Configuring Cross Platform Monitoring Using System Centre Operation Manager 2007 R2

Similar documents
Step-by-step installation guide for monitoring untrusted servers using Operations Manager

Privileged Access Agent on a Remote Desktop Services Gateway

Device Manager. Managing Devices CHAPTER

Installing and Configuring vcenter Multi-Hypervisor Manager

Citrix SCOM Management Pack for XenServer

ForeScout Extended Module for IBM BigFix

ForeScout CounterACT. Assessment Engine. Configuration Guide. Version 1.0

How to monitor RedHat Enterprise Linux 5 or 6 using Microsoft System Center Operations Manager (SCOM) 2012 SP1 - Part 1

Outlook 2010 Exchange Setup Guide

Your Mission: Connect to a remote Apple target(s) disk using F-Response Enterprise Edition.

Forescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2

ForeScout Extended Module for IBM BigFix

Configure Outlook to use port 587 with authentication

WhatsConfigured v3.1 User Guide

Deploying Windows 7 Using MDT UDI

Citrix SCOM Management Pack 1.4 for ShareFile

Citrix SCOM Management Pack for StoreFront

Notification Setup Guide for Operations Manager 2007

ZL UA Exchange 2013 Archiving Configuration Guide

Configuring Remote Access using the RDS Gateway

Microsoft SQL Installation and Setup

How to Configure a Remote Desktop Licensing Server for vspace 6

Installation Guide. OMi Management Pack for Microsoft Skype for Business Server. Software Version: 1.00

Configuring SAP Targets and Runtime Users

Enabling Smart Card Logon for Mac OS X Using Centrify Suite

Getting started with System Center Essentials 2007

CounterACT VMware vsphere Plugin

Enabling Smart Card Logon for Linux Using Centrify Suite

Configuring an IMAP4 or POP3 Journal Account for Microsoft Exchange Server 2003

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Dell Storage Manager 2016 R3 Installation Guide

AirWatch Mobile Device Management

Storage Manager 2018 R1. Installation Guide

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Oracle Enterprise Manager 11g Ops Center 2.5 Hands-on Lab

Forescout. Configuration Guide. Version 2.4

Configure DHCP for Failover Step-by-Step.

Altiris Client Management Suite 7.1 from Symantec User Guide for Mac Management

Integrating IBM Security Privileged Identity Manager with ObserveIT Enterprise Session Recording

NETWRIX PASSWORD EXPIRATION NOTIFIER

Centrify Infrastructure Services

ForeScout Extended Module for VMware AirWatch MDM

SCOM 2012 with Dell Compellent Storage Center Management Pack 2.0. Best Practices

Veritas Desktop and Laptop Option 9.2

Configuring High Availability for VMware vcenter in RMS All-In-One Setup

Read the following information carefully, before you begin an upgrade.

ONESolution 16.1 Desktop Client Installation

Monitoring Windows Systems with WMI

Parallels Management Suite for Microsoft SCCM 2007

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Cloud & Smarter Infrastructure Professional Certification Program

Using vrealize Operations Tenant App as a Service Provider

ForeScout CounterACT. Configuration Guide. Version 1.1

VMware Horizon View Deployment

OMi Management Pack for Microsoft SQL Server. Software Version: For the Operations Manager i for Linux and Windows operating systems.

ForeScout CounterACT. Configuration Guide. Version 1.8

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

ScopTEL TM IP PBX Software. DNS Server Configuration Wizard

Installation and Administration Guide

ForeScout CounterACT Resiliency Solutions

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

Freshservice Discovery Probe User Guide

Forescout. Configuration Guide. Version 4.2

Troubleshooting Cisco DCNM

Deploying a System Center 2012 R2 Configuration Manager Hierarchy

WhatsConnected v3.5 User Guide

Manual UCSFwpa Configuration for Windows 7

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

Adding a High Availability System

CounterACT Wireless Plugin

AD Sync Client Install Guide. Contents

Azure Marketplace. Getting Started Tutorial. Community Edition

SCOM 2012 R2 AGENT INSTALLATION

Dell EMC License Manager Version 1.5 User's Guide

ForeScout CounterACT. Track Changes to Network Endpoints. How-to Guide. Version 8.0

SEP Sesam Quick Start

Equitrac Integrated for Konica Minolta. Setup Guide Equitrac Corporation

ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018

Dell License Manager Version 1.2 User s Guide

Configuring Cisco TelePresence Manager

ForeScout Extended Module for Advanced Compliance

Installing the Sentry Power Manager (SPM) Management Pack for the Microsoft System Center Operations Manager (SCOM)

