Creating Multitiered Management Groups

This chapter provides instructions for creating multitiered Microsoft Operations Manager (MOM) 2005 management groups. Multitiered MOM management groups are one or more source management groups that forward alerts and other monitoring data to a destination management group. You can configure multitiered management groups so that changes made to forwarded alerts in either the destination management group or the source management groups are synchronized.

By using multitiered management groups, you can isolate monitoring activity according to logical business units or physical locations, and also maintain a centralized monitoring function. You can have up to 10 source management groups communicating with a destination management group. You cannot have more than three tiers of management groups. Synchronization happens between the source and the destination, but not between sources.

Document Revisions

The following table summarizes the revisions that have been made to this document.

Revisions, May 2005

Section

New or Updated

Title

Description

Deployment Scenario Description

Updated

Deployment Scenario Description

New information about non-trusted domains.

Note

    This guide uses a two-tier deployment scenario where alert data is automatically synchronized between the source and destination management groups. Because of the options available with forwarding, many other scenarios are possible.

In This Chapter

Before You Begin

Before beginning the deployment described in this chapter it is recommended that you review the key concepts of MOM that are outlined in the "Before You Begin" section of Chapter 3, "Deploying MOM 2005 across Multiple Computers."

Other areas to review include:

  • MOM 2005 release notes.

  • Microsoft Operations Manager 2005 Security Guide.

  • All planning and design documents that you developed in preparation for deploying MOM 2005.

Overview

The following information highlights the key elements and issues that you must understand about multitiered management groups.

Alert forwarding

A source management group can forward to only one destination management group, but a destination group can receive forwarding from as many as 10 source management groups. Alerts can be forwarded to the destination management group as follows:

  • Automatically based on the forwarding configuration.

  • Manually when a user specifies that an alert be forwarded using the MOM Operator console by setting the alerts Resolution State to equal the name of the Connector.

  • Programmatically by using MOM supported APIs.

Duplicate alert suppression is primarily done at the source management group. Duplicate alerts received by the source management group are not forwarded to the destination management group. Only the repeat count for the alert is forwarded. Management packs need to be synchronized between the source and destination management groups. Alert suppression is also done at the destination and one alert from a source management group can suppress alerts coming from another source management group, depending upon the rules alert suppression settings and logic. Rules also need to be synchronized between the source and destination management groups for the correct knowledge to be displayed for the alert.

Note

    If the source (zone) management group is running MOM 2005 and the destination (master) configuration group is running MOM 2000 SP1 and you want to synchronize alerts, synchronization must be enabled on both the source and the destination.

Alert synchronization

If you enable synchronization, MOM inserts alerts and, if the option is enabled, discovery data, from the source management groups into the MOM databases for both the source management group and the destination management group. You can manage alerts independently in the source and the destination management groups. Changes that you make to a forwarded alerts resolution status, owner assignment, or history in either the source or destination management group are synchronized by the MOM product connector and are reflected in both management groups.

Note

    If the source (zone) management group is running MOM 2005 and the destination (master) configuration group is running MOM 2000 SP1 and you want to synchronize alerts, synchronization must be enabled on both the source and the destination.

Alert responses

You can configure alert responses to run independently in the source and the destination management groups. When an alert is raised in the source management group, the agent or the Management Server runs responses that are defined in its local alert rules. These responses are run in the source management group only. When the alert is forwarded to the destination management group, its alert rules are applied independently and can run a different response.

If you want a response for a forwarded alert to be run specifically in the destination management group, you should create an alert rule for that alert response in the destination management group. This alert rule needs to be associated to the Management Servers in the destination management group for the responses to work.

Alert forwarding and rules

For an alert to be forwarded to the destination management group, the rule that generated the alert must be installed in both the source management group and the destination management group. You can ensure that the rule is in both management groups by importing the same Management Packs in both management groups. If you create your own custom alert generating rules, you must export the rules and import them into the other management group. If you do not export and import your rules, then those alerts are not forwarded. Rules that exist in only the destination or source management group can only be managed locally.

Points to Note

Additional points to understand before you install multitiered management groups are:

  • Every rule has a globally unique identifier (GUID). When you implement alert forwarding, you must ensure that the GUID for a rule is the same across the management groups. To use an alert rule in the destination management group, such as sending an e-mail message or running a script, the rule that generated the alert in the source management group must also exist in the destination management group and use the same GUID.

    Note

        GUID matching is not an issue if you use Microsoft Management Packs because these always use the same GUIDs when you import or export them.

  • When you create a new custom rule, follow this process:

    • Create the rule in one management group.

    • Export the rule from the management group that you created it in.

    • Import the rule into the other management groups as required.

  • Only alert information is forwarded; neither event nor performance data is forwarded.

  • Alert forwarding and synchronization occurs from Management Server to Management Server.

Using the MCF or MMPC on a Domain Controller

You can use these feature on a Domain Controller running either Windows 2000 or Windows Server 2003. However, you must take additional steps for these features to run properly.

To use these features on a Domain Controller running on Windows Server 2003

  1. Grant the IIS_WPG group Read / Execute permissions to the %WINNT%\Temp directory.

  2. Grant the IIS_WPG group Modify permissions to the "Temporary ASP.Net Files" directory.

  3. Restart IIS.

To use these features on a Domain Controller running on Windows 2000

  1. Grant the IWAM_<computername> account Read / Execute permissions to the %WINNT%\Temp directory.

  2. Grant the IWAM_<computername> account Modify permissions to the "Temporary ASP.Net Files" directory.

  3. Grant the IWAM_<computername> account the Impersonate privilege (SeImpersonatePrivilege). For more information about how to do this, see the Microsoft Knowledge Base article Q824308 (https://go.microsoft.com/fwlink/?LinkId=2952).

  4. Restart IIS.