The MOM Management Pack
All of the Management Packs depend on the health and availability of the Microsoft Operations Manager (MOM) server components and agents, as well as the successful forwarding and retention of monitoring data.
The MOM Management Pack monitors problems with agent deployment and configuration, communications failures, security issues, and the MOM Connector framework. Automated tasks provide easy access to common network administration and diagnostic tools. Reports call attention to performance bottlenecks and provide data for capacity planning.
Table 3.1 summarizes the monitoring scenarios for the MOM Management Pack. The MOM Management Pack has undergone extensive modeling and testing to ensure that minimal configuration is required for most deployments.
Best Practices
It is recommended that you review the following best practices for Management Packs.
Changing Management Packs
It is recommended that you do not change any MOM Management Pack settings until you have performed a thorough analysis to determine whether changes are required. If changes are required, ensure that these changes are adequately tested.
If you change company knowledge or enable a disabled setting, you can edit the original rule. This is possible because these settings are preserved when you import the Management Pack by using the update option.
If you change an enabled rule, follow these guidelines:
Make a copy of the rule that you want to change.
Disable the original rule.
Make changes to the copy of the rule, and commit these configuration changes.
Conduct tests on the copy of the rule.
Important
Before you change any of the MOM Management Pack settings, refer to The Microsoft Operations Manager 2005 Management Pack Guide, which is available from the MOM product Web site.
Additional guidance for Management Pack authoring is provided in the Microsoft Operations Manager (MOM) 2005 Management Pack Development Guide.
Guides for other Management Packs, such as Active Directory and Exchange Server 2003 are also available at the MOM Web site, and you should review these documents before implementing any changes.
Additional Management Packs
It is recommended that you install additional Management Packs for your MOM deployment. The following Management Packs will extend the depth and breadth of monitoring for all of the MOM components.
Note
Management Pack version numbers are provided to help you locate the most recent version of the Management Packs. The Management Packs listed are available from the Download Center of the MOM Web site.
Windows Base Operating System - Monitors the performance and availability of Microsoft Windows Base Operating System 4.0 and later versions (MP version: 05.0.2803.0000).
SQL Server 2000 - Detects and sends alerts about critical events. Helps indicate, correct, and prevent service outages or configuration problems (MP version: 05.0.2803.0000).
Internet Information Services (IIS) - Monitors IIS events in the Windows NT and IIS event logs. For IIS 5.0 and IIS 6.0, it includes a script that polls and tracks the responsiveness of your IIS server (MP version: 05.0.2803.0000).
Microsoft Baseline Security Analyzer (MBSA) - Performs security vulnerability assessments and security update scans of computers running Microsoft Windows 2000 or later (MP version: 05.0.2803.0000).
Microsoft Windows Server Clusters - Highlights events that may indicate possible service outages or configuration problems, so that you can take action. The highlighted events provide information about many parts of a server cluster (MP version: 05.0.2803.0000)
Installing and Tuning Management Packs
It is recommended that you install the Management Packs in batches, and then fine-tune and optimize each one. This approach is considerably easier than enabling and disabling large numbers of rules. Most Management Packs should not require you to make large-scale changes, in order to optimize for your environment. Generally, changing less than 5 rules in an MP is the most that is required. You can, typically, identify these rules by using the most common event and alert reports.
If you want to disable multiple rules, either disable processing rule groups associated with computer groups, or just computer groups, rather than disabling all processing rule groups or all rules.
Importing and Exporting Reports
Note the following information related to importing and exporting reports:
The report import/export component of the Import/Export Management Packs Wizard does not support either the import or export of linked reports.
When exporting reports using the import/export utility, password information is not exported if the underlying data source uses Structured Query Language (SQL) authentication for security reasons. When these reports are imported on a different computer, the reports will be broken because they will not contain the password. In this scenario, the work-around is to edit the data source and enter the required password.
Importing Management Packs with Custom Tasks
When you use MOM to import a Management Pack that contains a custom task, the custom task is not visible in the Administrator console navigation pane after the import is completed.
Although the custom task is successfully imported and created, you may have to refresh the Tasks folder, in the MOM 2005 Administrator console, for the custom task to be displayed correctly. To do this, use the following procedure.
Refresh the Tasks list in the Administrator console
In the Navigation pane, expand the Management Packs node to show the Tasks folder.
Right-click Tasks, and then click Refresh.