User Account Manager

WAVELINK AVALANCHE REMOTE CONTROL 3.0 QUICK START GUIDE

Using VMware vsphere Web Client with Symantec ApplicationHA and Symantec Cluster Server (VCS)

Kerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1810

OpenManage Integration for VMware vcenter Quick Install Guide for vsphere Client, Version 2.3.1

ForeScout Extended Module for MaaS360

VMware AirWatch Integration with RSA PKI Guide

SIP Proxy Deployment Guide. SIP Server 8.1.1

Data Sources. Data Sources Page

Sophos Enterprise Console advanced startup guide

Kerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1811

ForeScout CounterACT. ARF Reports Module. Configuration Guide. Version 1.0.3

ThinManager and FactoryTalk View SE Deployment Guide

ForeScout CounterACT. Controller Plugin. Configuration Guide. Version 1.0

ForeScout Extended Module for ServiceNow

Copyright and Trademarks

Transcription:

Configuring Cross Platform Monitoring Using System Centre Operation Manager 2007 R2 One of the more desirable features introduced in System Center Operations Manager 2007 R2 is the ability to monitor non-windows servers. This indeed rose the System Center Operations Manager as one of the strongest monitoring tools for any heterogeneous environment. The total cost of ownership of maintain a centralized enterprise system monitoring solution became very low by the introduction of cross platform monitoring feature. However, we often noticed that many Microsoft solution experts have very little Unix/Linux experience and therefore configuration of the solution in always a nightmare. The objective of this post is to provide a step-by-step guide for configuring cross platform monitoring solution. Following are the high-level overview of tasks (not in any particular order) involved in configuring agents in cross platform environment. Update SCOM with latest CU and Management pack for cross platform monitoring Check communication port availability DNS name resolution in both directions SSH and sftp enabled Certificates signature Accounts with access rights on the cross platform system. Define the required Run As Accounts and place them in the proper Run As Profiles Pre-requisite software available cross platform machines, update the OS if any patch are missing. Make sure to use the right installers when manually deploying agents. Updating SCOM management server is very important to achieve the best features available in SCOM 2007 R2. There are list of cumulative updates released for Operations manager 2007 R2. There is no restriction on updating the cumulative updates, you can use the latest CU to update directly form RTM. The following link lists all the Cumulative Updates release for System Centre Operations Manager 2007 R2. http://support.microsoft.com/kb/2453149 Once the Management server is updated, make sure that proper TCP/IP routing is configured between the SCOM Root Management Server (RMS Server) and the cross platform machine (Solaris box). Solaris agent uses TCP port 1270 and 22 to communicate to the RMS server. You may use telnet to check the port access between RMS and Solaris box. Next, make sure you are able to resolve the host name with server IP address. If necessary, use host file entry for name resolution. Try pinging the FQDN of the RMS server from Solaris box and vice versa. Jayachandran PK http://pkjayan.wordpress.com P a g e 1

Run As Profiles: SCOM 2007 R2 requires 2 run as accounts to be associated with their respective run as profiles in order to install and monitor agent on the cross platform server. Unix Action Account- this is a non-privileged user account used to remotely monitor the cross platform servers. Unix Privileged Account- this is a privileged account, must have root access and Sudo (kind of Run as administrator in windows) access privilege is not supported. SCOM uses this account to deploy the agent as well as to restart processes where privileged rights are required Creating user in Solaris: we need to create a user in Solaris box with password aging disabled, this user account will be added to Unix Action Account profile in SCOM management console. 1. Run following command on Solais Box with root privilege: # useradd -u 2500 -g 10 -c SCOM Monitor User -d /export/home/scxmon -s /usr/bin/ksh -m scxmon 64 blocks 2. Set password for the newly created user scxmon: # passwd scxmon New Password: Re-enter new Password: passwd: password successfully changed for scxmon 3. Check the password aging policy applied to the user account: # passwd -s scxmon scxmon PS 12/05/12 7 49 28 4. Above figures show the password expiration set for MAXWEEKS, MINWEEKS and WARNWEEKS. Run following command to disable password aging for scxmon user. # passwd -x -1 scxmon passwd: password information changed for scxmon 5. confirm the password aging policy applied to the user account: # passwd -s scxmon scxmon PS Jayachandran PK http://pkjayan.wordpress.com P a g e 2

Now we have the account created in Solaris box and we need to define this account as Run As account in the SCOM management server console. To do this, logon to the SCOM RMS server and open SCOM management console. Click on the Administration view In the navigation pane under Run As Configuration, select Accounts. Jayachandran PK http://pkjayan.wordpress.com P a g e 3

