Management Leaps Ahead

With its improved console, easier reporting and service-oriented health checks, SCOM 2007 is a welcome improvement over MOM 2005.

It was 7:30 on a Friday night and Scott Moon had just sat down to dinner at a nice restaurant with his wife and children. That's when he realized the value of his company's recent move to System Center Operations Manager (SCOM) 2007.

"SCOM sent me an alert that one of our Web servers was unreachable by ping," says Moon, an enterprise systems architect at Word & Brown Insurance Administrators Inc. in Orange, Calif. The alert stated the tool had first tried to reach its internal health service. When that was unavailable, it tried to ping the machine. That didn't work either.

"Usually, it pings the machine and if it gets a reply back, it gives you an alert that says it can't talk to the health service, but the machine is 'pingable.' So you know it's not an emergency." An alert that says SCOM couldn't ping the box means the Web server was down.

"Using the Web console, I was able to reboot the Web server, which is load-balanced, and it came right back up," he says. If Moon's company hadn't upgraded to SCOM, he probably would have had to go back into work and do a manual reboot. "That would have been a good 90-minute drive each way, but within five minutes, I got alerted, rebooted it and nobody knew it went down. And that was all done from the restaurant."

Figure 1
"Health states are automatically updated when correcting or compensating conditions are detected, so the alert and state views are live representations. It's a nice change."
Bob Longo, Director of Sales and Business Development, ClearPointe Technology Inc.

The improved Web console is just one of the features readers say they like about SCOM 2007, especially when compared to Microsoft Operations Manager (MOM) 2005, Microsoft's previous tool for managing and monitoring Microsoft environments. Other key features they cite are SCOM's improved reporting and its ability to manage complete services end-to-end, whether they reside on just one server or traverse multiple servers and devices.

"MOM 2005 only monitored servers, so it was of limited scope," says Bob Longo, director of sales and business development at ClearPointe Technology Inc., a managed services provider based in Little Rock, Ark. Longo's company uses SCOM 2007 to manage a network operations center (NOC) supporting 28,000 devices and hundreds of clients across the United States, Canada and the United Kingdom. "With SCOM '07, we have the new concepts of both object-based monitoring -- of which servers are just one class of object -- as well as class-based management, which means management packs are targeted against classes of objects."

The new features help Longo develop more useful management packs, especially for distributed applications, he says. "Once a class is created, you can reuse it to target views, roles and monitors to the class throughout the SCOM environment," he explains. "We can create management packs that combine different classes of objects, such as router interfaces and server network interfaces, into one distributed application that provides a holistic network view and permits rapid cross-platform event correlation and fault isolation."

That brings up SCOM's biggest selling factor -- its new Microsoft Management Console (MMC) 3.0-based management console that lets users view real-time alerts and general service and network health, all from one easy-to-use interface. "The biggest thing I've noticed is the ease of the console," Moon says. "It's so much better because everything is all in one place."

Longo agrees, noting that the console in SCOM 2007 also provides more real-time capabilities. "That's what we really like. Both alerts and health-state changes are dynamic," he says. "Health states are automatically updated when correcting or compensating conditions are detected, so the alert and state views are live representations of what's actually wrong at that moment. It's a nice change."

SCOM 2007 Wish List

Overall, readers are happy with Microsoft's latest management tool, but say it could still use a few more features.

Off/On Management Packs: Rather than shipping management packs with all alerts turned on, readers say they'd like a choice. For simple apps like print serving, they'd like to be able to buy a management pack with everything turned off so that they could turn on the few alerts they need. For more complex apps, like Exchange, they'd rather have the option of applying a management pack with all alerts turned on. "I don't know enough to configure an Exchange or a SQL management pack, so I want to alert against what Microsoft considers to be best practices and trends. Let me decide," says Paul Strain, a systems management architect at Clifton Gunderson LLP.

Easier Management Pack Updates: Scott Moon, an enterprise systems architect, says he needs something like Windows Update for management packs so that as packs are updated, he's alerted and can see what's changed. "SQL Server may be doing fine, but you put in an updated management pack and next thing you know, you have 20 alerts from SQL Server that you didn't have before," he says. "I'd like first for Microsoft to tell me they released a new pack, and next a log that says, 'we've added this, tweaked this, removed this.'"

Expose the Data Warehouse Model: If the warehouse was more transparent, Moon says, it would help people write even more customized reports. "If it was presented in real English, that would be great," he says. "I'd like to write a report right now that says, in the last three months, it's cost us 30 cents per transaction. Now, since we put in the two new Web sites using this same database server, the cost per transaction has gone up to 85 cents per transaction, and by the way, I'm running out of disk space because of it. Right now, I don't have anything like that to give to my VP. If they exposed the data warehouse, it would be totally cool."

