Processing Flow and Operational Data

  • Article

This section describes the general processing flow in a MOM environment and provides information about the operational data that is generated.

Processing Flow

The primary elements in the data processing flow are the MOM Database, the MOM Management Server, and managed computers. This flow is bi-directional, and the flow direction is determined by the situation.

Operational Data

When an alert is raised on a managed computer, the data is sent to the Management Server. The MOM Server component passes the data to the Data Access Service (DAS) runtime component. The DAS adds the operational data to the MOM Database. After the alert is written to the database, the information is provided to the MOM Operator console.

Note

In scenarios with agentless managed computers, the alert is raised by the local agent on the Management Server, which passes the data to the DAS.

Rules and Configuration Data

When there is a rule or configuration change, the MOM Server runtime component passes this information to the DAS, which writes the change to the MOM Database. After the change is stored in the operational database, the MOM Management Server sends these changes to the managed computers.

Note

In scenarios with agentless managed computers, the changes are retained by the local agent in the MOM runtime.

Operational Data

During computer and application monitoring, all the operational data that is generated is stored in the MOM Database. This data includes: event data, performance data, alert data, and discovery data.

Event Data (Events)

Managed computers log events in local event logs (Application, Security, and System), and MOM collects event information from these logs, which can be used to:

  • View operational data in the Operator console.

  • Generate reports using the MOM Reporting Server and the Reporting Database.

  • Provide a context for problems that are detected.

  • Provide information about MOM monitoring and management activities.

  • Provide information about computer state, which is derived by correlating data from consolidation events or missing events.

Performance Data

Numeric performance data is gathered from sources such as Windows performance counters and WMI, which can be used to:

  • View performance data in the Operator console by using different formats such as forms, lists, and graphs.

  • Generate reports using the Reporting Server and the Reporting Database.

  • Identify critical threshold crossings that may indicate performance issues.

Alert Data (Alerts)

Alerts inform you about the health of managed computers and provide the basis for the status monitoring, which is described in more detail later in the chapter.

Alert data contains the following information about a problem detected on a managed computer:

  • The entity associated with the problem. This is described as a service discovery type.

  • The problem area for the entity. For example, if the entity is the SQL Server Agent, the problem area could be the SQL Server Instance.

  • The severity of the problem. Alert severity is indicated by a level, such as Error, Critical, and Warning.

  • The Alert Name, which is descriptive.

  • The Alert Description, which provides a brief description of the problem.

  • The Problem State, which shows the current state of the problem and indicates whether the problem is still occurring.

  • The Alert Count, which indicates how many times the problem was reported.

  • The Alert Resolution State, which indicates whether the problem has been acknowledged, assigned, or resolved.

  • The Alert History, which is contained in the knowledge base, provides a record for the alert. The knowledge base contains a problem description and recommended resolution, as provided by the Management Pack creator, or it can contain customer knowledge that describes the problem and its resolution.

Alert Updates Alert data that is stored in the MOM Database is continuously updated as MOM collects information about the computer that generated the alert. When a problem is first detected, an alert is generated and inserted in the database. If MOM detects that the problem has disappeared, MOM updates the problem state of the original alert and retains it in the MOM runtime. Eventually, the problem state of the existing alert in the database is updated and flagged as fixed; however, alerts must still be acknowledged and resolved.

Discovery Data

Discovery data contains a snapshot of the entities that are discovered in accordance with a given Management Pack. Unlike the other operational data, discovery data is not directly exposed to the user, but is shown as topology diagrams, computer attributes, service lists, or computer lists. This data is presented in different views such as the State view. See also: "The Operator Console" section of this chapter.