Right-click in the results pane, and then select Create Run As Account from the context menu to start the Create Run As Account wizard. In the Introduction page appears, click Next. On the General page, select Basic Authentication from the Run As Account Type list. Notice that there are other options to choose from. The option selected depends on the type of account and authentication that is specified in the management pack guide. Jayachandran PK http://pkjayan.wordpress.com P a g e 4

In the Display Name box, enter a name to identify the UNIX Action Account and then click Next. On the credentials page, enter appropriate values in the Account Name, Password, and Confirm Password boxes (here we need to provide the non-privileged account created earlier in the Solaris server) and then click Next Jayachandran PK http://pkjayan.wordpress.com P a g e 5

In the Distribution Security page, leave the default selected More Secure and click Create This creates the Step by Step Run As UNIX Action Account object and maps it to the actual UNIX account credentials that will be used for non-privileged interaction with the UNIX-based computers that you will be monitoring. Click Close to close the Create Run As Account wizard. Jayachandran PK http://pkjayan.wordpress.com P a g e 6

In the Accounts pane, double-click the account you just created. In the Run As Account Properties dialog box, select the Distribution tab and choose the Distribute credentials to selected computers option. Click Add to open the Computer Search dialog box. Jayachandran PK http://pkjayan.wordpress.com P a g e 7

From the Option list, choose Show management servers, and then click Search. In the Available items text box, choose the management server that these credentials will be distributed to, and then click Add. Jayachandran PK http://pkjayan.wordpress.com P a g e 8

Click OK to close the Computer Search dialog box. Click Apply and OK to close the Run As Account Properties dialog box. Now we need to repeat the same steps to create Run As Account to associate the privileged account to SCOM management server. Right-click in the results pane, and then select Create Run As Account from the context menu to start the Create Run As Account wizard. Jayachandran PK http://pkjayan.wordpress.com P a g e 9

In the Introduction page appears, click Next. On the General page, select Basic Authentication from the Run As Account Type list. Notice that there are other options to choose from. The option selected depends on the type of account and authentication that is specified in the management pack guide. In the Display Name box, enter a name to identify the UNIX Privileged Account and then click Next. Jayachandran PK http://pkjayan.wordpress.com P a g e 10

On the credentials page, enter the root account values in the Account Name, Password, and Confirm Password boxes and then click Next In the Distribution Security page, leave the default selected More Secure and click Create Jayachandran PK http://pkjayan.wordpress.com P a g e 11

This creates the Step by Step Run As UNIX Privileged Account object and maps it to the actual UNIX root account credentials that will be used for privileged interaction with the UNIX-based computers that you will be monitoring. Click Close to close the Create Run As Account wizard. In the Accounts pane, double-click the Unix Privileged Account you just created. Jayachandran PK http://pkjayan.wordpress.com P a g e 12

In the Run As Account Properties dialog box, select the Distribution tab and choose the Distribute credentials to selected computers option. Click Add to open the Computer Search dialog box. From the Option list, choose Show management servers, and then click Search. Jayachandran PK http://pkjayan.wordpress.com P a g e 13

In the Available items text box, choose the management server that these credentials will be distributed to, and then click Add. Click OK to close the Computer Search dialog box. Click Apply and OK to close the Run As Account Properties dialog box. Jayachandran PK http://pkjayan.wordpress.com P a g e 14

Now we need to associate the Run As Accounts with their respective Run As Profiles so that the SCOM management server can use these assigned accounts to perform privileged and non-privileged tasks on cross platform servers. To associate the Run As Accounts with their respective Run As Profiles, from the navigation pane under Run As Configuration, select Profiles. Type UNIX in the Look for window and click Find now. This will list only Unix related Frofiles. In the results pane, double-click the UNIX Action Account profile, and click next on the Introduction page Jayachandran PK http://pkjayan.wordpress.com P a g e 15

Click next on the General Properties page Notice that there are no Run As Account associated with this profile. Click Add to associate a Run As Account with this profile and from the pulled down selection, select the Unix Action Account. Jayachandran PK http://pkjayan.wordpress.com P a g e 16

After selecting the appropriate Action Account, select the radio button next to A Selected class, group or object and then click Select to choose your option Select Class from the List In the Filter by window, type UNIX and click Search. Select UNIX computers from the available items listed under. Click OK to select the item. Jayachandran PK http://pkjayan.wordpress.com P a g e 17

If you are planning to have different Unix Action Account for each Solaris box, you need to create separate Run As Account for each servers and select the respective computer as target (select object instead of class and Look for UNIX Computer and the select the respective Solaris sever listed under available items). I am having same root password on all servers so I will use UNIX Computer Group as target. UNIX computers is listed as target class for the selected Run As Account. Click OK to close the windows. Verify the Account and class listed in the Unix Action Account profile and click Save to close the Wizard. Jayachandran PK http://pkjayan.wordpress.com P a g e 18