Management Pack Monitoring Scenarios
The following tables provide summary information about the monitoring scenarios for each of the recommended Management Packs including the Management Pack for MOM 2005. This information is extracted from each of the guides that are available for each Management Pack.
Table 3.1 MOM 2005 Management Pack
Scenario |
Description |
---|---|
Agent deployment and upgrade |
|
Agent monitoring |
|
Agentless monitoring |
|
Management Server monitoring |
|
Database monitoring |
|
Reporting monitoring |
|
MOM Connector framework monitoring |
|
Security |
|
Performance monitoring |
Agent:
Database:
Management Server:
|
Note
Previous versions of the Microsoft Management Packs, for MOM 2000 and MOM 2000 SP1, will work with MOM 2005. However, older Management Packs do not support new features such as state awareness and run-time tasks.
Table 3.2 Windows Base Operating System Management Pack
Scenario |
Description |
Windows NT 4.0 |
Windows 2000 Server |
Windows Sever 2003 |
---|---|---|---|---|
Service and application management |
|
Core Windows service up/down status only |
X |
X |
Reliability |
|
|
X |
X |
Storage |
|
Local storage free space only |
X |
X |
Networking |
|
|
X |
X |
Performance measuring |
|
|
X |
X |
Performance threshold monitoring |
|
X |
X |
X |
State monitoring and service discovery |
|
X |
X |
X |
Table 3.3 SQL Server Management Pack
Scenario |
Description |
---|---|
Enterprise configuration support |
|
Service and database availability and health |
|
Database connectivity |
|
Remote connectivity |
|
Database space |
|
Service pack compliance |
|
Configuration monitoring |
|
Blocked processes |
|
Replication monitoring |
|
Long running agent jobs |
|
Security monitoring |
|
Backups and jobs |
|
Server performance |
|
Table 3.4 IIS Management Pack
Scenario |
Description |
IIS 5.0 |
IIS 6.0 |
---|---|---|---|
Service availability |
|
X |
X |
Application availability and integrity |
|
X |
X |
Security |
|
X |
X |
Site Integrity |
|
X |
X |
World Wide Web Publishing Service specific |
|
X |
X |
Related services |
|
|
X |
Table 3.5 MBSA Management Pack
Scenario |
Description |
Windows 2000 Server |
Windows Server 2003 |
---|---|---|---|
Set up of Microsoft Baseline Security Analyzer (MBSA) |
|
X |
X |
Security Reporting |
|
X |
X |
MBSA Issues |
|
X |
X |
Internet Explorer (IE) vulnerabilities |
|
X |
X |
Internet Information Services vulnerabilities |
|
X |
X |
Windows operating system vulnerabilities |
|
X |
X |
Microsoft SQL Server vulnerabilities |
|
X |
X |
Table 3.6 Windows Server Clusters Management Pack
Scenario |
Description |
Windows2000 Server |
Windows Server 2003 |
---|---|---|---|
Service monitoring |
|
X |
X |
Resource groups and resource health |
|
X |
X |
Quorum resource monitoring |
|
X |
X |
Cluster node monitoring |
|
X |
X |
Cluster network issues |
|
X |
X |
General resource issues |
|
X |
X |
Rule Overrides
Rule overrides is a valuable tool, provided by MOM, to enable you to override a rule for a computer or computer group. Overrides can be used and shared by rules, scripts, and the MOM APIs.
For example, in a scenario where there is a server with performance capabilities that are lower than other servers in the group, it can trigger a performance alert before the other servers in the same group. Rather than lower the performance threshold in the rule for all of the servers, you can create an override that identifies the server and the rule.
You must be a member of, at a minimum, the MOM Authors group to create an override in the Administrator console.
Use the following procedure to create an override for an event rule. You can use the same procedure to create an override for alert rules and performance rules.
Create an override for an event rule
In the Navigation pane, locate the rule group for the rule.
In the Details pane, right-click the rule name and click Properties.
On the General tab, select the check-box for Enable rule-disable overrides for this rule.
Note
If the rule is disabled, the prompt for the check-box is Enable rule-enable overrides for this rule.
Click the Set Criteria button to open the Set Override Criteria property page, and then click Add.
Click the right-arrow button beside the Target: input area, and then pick Computer Group or Computer to specify the target.
In the Add Computer property page, select a computer to add, and then click OK. Repeat steps 5 and 6 if you want to add more computers.
By default, the Value: is Disable (0) if the rule is already enabled. Click OK.
Click OK to close the Set Override Criteria property page, and then click OK to close the property page for the rule.