Background Information

  • Article
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

This section describes how agents are discovered, installed, and configured. The information in this section includes the roles of the Agent Manager, the Consolidator, and the Data Access Server (DAS). This section also describes the communication methods that are used to send data between these components.

Agent Manager

Agent Manager functionalities include discovery, install/uninstall of the agent, and scanning to group computers based on specified attributes. The Agent Manager mainly uses Remote Procedure Call (RPC) to perform its functions and requires local administrator privileges on each managed server to perform these functions.

Agent Manager discovery and installation includes the following actions:

  1. Users specify the computers to manage in the Managed Computer rules (MCR).

  2. The discovery process scans the Microsoft® Active Directory® based on the entries of the MCR. If Active Directory is not available, Microsoft Operations Manager (MOM) scans the Microsoft Windows NT® 4.0 domain controllers. The scan is optimized for multiple queries within the same domain.

  3. After the scan returns the list of computers, MOM queries the MOM database and the ManualMC.txt file (if one is provided) for the list of all currently managed computers and then merges the two lists.

  4. Deeper-level discovery is performed on those computers contained within the merged list by making basic domain calls to query what operating system is running on these computers. The list is filtered based on this information.

  5. Existence of an agent is verified. Computers that have no agents installed are queued for agent installation.

  6. MOM scans the queued computers to discover the attributes of each computer, including installed applications. This attribute information is used to assign agent computers to the appropriate computer groups. Attribute scans are performed on one computer at a time using a remote registry call.

  7. If MOM is configured to install the agent automatically, then the agent is installed automatically on the discovered computers. Otherwise, computers are queued in the Pending Installation list. Computers on the Pending Installation list are installed after the pending actions have been both approved and then processed.

  8. After the agent is installed, the OnePoint service starts automatically. The agent then contacts the Consolidator to request configuration data. The agent applies the configuration data and then begins to send monitoring data to the DCAM.

Consolidator and DAS

Consolidator functionalities include pushing rules and configuration to agents, receiving data from agents, and then forwarding the data to the DAS. The DAS inserts the data into the database. The Consolidator also obtains new configurations stored in the database through the DAS. The Consolidator communicates to the DAS through Distributed Component Object Model (DCOM), and the DAS communicates to the database through OLEDB. Security authentication is performed on this function through the COM+ roles, which are mapped to the OnePoint local security groups.

Communication between the agent and Consolidator is socket-based, encrypted (but not authenticated) Transmission Control Protocol (TCP). By default, it uses port 1270 for encrypted communication and port 51515 for unencrypted communication. For security reasons, the agent is designed to always initiate communication with the Consolidator. This is because it is more secure for the Consolidator to trust the agent, rather than configuring the agent to trust the Consolidator.

Agent

The agent stores information locally in three different places:

  • Queue files, which contain data already collected and data that is ready to be sent.

  • The registry, which contains information such as the appropriate Consolidator to send data to and the configuration group name.

  • Configuration files, which contain information about processing rules and responses that an agent needs to run. These files are updated periodically through the heartbeat operation.

At a configurable interval (five minutes, by default), agents send heartbeat information to the Consolidator. This heartbeat information includes the version of the agent's latest configuration. When the heartbeat is received, the Consolidator verifies whether the agent's configuration is up to date. If not, the Consolidator sends the newest configuration information, including updates to agent properties and processing rules. The agent stores the new configuration information on the local computer. The Consolidator also keeps track of the last time it communicated with the agent and displays this information as the Last Contact Time on the MOM Administrator console under Monitor\All Agents.

Monitoring data from agents is also uploaded to the Consolidator at a configurable interval (30 seconds, by default). However, alerts and responses that require a central response (a response that is generated on the DCAM rather than the agent) are forwarded to the Consolidator immediately.

Monitoring data is contained in three agent queues:

  • An alert queue

  • A numeric data queue

  • An event queue

The agent Buffering settings determine the frequency and priority for uploading monitoring data.

MOM supports guaranteed delivery of data through the use of acknowledgement. Using acknowledgement, the data in the agent's queue file is not deleted until the agent receives an acknowledgement from the Consolidator that the data has been inserted successfully into the Consolidator queue. After delivery is guaranteed, then the agent deletes unneeded data.