We need to associate the Unix Privileged Account with its profile. To do this, double-click the UNIX Privileged Account profile, from the profile list and click next on the Introduction page Jayachandran PK http://pkjayan.wordpress.com P a g e 19

Click next on the General Properties page Jayachandran PK http://pkjayan.wordpress.com P a g e 20

Notice that there are no Run As Account associated with this profile. Click Add to associate a Run As Account with this profile and from the pulled down selection, select the Unix Privileged Account. After selecting the appropriate Action Account, select the radio button next to A Selected class, group or object and then click Select to choose your option Jayachandran PK http://pkjayan.wordpress.com P a g e 21

Select Class from the List In the Filter by window, type UNIX and click Search. Select UNIX computers from the available items listed under. Click OK to select the item. Jayachandran PK http://pkjayan.wordpress.com P a g e 22

UNIX computers is listed as target class for the selected Run As Account. Click OK to close the windows. Verify the Account and class listed in the Unix Action Account profile and click Save to close the Wizard. Jayachandran PK http://pkjayan.wordpress.com P a g e 23

If the root account passwords are different in each Solaris servers, normally this will be the case in production servers. You need to create separate Run As Account for each servers and select the respective computer as target (select object instead of class and Look for UNIX Computer and the select the respective Solaris sever listed under available items). You will have to associate all the Unix privileged accounts created for each Solaris serves to Unix Privileged Account profile. I am having same root password on all servers so I will use UNIX Computer Group as target. The following two slides shows selecting separate Action account for each Solaris Server Installing agents on Solaris Servers using Discovery wizard. Before proceeding with discovery wizard, make sure that the required Run As accounts are created and latest cross platform monitoring management packs are imported into the SCOM Management server. To discover and deploy agents on Solaris Server, Logon to the SCOM Management server and Open the SCOM console (make sure the account is a member of the Operations Manager 2007 R2 Administrator profile). Select the Administration view. Jayachandran PK http://pkjayan.wordpress.com P a g e 24

Right click on Administration root and then select Discovery Wizard Discovery Wizard opens and on the Discovery Type, select Unix/Linux computers then click next Jayachandran PK http://pkjayan.wordpress.com P a g e 25

On the Discovery Method page, click Add to specify criteria for discovering Solaris based system on your network. On the Define discovery criteria page, type the IP Address or DNS name (you can specify an IP range also) Provide the credentials (root account of the target Server) and necessary information to locate the computer you want to discover, and then click OK. Jayachandran PK http://pkjayan.wordpress.com P a g e 26

On the Discovery Method page, click Add to add more computers to the Discovery Scope list. You can also click Edit or Remove to modify or delete computers from the Discovery Scope list. In the Discovery Scope column, select the computer that you want to find. In the Management Server list, select the management server that will monitor the agents. Select Enable SSH based discovery if you want to push the agent installation instead of having the discovered system pull the agent from the management server. Jayachandran PK http://pkjayan.wordpress.com P a g e 27

Click Discover to initiate system discovery. If there is an invalid certificate on the discovered system or systems, the Certificate status page appears. Select the systems that you want new certificates issued to, and then click Sign. On the Discovery results page, from the Select the systems you want to manage: select the check box for the system or systems that you want to manage, or click Select All to include all discovered systems. Jayachandran PK http://pkjayan.wordpress.com P a g e 28

If any systems listed under the Select the systems you want to manage list was unable to discover, you can click Details to get more details about why the discovery was failed. Correct the problem and repeat the discovery step. Once you have selected the systems you want to manage, click Next to start the deployment, and to close the Discovery results page. On the Deployment is in progress page, the Computer and Device Management Wizard displays the agent deployment status under the Status menu. Jayachandran PK http://pkjayan.wordpress.com P a g e 29

The agent deployment status will cycle through Deploying, Validating, Signing and finally Successful. Once you see the nice successful Status, click done to close the computer and Device Management wizard. Congratulations! You have successfully discovered Solaris computer to monitor through System Centre Operations Manager 2007 R2. To verify the same, you may go to Administration Section on the SCOM console and then expand Device Management. Then select Unix/Linux Server and you will see the newly discovered Solaris computer listed. Hope this step by step installation guide was useful for someone who wanted to monitor Solaris (or any cross platform) computer through System Centre Operations Manager 2007 R2. Jayachandran PK http://pkjayan.wordpress.com P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback