Operations Management Suite Series
In this series of posts, I will explore some basic concepts of the Operations Management Suite and its new features as they are made available to the general public.
With the rapid growth of the cloud, there is great need to update strategies, tactics and operations regarding monitoring the infrastructure residing in the cloud. Of course, you can still apply most of the tools you had before to monitor, automate and safeguard those resources in the cloud. Operations Manager, for example, can still be used mostly the same way, as well as Orchestrator and one of the many available backup tools.
However, just as infrastructure and the way to manage and deploy it are changing, so too is the way you can manage this very infrastructure.
Let us take monitoring for example. A few years ago, Microsoft started to develop a feature for Microsoft Operations Manager called System Center Advisor. At the time, this service would provide you with recommendations for your infrastructure based on data collected by Operations Manager. This service evolved and at some point, it started to be called Operations Insights, still referring to its advisory capabilities. However, it could do a lot more than that. The core of the system is a log analysis engine, backed by a huge database and log searching capabilities.
This concept is handy since one of the current challenges is how to handle the large amount of data generated by the various internal sources and platforms (log files, event logs, from Windows and Linux, from web sites logs, network data, security logs, etc.). It is hard to store, maintain, groom and afford the infrastructure, including the compute power to search through all the data in a timely fashion.
On the automation side, Orchestrator (previously called Opalis, an acquisition Microsoft made in 2010) provided first steps in the automation of the infrastructure. Later, Microsoft added Service Management Automation (SMA) capabilities to the suite, allowing PowerShell workflow to automate processes. This was essentially the same engine first used in Microsoft Azure automation features.
Lastly, on the Disaster Recovery and Backup side, the old Windows Backup, DPM and Hyper-V replication solutions, all on-premises, would need a total revamp to allow the new cloud based environment to be supported with the proper flexibility and robustness.
Enters Operations Management Suite. Microsoft has mixed the Log Analytics engine, the Backup and DR solutions, as well as the Azure Automation solution, into a single suite. Although these can be seen as separate solutions, they are tightly integrated. You can see details of the bundling and pricing here. In this post, I want to start the OMS talk by discussing the Solutions based on the Log Analytics engine.
Once you drill down, you get detailed information about the subject. The data stored is usually searchable. As you can see below, each solution will grind the data and present you with information and insights.
Configuring the solution is relatively straightforward. To get OMS off the ground, there are three basic steps:
Each enabled Solution will instruct the agents to collect specific data and explore the contents to provide insightful information for the users. Currently, these are the solutions available:
As you may notice, some features show as ‘Coming Soon.’ This means Microsoft is probably testing them internally or on a private preview. You can keep an eye on the portal and follow the MS Ops Mgt suite twitter feed at @msopsmgmt.
Here’s a brief description of some of the main solutions:
System Update Assessment
Identify missing system updates across your servers. This solution will summarize and give you detailed info on which computers are missing updates, how critical they are, the time to install the patches, etc.
Security and Audit
Provides the ability to explore security related data and helps identify security breaches. This solution gives you access and insight to security logs across all the computers running agents, as well as the basic queries to expose critical security insights.
Backup and Automation
These two tiles connect back to your Azure subscription to show the status of your backups and Automation jobs.
The base of the Log Analytics is the same agent (or very similar) used by Operations Manager. If you already have Operations Manager, you can onboard the computers using SCOM’s console:
You may prefer to deploy the agent manually or from a software deployment solution. For that, you can simply download the package from the portal:
Yes, you can now have Linux agents. Or even use the Azure portal to enable it on Azure VMs:
Once the agents have been on-boarded, they will start sending information to OMS in the cloud (a proxy can be set to allow secured environments tostill send data out) depending on the solutions you have enabled.
Logs and Performance
The last step is enable additional logs to collect data, like IIS logs and Performance Data:
With the collected information, you can start slicing and dicing at your convenience. The Log Search solution will give you the power to display, group and export the data. For example, if I wanted to know which is the most logged event through out my monitored computers, I could simply type:
…and get the results almost instantly:
I could also check all my performance counters related to Disk Queue:
The OMS solution, particularly the Log Analytics portion, is a paradigm shift compared to the Operations Manager approach (on-premises solution). Possibilities for expansion provided by the search engine are huge: provided you have the data, you can slice and dice, as well as notify and act based on the results. The footprint on your infrastructure is rather slow, considering you will not be required any central server (provided by Azure in the cloud) and that the agents themselves are the same as you would have, if you had Operations Manager. Deploying the agents might require some automation, but with the multiple tools available for that purpose, it should not be a huge challenge.
Operations Manager still offers a number of management packs to address the numerous solution platforms in the market, as well as a more powerful alert engine. It has a broader reach to partner platforms and integration with other System Center products. However, it can be complex to install, configure and ultimately tune, requiring significant amount of resources to operate properly.