Better Documentation: Right now, the documentation on SCOM 2007 is sparse, Moon says, noting that he's only seen two books on it. He recommends that users read everything they can, including all the Microsoft blogs. Strain agrees, saying, "The best advice I could give would be to read the docs and read them again, and read everything you can from Microsoft," he says. "Even though it's only one product, it's kind of a multi-discipline product."


Too Much of a Good Thing
Although SCOM lets users track and receive alerts on far more than just server health, readers say it can sometimes provide too much information. As with MOM 2005, managing a specific device or service requires users to apply the requisite management pack. Each management pack is set to alert on what Microsoft deems most important, such as disk space, memory and so on. The problem is that not all environments are alike and some alerts may not be necessary. The management packs, however, all ship with every alert turned on.

"I liken the management packs to a giant Swiss army knife. When you install it, all the blades are out," says Paul Strain, systems management architect at Clifton Gunderson LLP, a nationwide accounting firm. Strain uses SCOM to manage about 230 devices across the country. "You've got to start flipping blades until you only get the ones you need."

One example of that analogy, he says, is the print service monitoring pack. "When you load the print service management pack and point it at a print server, it monitors every printer on that print server and every job on that print server, but is that something you really want to do? We had to turn off some of that functionality so we didn't accumulate all that data and didn't alert on stuff we didn't need to know."

Word & Brown's Moon agrees, saying he's found it difficult to tune SCOM alerts. "I get a lot of alerts on SQL Server because committed bytes are above 80 percent, but in our environment, that's OK," he says. He uses SCOM to manage about 35 file, print and database servers. "These are dedicated servers for SQL, so I expect that to happen and want that to happen. But do I need to be notified when it's 80 percent? No, tell me when it's 95 percent. That's when I'd really sweat it."

Readers say they can tune alerts through the management packs, but that can be a time-consuming process. "It would be nice if there was an easy way to say, 'thanks, SCOM, for alerting me, but I want to know when it's 95 percent,' without jumping through hoops to do it," Moon says.

Strain says he worked hard to create SCOM alert subscriptions based on areas of expertise to ensure the people who needed the alerts received them. "We gave them the responsibility of not only remediating alerts, but shooting it up the ladder to the SCOM people in charge to let them know either they didn't need the alert or they needed it to be reconfigured to alert at 95 percent instead of 80 percent or something. That helps, because making the alerts real for your environment is an ongoing process."

Customizing alerts is also difficult, readers say. "It's hard to escalate alerts," Moon says. "We use Outlook and Mobile 6 phones, and if I want to make alerts come as urgent e-mails, I actually have to go to the management pack and code in XML to make that happen. Just to get that little red exclamation point requires five or six lines of XML code in the management pack. It's very hard to tweak."

ClearPointe's Longo says his firm used the expertise it had with MOM 2005 to figure out how best to tweak SCOM's alerts. It still took some time, however. "We had so much experience tuning MOM that when SCOM 2007 came out, we knew a lot of what to carve down," he says, "but it did require a few months of heavy R&D time to get right." He advises new users to keep both the MOM 2005 and SCOM 2007 consoles running side-by-side until they feel they've appropriately tuned SCOM 2007.

Storage Surprises
Strain says storing alerts and historical data can be a concern, especially when an organization uses SCOM's default settings. "I would say storage is something that caught us a little off-guard, not from the SCOM side, but from the data warehouse side," Strain says. "We thought we were prepared for the data we were going to accumulate and we weren't. We ended up moving the SCOM data warehouse off to a different server with its own storage space."

If he had to do it again, Strain says he'd examine the trending of the data more closely: what it is and how long it's kept. "It comes out of the box with certain database grooming built-into the product, say 15 days for this, 30 days for that," Strain explains. "An organization that hasn't yet deployed it would do well to examine what they think their needs are for that trending and historical data first, so they don't collect data they don't need."


Another feature readers tout is the new Web console, which facilitates a high level of remote management, as Moon found out that Friday when he rebooted the Web server. It's also very easy to customize. "The Web console views are fantastic," Longo says. "We're actually able to create customized views for both business decision makers and the technical people. It's almost an SLA view, so we can show our customers how their system is performing against the SLA."

This is a big change from the views available and the reporting speed in MOM 2005. "MOM never had Web views available," Longo says. "We would provide reports out of MOM, but they were never that real-time."

Readers also like the ease of reporting in SCOM, especially compared to MOM 2005. "It's much easier to drill down into the individual devices," Strain says. "It's more user-friendly, especially for people who aren't in the product every day."

Perhaps SCOM 2007's best feature, readers say, is that it's fully supported by Microsoft. In fact, Microsoft has promised to never ship a new product unless it already has a SCOM management pack to go along with it. The bottom line, says Longo, is that there's just nothing better with which to manage Microsoft servers than Microsoft tools.


comments powered by Disqus

Subscribe on YouTube