RCP Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.

MOM 2005: Monitor Globally, Manage Locally

Microsoft Operations Manager helps your customers keep a watchful eye and steady hand over their systems.

High availability, redundancy and security aren't just technology buzzwords any more. They're essential ingredients. Your customers require 100 percent uptime to stay in business and stay competitive. They need consistent, stable and secure connections.

As networks grow increasingly complex with myriad business applications, critical support servers and various security technologies, careful management can be costly and challenging. Microsoft Operations Manager 2005 (MOM 2005 -- which will soon be re-named Systems Center Operations Manager 2007 or SCOM) helps automate those management tasks.

Microsoft made significant improvements to MOM 2005, updating the reporting features, improving performance and streamlining the administrator and operator consoles. Security has taken a front seat across the board in this version. Microsoft also tasked its major product groups with creating Management Packs and SQL report formats for MOM 2005. These Management Packs help define the management model. MOM 2005's major functional areas and improvements include:

  • Monitoring
  • Alerting and Notification
  • Management Packs
  • Customization
  • Scalability
  • Reporting
  • Improved Interface
  • Improved Performance

Monitoring and Management Packs
MOM 2005 can manage any size Windows network. It monitors events on all agent-managed systems and reports back to the operator console, the centralized consolidated view of the entire network. It can also send alert notifications via e-mail or pager, depending on how your customers define their rules and groups.

Processing rules are based on a set of pre-defined criteria for specific operating system events. Once such an event (such as an application failure or slipping below a certain performance threshold) occurs, it will trigger an alert to the operator console or other remote notification. The rules can be event logs, performance counters, WMI scripts or even VB or Java-based scripts or applications.

These rules are contained within the Management Packs (MPs) -- the brains behind MOM 2005's functionality and perhaps its most powerful aspect. These XML-based rules define the logic that guides the systems' response to critical errors or events within your customer's environment. The MPs may contain as many as several thousand rules for event alerting and performance processing.

When you consider the potential number of alerts a large enterprise will generate, you have to be careful when deploying or recommending an MP. Microsoft realizes this and has assembled tools like the Alert Tuning Accelerator to provide best-practices guidance for adjusting alert settings using the Service Monitoring and Control management function.

MPs aren't exclusive to Microsoft technologies. There are MPs for applications like Veritas Storage Foundation and OSes like SCO Unix, Sun Solaris and even SuSe Linux. The MP's aren't exclusive to monitoring and alerting either. They can also do things like measure service level agreements.

Before your customers deploy MPs, be sure to reference the MOM 2005 Deployment Guide. Either you or your customers can download this from the MOM 2005 homepage. Here you can also learn more about vast array of Microsoft and third-party MPs.

Another powerful aspect of the MPs is the extent to which you or your customers can customize them to perform almost any operation. Your customers can also import and export MPs to and from production and test environments while maintaining an essential version control mechanism for tracking changes.

There are also resource kit utilities with which your customers can track differentials between new and existing MPs. The ability to export new rules and customized settings also lets you build your own Management Packs to bundle with custom applications.

Faster and Flexible
Microsoft made tremendous improvements to MOM 2005 in terms of scalability and performance. It doubled the number of supported managed agents and drastically decreased agent deployment time. The company did this by reducing the agent's core footprint by 500 percent, from roughly 22MB to 4MB. This also reduced network latency and improved server discovery times. MOM 2005 also supports up to 60 agentless managed systems. These improvements mean deployment times are up to 2.5 times faster than previous versions.

It helps to think about your customer's infrastructure in terms of what Microsoft calls the Management Group. This serves as both a boundary for managed systems and a unit of scalability. In its simplest form, it includes the Management Servers, both agent and agentless managed systems, an operations database, and both the Administrator and Operator consoles.

MOM 2005 supports up to 4,000 agents per Management Group (double the capacity of the previous version) and 2,000 per Management Server. Larger environments can scale up by adding additional Management Groups. When using multiple Management Groups for scalability purposes, be mindful of performance and security issues.

Microsoft has strict management requirements and operational guidelines for database size for several reasons, primarily to ensure you provide an acceptable level of performance. For example, the maximum supportable database size of 30GB ensures adequate room for indexing and helps the server deal with performance data bursts from monitored servers.

One of most significant improvements Microsoft made to MOM 2005 is the user interface and new management views. The Operator console now gives your customers real-time views across their entire networks. If they need to zoom in, the Diagram view shows portions of their networks, including those that are functioning properly and where there may be potential problems. The customizable State and Alert views give them a high-level scan of overall server health. Detailed event information includes knowledge base references and steps for resolving alerts.

