance for adjusting alert settings
using the Service Monitoring and Control management function.
MPs aren't exclusive to Microsoft technologies. There are MPs for applications
like Veritas Storage Foundation and OSes like SCO Unix, Sun Solaris and
even SuSe Linux. The MP's aren't exclusive to monitoring and alerting
either. They can also do things like measure service level agreements.
Before your customers deploy MPs, be sure to reference the MOM 2005
Deployment Guide. Either you or your customers can download this from
the MOM 2005 homepage. Here you can also learn more about vast array of
Microsoft and third-party MPs.
Another powerful aspect of the MPs is the extent to which you or your
customers can customize them to perform almost any operation. Your customers
can also import and export MPs to and from production and test environments
while maintaining an essential version control mechanism for tracking
There are also resource kit utilities with which your customers can
track differentials between new and existing MPs. The ability to export
new rules and customized settings also lets you build your own Management
Packs to bundle with custom applications.
Faster and Flexible
Microsoft made tremendous improvements to MOM 2005 in terms of
scalability and performance. It doubled the number of supported managed
agents and drastically decreased agent deployment time. The company did
this by reducing the agent's core footprint by 500 percent, from roughly
22MB to 4MB. This also reduced network latency and improved server discovery
times. MOM 2005 also supports up to 60 agentless managed systems. These
improvements mean deployment times are up to 2.5 times faster than previous
It helps to think about your customer's infrastructure in terms of what
Microsoft calls the Management Group. This serves as both a boundary for
managed systems and a unit of scalability. In its simplest form, it includes
the Management Servers, both agent and agentless managed systems, an operations
database, and both the Administrator and Operator consoles.
MOM 2005 supports up to 4,000 agents per Management Group (double the
capacity of the previous version) and 2,000 per Management Server. Larger
environments can scale up by adding additional Management Groups. When
using multiple Management Groups for scalability purposes, be mindful
of performance and security issues.
Microsoft has strict management requirements and operational guidelines
for database size for several reasons, primarily to ensure you provide
an acceptable level of performance. For example, the maximum supportable
database size of 30GB ensures adequate room for indexing and helps the
server deal with performance data bursts from monitored servers.
One of most significant improvements Microsoft made to MOM 2005 is the
user interface and new management views. The Operator console now gives
your customers real-time views across their entire networks. If they need
to zoom in, the Diagram view shows portions of their networks, including
those that are functioning properly and where there may be potential problems.
The customizable State and Alert views give them a high-level scan of
overall server health. Detailed event information includes knowledge base
references and steps for resolving alerts.
MOM 2005's reporting features help your customers maintain long-term
historical performance data. This plays an invaluable role in trend analysis,
troubleshooting and investigating system problems and outages. System
architects and managers can use this data for planning future deployments
and server consolidation.
Your customers can easily access MOM reporting through Internet Explorer
or via the Administrator console, so reports are available virtually anywhere
your customers have network access. Microsoft provides pre-defined reports
with each Management Pack, and you or your customers can create and distribute
A reporting infrastructure with insufficient capacity can cause trouble
down the road, so use care and consideration when deploying the MOM 2005
reporting tool. Historical data maintained for upwards of one year requires
a substantial amount of storage space. Large environments can often generate
upwards of 2GB of report data per day.
Microsoft has many competitors in the general network monitoring
and alerting arena. A few of the big players include IBM's Tivoli, BMC's
Patrol Server Monitoring Component, HP's OpenView and CA's Unicenter.
The IBM Tivoli solutions include tools for network management and monitoring,
business application management for optimizing application performance
and service levels, mainframe management for optimizing and securing mainframe
environments, process management for automating critical IT processes
across operational and functional areas, service management, security
management, server and device management and storage management.
BMC's Patrol Server Monitoring Component helps customers monitor their
operating system performance and resource consumption and Active Directory
operations and general health. They can also create Windows Event Log
filters and alerts and monitor log files and process. Patrol supports
agent-based or agentless monitoring.
The HP OpenView family has individual solutions for application management,
asset management, business service management, configuration management,
consolidated event and performance management, consolidated service desk
operations, identity management, IT compliance and governance, IT service
management, network service management and maintaining a service oriented
CA Unicenter solutions are set up for infrastructure management, desktop
management, application management, network management, server management,
database management, workload automation, IT documentation and visualization
and voice management.
While all these vendors compete for market share, what's interesting
is the degree to which some participate in the Microsoft management framework
and vision. HP makes several MOM 2005 Management Packs for its own products.
Third-party partners like eXc Software make several Management Packs for
monitoring and alerting IBM products.
You'll have to count Argent and Heroix in the competitive landscape
as well. Both are suitable for small to midsize environments. Argent Guardian
runs with or without agents, which provides a considerable degree of flexibility
in deployment. Alerts include alphanumeric paging, e-mail and SMS, and
the rule sets contain more than 10,000 rules and pre-defined reports.
Customers can group and monitor servers along business lines, geographic
location or server type.
Heroix Longitude is an agentless application and performance monitoring
system for Windows, Linux, Unix, Web servers, databases, application servers
and messaging servers. It can perform transaction and SLA monitoring,
and has automatic alerts with adjustable thresholds, historical trend
and performance reports and customizable views.
IT architects and managers who have already deployed MOM 2005 cite ease
of use and deployment as one of the top five reasons for making their
choice. Most say that MOM 2005 lets them get rolling quickly in a familiar
interface, which is something to emphasize when presenting MOM 2005 to
Marketing and Sales
Microsoft invests substantial time and effort to provide partners
with resources they need to develop management solutions that fit into
the Microsoft Management Alliance (MMA). The MMA provides centralized
resources for developing everything from product connectors to custom
management packs. Microsoft also provides resources such as SDKs, white
papers and even MMA aliases for posting updates from an array of real-world
Besides the pricing information listed for MOM 2005, it's important
to refer to Microsoft's product incentive Web site at www.microsoftincentives.com.
For MOM 2005, Microsoft is currently offering an incentive until Sept.
1, 2006, where Managed Exchange Server includes the rights to be managed
by MOM 2005 and a free copy of MOM 2005.
For environments of 10 servers or smaller, Microsoft has the workgroup
edition of MOM. Formerly known as MOM Express, the workgroup version provides
a subset of the enterprise version. Even without the reporting functionality
of its big brother, MOM workgroup edition is no slouch. It provides full
alerting, monitoring and notification.
Another advantage to MOM workgroup is that it runs on the Microsoft
SQL 2000 Desktop Engine (MSDE) version. It can't hold as many records
as the full version, but it's less cost prohibitive for small businesses
that don't need the connector and reporting features.
The Final Word
MOM 2005 is a logical choice for managing Windows networks of all
sizes. With its extensible nature, it's also a helpful management tool
for vendors, solution providers and other partners when developing custom
applications and solutions.
When properly deployed and administered, MOM 2005 promises a significant
return for your IT environment. If you need to hit the ground running
when it comes to monitoring, alerting and notification, then MOM 2005
is a must. •
Jim Thompson (JThompson@Trinity-Inc.net), MCSE, is a principal consultant
for Trinity Consulting, a Gold Certified Partner in Marlborough, Mass.
He specializes in architecting network and messaging systems, conducts
performance tuning and analysis for large-scale enterprise clients and
is Trinity's resident racing enthusiast.