Microsoft Operations Manager 2000 Overview

This is part of the Microsoft Active Directory Management Pack Technical Reference guide

Note: In the figure above, the member server that is the MOM server and the member server running SQL Server 2000 are shown as separate computers. However, these roles can also be placed together on a single member server.

Microsoft Operations Manager 2000 provides administrators of operating systems in the Microsoft® Windows 2000 Server family and in the Microsoft® Windows Server 2003 family with a powerful, event-driven monitoring solution for maintaining the overall operations health of their servers and services. MOM monitors events and information from a variety of sources through a set of basic, “ready-to-run” monitoring rules that are provided with MOM and with optional, component-specific management packs, such as Active Directory Management Pack.

Microsoft Operations Manager 2000 works by alerting administrators anytime an important event occurs or when monitoring thresholds are exceeded. MOM sends alerts to administrators in a manner that is appropriate to the severity level of the alert. For more-critical alerts, administrators can be paged immediately. For less-critical alerts, e-mail can be sent to individuals or to groups. Other less-critical warning and informational alerts are simply recorded for later review. In addition, through monitoring rules, you can specify that certain actions, such as the running of a script, are performed when an alert occurs.

Microsoft Operations Manager 2000 can also gather performance and trend information for use in network optimization and capacity planning. The MOM monitoring service, OnePoint, runs on a member server in an Active Directory domain or forest, and it uses Microsoft® SQL Server 2000 as its primary data store.

The following figure illustrates the major components of Microsoft Operations Manager 2000.

Figure 1: MOM Components

The following sections describe the major components of the MOM architecture.

On This Page

MOM Server
MOM Agents
MOM Database
Processing Rules
Information Sources
Alerts
Defining Alert Severity Levels
Knowledge Base
Console Views and Reports
Management Packs

MOM Server

The MOM server, sometimes referred to as the data consolidator and agent manager (DCAM), is a member server that gathers and consolidates monitoring and performance data from MOM agents that are running on the computers being monitored.

MOM Agents

A MOM agent runs as a service on each computer being monitored by Microsoft Operations Manager 2000. The MOM agent collects monitoring and performance data on the computer on which it is running, and then it sends this information to a MOM server.

MOM Database

The MOM database is located on a SQL Server 2000 server, which can run on the MOM server or on a separate server. The MOM database provides all data storage for Microsoft Operations Manager 2000, including configuration information; processing rule information; and storage for all collected events, alerts, and performance data.

Processing Rules

Processing rules specify how Microsoft Operations Manager 2000 collects, handles, and responds to information. Processing rules define the events and threshold conditions for MOM to monitor. When a MOM server receives information from an information source (Windows Management Instrumentation (WMI), Perfmon, event log, and others) that matches a processing rule, a processing rule match occurs. When such a match occurs, MOM performs the actions that are defined in the processing rule, and it also performs the response that is defined in the processing rule. MOM organizes related sets of processing rules into processing rule groups.

You can define your own processing rules for Microsoft Operations Manager 2000. You can also use the ready-to-run processing rules that are provided with MOM. Microsoft provides ready-to-run sets of processing rules for various server components (such as Active Directory) in the form of management packs.

Several types of processing rules exist. The most common include event rules, timed event rules, performance rules, and threshold rules.

Event Rules

Event rules instruct Microsoft Operations Manager 2000 to generate an alert or run responses when specific events occur. These events can be events that are written to Windows event logs by the Windows components that are being monitored, or they can be events that are generated by MOM. MOM stores the events and alerts in the MOM database.

Timed Event Rules

Timed event rules generate a response or an alert at given time intervals. These rules are used to launch monitoring scripts that are included with Microsoft Operations Manager 2000 for monitoring some components. MOM uses monitoring scripts to generate performance data and also to generate MOM-specific events that are used by some MOM event rules.

Performance Rules

Performance rules are used by Microsoft Operations Manager 2000 to collect performance data. MOM stores performance data in the MOM database. You can view this graphical information by using the Monitor snap-in and the Web Console.

Threshold Rules

Threshold rules generate an alert when some measured value (such as CPU utilization) exceeds a defined threshold. Threshold rules can define multiple threshold values, with a separate alert severity level for each of the values.

Information Sources

Each processing rule defines the provider of the information that is used within that rule. Providers of information to Microsoft Operations Manager 2000 include the following:

• Events that are generated by MOM

• Events and performance data generated by MOM scripts

• Events that are reported through Windows event logs

• Performance (Perfmon) data

• WMI

• Simple Network Management Protocol (SNMP)

Alerts

An alert occurs when a MOM agent detects an event or measured value that matches the event or threshold that is defined in a processing rule. An alert notifies the administrator about the event that triggered the alert. The type of alert notification depends on the severity of the alert. For more-severe alerts, Microsoft Operations Manager 2000 can page or e-mail the members of the Network Administrators group (a group that is created by MOM, which is empty by default). Less-severe alerts are saved in the MOM database for later viewing by the administrator. Optionally, an alert can also trigger an automatic response to the event, such as the running of a script.

Defining Alert Severity Levels

Each processing rule in Microsoft Operations Manager 2000 that generates an alert assigns an alert level that indicates the severity of the event that triggers the alert. You can use the alert severity level to determine at a glance the importance of the indicated condition. By default, the more-severe alerts are set to page administrators immediately. Alert severity levels for MOM are described in the following table.

Knowledge Base

The Knowledge Base contains information, associated with each processing rule, that indicates the meaning and importance of the alerts that are generated by that rule. By default, the Knowledge Base contains predefined information from Microsoft, to which you can also add information that is specific to your organization.

Console Views and Reports

Console views and reports provide a way for administrators to view the information that has been reported to Microsoft Operations Manager 2000.

Management Packs

In addition to Active Directory Management Pack, Microsoft offers a variety of management packs for Microsoft Operations Manager 2000. Each management pack provides a number of predefined, ready-to-use rules for monitoring and managing specific applications, such as Active Directory, Microsoft® Exchange 2000 Server, and SQL Server 2000. You can load management pack modules and begin specialized event and performance management immediately for Windows 2000 Server and Windows Server 2003. For information about available management pack modules, see “Microsoft Operations Manager Product Overview” on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=6149.