Deploying the Connected Management Groups Scenario

Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1

When you connect management groups, you are not actually deploying any new servers; rather you are allowing a top tier or local management group to have access to the Alerts and Discovery information that is in a bottom tier or connected management group. In this way, you can view and interact with all the alerts and other monitoring data from multiple management groups in a single Operations console. In addition, you can run tasks on the monitored computers of the connected management groups.

In this procedure, you create a connection between two management groups. These management groups can be in the same domain, or they can be in trusted domains. You can connect to management groups that are in domains that are not trusted, but you cannot view data from those domains until you add an account from the domain of the local management groups to an Operations Manager role for the connected management group. To do this, a trust must be established between the domains.

Before You Start

Ensure the following before you deploy the Connected Management Groups scenario.

Before you start

1. To connect management groups, you must provide the fully qualified domain name (FQDN) of the root management server (RMS) of the connected management group. The management server of the local management group must be able to resolve this FQDN. If the two management groups do not use the same Domain Name System (DNS) service, you must create a secondary DNS zone in the DNS service that the local management group uses. This secondary DNS zone transfers the DNS information from the primary DNS zone of the connected management group. The transferred information is essentially a copy of the DNS information that is available to the management server of the local management group. For more information about Zone Transfers, see the "Understanding zones and zone transfers" topic in the Windows Server DNS help.

2. Add the SDK and Config Service account of the connected management groups to the Operations Manager Administrator role for the connected management group, or just add it to the domain-based Operations Manager Administrator security group in the connected management groups domain, which has already been added to the Operations Manager Administrator role.

3. Collect the SDK and Config Service account credentials from the connected management groups. These credentials are needed when you add the connected management group in the local management group.

4. Identify users in the domain of the local management group that will need access to data from the connected management groups. They must be added to the appropriate Operations Manager roles in the connected management group.

5. Both the connected management groups and the local management groups must be running the same version of Operations Manager 2007. Mixing release versions is not supported. However, the server components of the local and connected management groups can be on computers running either Windows Server 2003 or Windows Server 2008. For more information about how to upgrade connected management groups from RTM to SP1, see the Operations Manager 2007 SP1 Upgrade Guide

Creating Connected Management Groups

To create a connected management group

1. Open the Operations console on a management server that is a member of the local management group using an account that is a member of the Operations Manager Administrator role.

2. Open the Administration view, and select the Connected Management Groups object.

3. In the Actions pane, on the far right, click the Add Management Group link.

   Note

   If the Actions pane is not visible, click Actions on the toolbar.

4. On the Add Management Group page, in the Management Group name field, enter the name of the management group that you want to connect to. This group is referred to as the connected management group.

5. In the Root Management Server field, enter the FQDN of the RMS of the connected management group.

6. If the local management group and the connected management group are using the same SDK and Config Service account, select Use SDK service account.

   Important

   The SDK account must be a member of the Operations Manager Administrator role for the connected management group.

7. If the local management group and the connected management group are not using the same SDK and Config Service account, then select Other user account, and complete the User name, Password, and Domain fields with the SDK account for the connected management group.

8. The connected management group appears in the connected management groups Results pane in the Operations console.

9. Repeat this process for each management group that you want to connect.

Providing Access to Connected Management Groups

In order to view alerts, set overrides, and monitor objects in connected groups, the group scope has to be set for user groups.

To grant access to Connected Management Groups

1. Identify users in the local management group that need access to the connected management groups.

2. Add those users as members to the appropriate user role in the connected management groups.

   Note

   If local and connected management groups are not in the same domain and there is no trust relationship between the two domains, you will have to create accounts in the connected management group domain for the users in the local management group domain to use.

3. In the Operations console for the local management group, in the Administration view, expand Security, and then click User Roles.

4. In the right pane, right-click the user role to which you want to grant connected management group access, and then click Properties.

5. On the Group Scope tab, select the connected management groups to which you want to grant access to this user role, and then click OK. A user with both permission and access to at least one connected management group will see the Show Connected Alerts button in the toolbar of any Alert view in the Monitoring space.

6. A Log On dialog box appears and prompts the user for credentials (to log on to the connected management groups). Enter the credentials, and then click OK. Alerts appear from all connected management groups for which you have access and permission. You can run tasks in the managed computers of connected management groups.