Product Reviews

Keep a Close Eye on Your Servers

The newest version of MOM not only tracks all sorts of performance data, but also helps you put it in perspective.

The latest iteration of Microsoft Operations Manager (MOM) isn't so much a revolutionary advance, but a continuing maturation. MOM 2005 adds a number of subtle new features that make it easier and more flexible to use. It also scores a major coup for smaller shops with a new, aggressively priced Workgroup edition.

While it's true that MOM collects performance data, its real function is to translate raw performance data into actionable processor health information. MOM lets you define the characteristics of a properly running application and then warns you if processor utilization levels exceed those ranges. MOM also gathers event data from the Windows event logs, looking for specific events that represent poor performance, error conditions and other factors you've specified.

A Relentless Watchdog
MOM's core functionality falls into four broad areas. First, it collects and filters event data from managed servers. That data is filtered so you only see what is important to your servers' health. Second, MOM supports processor health rules that give you alerts when specific events or performance conditions occur. There's also an extensive knowledge base that explains the impact of certain events on performance conditions and offers advice on how to fix them.

Third, MOM supports a robust scripting architecture, so once it alerts you to potentially damaging situations it can also take automated corrective actions like restarting a server or changing a configuration value. Finally, MOM provides full reporting to give you an enterprise-wide view of your IT infrastructure's health and operations.

Setting all those rules and reports on your own would be tedious. Microsoft obviates both the tedium and any configuration questions by providing management packs for most of its business products like Exchange, SQL Server, DNS, IIS, clustering services and so on. These management packs define health rules, certain scripts and other information for those products, so MOM can instantly provide monitoring services. The management packs are typically included with those products and are available as free downloads, so you can effectively manage an entire Microsoft infrastructure without having to go through a lot of painstaking setup and configuration.

Figure 1. MOM's Operation Console provides a hierarchical view of alert status, severity and a host of other technical details.
Figure 1. MOM's Operation Console provides a hierarchical view of alert status, severity and a host of other technical details. (Click image to view larger version.)

A New Look
MOM 2005 boasts a vastly improved interface. The basic Microsoft Management Console (MMC) snap-in provides MOM server-level configuration, where you set up and manage MOM itself. You won't have to spend much time in this console, and server operators won't need to use it at all. Instead, they'll use the robust new Operator Console. This console is based on the Outlook 2003 interface and provides intuitive access to an operators' group of servers.

The Operator Console's real value is in its roll-up status displays. For example, if a server shows a yellow X icon, that server's capabilities are impaired. A red X icon indicates a severe problem. By quickly glancing at the column headers, you can get an instant view of the condition of the services running on your network and quickly drill down to any problem areas.

The Operator Console also has a useful Diagram View that gives you a site-aware diagram of your entire network, quickly displaying servers in their appropriate sites and using icons to indicate any problems. You can export this diagram to Visio, giving you a quick and easy way to create accurate network diagrams for your data center or office.

MOM 2005 uses SQL Server Reporting Services, so authorized individuals can have regular status reports delivered via e-mail, or have a PDF- or Web-based report on server availability delivered to an intranet address on a regular basis.

Documentation 10% ————— 8
Installation 10% ——————— 9
Feature Set 40% ——————— 9
Performance 20% —————— 9
Management 20% —————— 9

Overall Rating: 8.9
1: Virtually inoperable or nonexistent
5: Average, performs adequately
10: Exceptional

Secure Those Servers
MOM has never been a slacker in terms of security, but security received special attention in the new version. When you install MOM in an Active Directory environment, it uses mutual authentication between MOM and the servers it monitors. This ensures bogus data isn't entered into MOM's database, and that the servers MOM's contacting are the ones you intend.

As in previous versions, agent-server traffic is encrypted, so the data is protected as it flows across your network. MOM 2005 also minimizes the number of ports it uses, making it easier to use MOM to manage servers on the far side of a firewall, like Web servers sitting in a DMZ network. The agents MOM installs on monitored devices only trust MOM, which helps prevent local agent misconfiguration.

MOM also supports an agentless architecture. You'll get markedly fewer features and network utilization is higher because it has to pull information from each managed device, but it's an important option for organizations that might not be able to deploy agents to every device. Speaking of agents, MOM 2005 now supports up to 3,500 in a single management group, and 10 management groups in a single management hierarchy—a significant increase over the previous version.

If you do use agents (and you should whenever possible), they're easier to deploy. You can manually specify servers or have MOM target them directly from AD. This process provides a lot more feedback, so you'll know if something goes wrong. MOM can even dynamically catch new machines added to AD. Simply specify a query criteria and MOM will deploy its agent to all devices meeting that criteria.

MOM 2005 can co-exist with the previous version, so you can deploy the new version over time. Everything, including agent setup, is Windows Installer-based, making installation more consistent and manageable over the long haul.

MOM automatically determines the server type based on the management packs you install and the services your servers run. So if you install the Exchange Server management pack, MOM will automatically treat all servers running Exchange as Exchange servers. This dynamic discovery helps ensure that servers are never overlooked.

The troubleshooting or repair tools you'd expect to find in a Resource Kit are now built into the management packs and are available through the MOM interface. Having these tasks built-in—they're only included in management packs made specifically for MOM 2005—is a major improvement. It brings tools into the Operator Console where they're convenient and easy to launch.

You can significantly customize the Operator Console with a series of filtered view settings. For example, the Operator Console your Exchange administrator sees might only include Exchange servers, while the one your network architect sees might include every managed device. This lets administrators in larger organizations focus on their area of responsibility.

Figure 2. Alerts also refer you to Management Pack fixes and to the appropriate articles in Microsoft's online Knowledge Base.
Figure 2. Alerts also refer you to Management Pack fixes and to the appropriate articles in Microsoft's online Knowledge Base. (Click image to view larger version.)

Working for Workgroups
One of the most significant aspects of MOM 2005 is the new Workgroup Edition. The Workgroup Edition doesn't support SQL Server Reporting Services, which means you won't have the fancy enterprise reporting of the full MOM edition. However, it uses the freely available SQL Server 2000 Desktop Edition (MSDE), saving even more in licensing. It also comes with a bevy of management packs pre-installed, making it an easy installation for smaller organizations. If you only have a small number of servers or devices to monitor, MOM 2005 Workgroup Edition is a must-have for maintaining a better operating environment.

MOM 2005 is one of the first products to start delivering on Microsoft's Dynamic Systems Initiative (DSI). DSI promises to make application and server lifecycle management easier by abstracting configuration and monitoring into a set of XML-based application definition files. Applications like MOM, Systems Management Server (SMS) and even Windows itself will use these definition files to properly deploy applications, maintain their configuration over time and monitor their health. While DSI is still in its infancy, it seems to be one of the few Microsoft "initiatives" with some teeth. Over time, MOM will incorporate more DSI-flavored technologies and techniques.

Ready for Prime Time
Thankfully, MOM 2005 is free of drastic new features. If you're already familiar with it, you won't have to start from scratch. Instead, MOM 2005 provides a set of logical advances—improving its troubleshooting, streamlining and reporting capabilities, as well as the user interface.

The new Workgroup Edition is welcome proof that Microsoft still cares about smaller shops and isn't focused entirely on the enterprise customer. Microsoft carefully listened to its users on this one, delivering capabilities that make the product smoother, easier and more flexible all around.

About the Author

Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at


comments powered by Disqus

Subscribe on YouTube