MOM 2005's reporting features help your customers maintain long-term historical performance data. This plays an invaluable role in trend analysis, troubleshooting and investigating system problems and outages. System architects and managers can use this data for planning future deployments and server consolidation.

Your customers can easily access MOM reporting through Internet Explorer or via the Administrator console, so reports are available virtually anywhere your customers have network access. Microsoft provides pre-defined reports with each Management Pack, and you or your customers can create and distribute custom reports.

A reporting infrastructure with insufficient capacity can cause trouble down the road, so use care and consideration when deploying the MOM 2005 reporting tool. Historical data maintained for upwards of one year requires a substantial amount of storage space. Large environments can often generate upwards of 2GB of report data per day.

Competitive Landscape
Microsoft has many competitors in the general network monitoring and alerting arena. A few of the big players include IBM's Tivoli, BMC's Patrol Server Monitoring Component, HP's OpenView and CA's Unicenter.

The IBM Tivoli solutions include tools for network management and monitoring, business application management for optimizing application performance and service levels, mainframe management for optimizing and securing mainframe environments, process management for automating critical IT processes across operational and functional areas, service management, security management, server and device management and storage management.

BMC's Patrol Server Monitoring Component helps customers monitor their operating system performance and resource consumption and Active Directory operations and general health. They can also create Windows Event Log filters and alerts and monitor log files and process. Patrol supports agent-based or agentless monitoring.

The HP OpenView family has individual solutions for application management, asset management, business service management, configuration management, consolidated event and performance management, consolidated service desk operations, identity management, IT compliance and governance, IT service management, network service management and maintaining a service oriented architecture.

CA Unicenter solutions are set up for infrastructure management, desktop management, application management, network management, server management, database management, workload automation, IT documentation and visualization and voice management.

While all these vendors compete for market share, what's interesting is the degree to which some participate in the Microsoft management framework and vision. HP makes several MOM 2005 Management Packs for its own products. Third-party partners like eXc Software make several Management Packs for monitoring and alerting IBM products.

You'll have to count Argent and Heroix in the competitive landscape as well. Both are suitable for small to midsize environments. Argent Guardian runs with or without agents, which provides a considerable degree of flexibility in deployment. Alerts include alphanumeric paging, e-mail and SMS, and the rule sets contain more than 10,000 rules and pre-defined reports. Customers can group and monitor servers along business lines, geographic location or server type.

Heroix Longitude is an agentless application and performance monitoring system for Windows, Linux, Unix, Web servers, databases, application servers and messaging servers. It can perform transaction and SLA monitoring, and has automatic alerts with adjustable thresholds, historical trend and performance reports and customizable views.

IT architects and managers who have already deployed MOM 2005 cite ease of use and deployment as one of the top five reasons for making their choice. Most say that MOM 2005 lets them get rolling quickly in a familiar interface, which is something to emphasize when presenting MOM 2005 to potential customers.

Marketing and Sales
Microsoft invests substantial time and effort to provide partners with resources they need to develop management solutions that fit into the Microsoft Management Alliance (MMA). The MMA provides centralized resources for developing everything from product connectors to custom management packs. Microsoft also provides resources such as SDKs, white papers and even MMA aliases for posting updates from an array of real-world field-tested methodologies.

Besides the pricing information listed for MOM 2005, it's important to refer to Microsoft's product incentive Web site at www.microsoftincentives.com. For MOM 2005, Microsoft is currently offering an incentive until Sept. 1, 2006, where Managed Exchange Server includes the rights to be managed by MOM 2005 and a free copy of MOM 2005.

For environments of 10 servers or smaller, Microsoft has the workgroup edition of MOM. Formerly known as MOM Express, the workgroup version provides a subset of the enterprise version. Even without the reporting functionality of its big brother, MOM workgroup edition is no slouch. It provides full alerting, monitoring and notification.

Another advantage to MOM workgroup is that it runs on the Microsoft SQL 2000 Desktop Engine (MSDE) version. It can't hold as many records as the full version, but it's less cost prohibitive for small businesses that don't need the connector and reporting features.

The Final Word
MOM 2005 is a logical choice for managing Windows networks of all sizes. With its extensible nature, it's also a helpful management tool for vendors, solution providers and other partners when developing custom applications and solutions.

When properly deployed and administered, MOM 2005 promises a significant return for your IT environment. If you need to hit the ground running when it comes to monitoring, alerting and notification, then MOM 2005 is a must. •

Jim Thompson (JThompson@Trinity-Inc.net), MCSE, is a principal consultant for Trinity Consulting, a Gold Certified Partner in Marlborough, Mass. He specializes in architecting network and messaging systems, conducts performance tuning and analysis for large-scale enterprise clients and is Trinity's resident racing enthusiast.