c1.jpg professional mom 2005, sms 2003, and wsus · professional. mom 2005, sms 2003, and wsus....
TRANSCRIPT
-
ProfessionalMOM 2005, SMS 2003,
and WSUS
Randy HollowayTelmo Sampaio
Marcus OhRuss Kaufmann
Derek Comingore
01_589636 ffirs.qxp 4/13/06 6:59 PM Page iii
File AttachmentC1.jpg
-
01_589636 ffirs.qxp 4/13/06 6:59 PM Page ii
-
ProfessionalMOM 2005, SMS 2003,
and WSUS
01_589636 ffirs.qxp 4/13/06 6:59 PM Page i
-
01_589636 ffirs.qxp 4/13/06 6:59 PM Page ii
-
ProfessionalMOM 2005, SMS 2003,
and WSUS
Randy HollowayTelmo Sampaio
Marcus OhRuss Kaufmann
Derek Comingore
01_589636 ffirs.qxp 4/13/06 6:59 PM Page iii
-
Professional MOM 2005, SMS 2003, and WSUSPublished byWiley Publishing, Inc.10475 Crosspoint BoulevardIndianapolis, IN 46256www.wiley.com
Copyright © 2006 by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN-13: 978-0-7645-8963-8ISBN-10: 0-7645-8963-6
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
1B/QS/QV/QW/IN
Library of Congress Cataloging-in-Publication DataProfessional MOM 2005, SMS 2003, and WSUS / Randy Holloway ... [et al.].
p. cm.ISBN-13: 978-0-7645-8963-8 (paper/website)ISBN-10: 0-7645-8963-6 (paper/website)1. Microsoft Windows (Computer file) 2. Operating systems (Computers) 3. Computer systems—Management. I. Hol-loway, Randy, 1974– QA76.76.O63.P6135 2006005.4 46—dc22
2006011600
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization throughpayment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923,(978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department,Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online athttp://www.wiley.com/go/permissions.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESEN-TATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OFTHIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WAR-RANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BYSALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BESUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER ISNOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFES-SIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BESOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HERE-FROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATIONAND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THEPUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOM-MENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED INTHIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN ANDWHEN IT IS READ.
For general information on our other products and services please contact our Customer Care Department within theUnited States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Trademarks: Wiley, the Wiley logo, Wrox, the Wrox logo, Programmer to Programmer, and related trade dress are trade-marks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries,and may not be used without written permission. All other trademarks are the property of their respective owners. WileyPublishing, Inc., is not associated with any product or vendor mentioned in this book.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be availablein electronic books.
01_589636 ffirs.qxp 4/13/06 6:59 PM Page iv
www.wiley.com
-
About the Authors
Randy HollowayRandy Holloway works for Microsoft Corporation as a technology specialist in the US Central Region.Prior to joining Microsoft, Randy worked in various software development and technology architectureroles; he has written a number of articles on software and systems development on the Microsoft plat-form. His blog is located at http://randyh.wordpress.com.
Special thanks to my wife, Donna, for supporting me, and to Emily and Gavin for letting me work all ofthose weekends and evenings. I also thank Jim Minatel and the team at Wrox for believing in this project.
Telmo SampaioTelmo Sampaio is an IT consultant and trainer with 14 years of experience dealing with Microsoft, IBM,and Symantec technologies. He has worked for companies such as Microsoft and IBM. Telmo has beeninvolved in medium to large network infrastructure projects, security audits, database implementations,and application development. Telmo works as a Senior Technical Training Consultant for SignalLearning in Indiana. In his spare time, he plays Xbox and reads with his kids.
This book is dedicated to both my mothers, Yvette and Graça; my father, Gaspar; my brothers, Danieland Digo; my wife, Carla, who was very understanding when I had to spend hours in front of the com-puter working late nights; and my children, Marco, Rafael, and Natalia.
Marcus OhMarcus Oh, a senior administrator and architect, has been leading initiatives in systems management tech-nologies for a private telecommunications company since 1999. He is a columnist for myITforum.comand has had articles published in TechTarget newsletters as well as the book Windows Server Hacks. Marcushas been recognized by Microsoft with the Most Valuable Professional award in Windows Server Man-agement since 2004. To get a glimpse of Marcus’s latest reflections, visit his blog at http://marcusoh.blogspot.com.
I thank all of my family and friends for their support while I wrote my part of this book. Further, I thankall of the intelligent and respected minds I’ve met along the way that have helped contribute in someform or another to the completion of this book, various projects, and my sanity.
Russ KaufmannRuss Kaufmann, MCSE+I, MCT, and MVP, is a consultant, speaker, trainer, technical editor, and author.He has been working in IT for more than 15 years and has worked with both small clients and largeclients spanning multiple countries. He specializes in Microsoft server products with special emphasisplaced on Exchange, IIS, SharePoint Portal Server, and, of course, MOM. He currently works forInfocrossing, an infrastructure outsourcing company, in their Broomfield, Colorado, office.
01_589636 ffirs.qxp 4/13/06 6:59 PM Page v
-
This book was a unique project that taught me a great deal about life and prioritization.
I originally saw this project and rejected it. It was too open ended and it just didn’t “ring” for me. Later,this project came around again, and this time I said I would do it. My thanks go to Jim Minatel forkeeping me in the loop and giving me another chance to jump on board with this project.
I talked to Randy Holloway, who originally came up with the concept, and I bought into his idea. In caseyou, the reader, haven’t figured it out, the idea was to put together a book covering systems management.The plan was to cover the basics of the products normally used in systems management, how they workedtogether, and how each covered different organizational needs. Thanks to Randy for getting the idea andmaking sure I understood it as I built the outline.
As we started working on the project and the timeline, it became clear that we needed additional people.My thanks go to Telmo Sampaio. Telmo stepped up and agreed to take on some work and add his exper-tise. Without him, this project would have died.
The next challenges came up with some major health problems on my part and Randy’s making the cor-rect decision to place his family first. He had an addition to the family right as we were getting started,and his responsibilities really ate up his time. So, the next step was to add another person to help out.My thanks go to Marcus Oh for jumping into the middle of this and using his sheer force of will to keepthings moving forward. At that time, I really couldn’t provide any help or answer his questions, but hefigured things out and kept on going.
The final challenge was one that I have seen in all projects: the dreaded deadline and exhaustion. This kind ofproject requires huge amounts of work, and it got to everyone. My thanks go to Derek Comingore for takingon a good bit of the load. Derek did a great job as the tech editor for many chapters and the author of others.
The usual thanks go to the editors and StudioB’s Laura Lewin for taking care of the business of it all andfor having the patience in trying times to make this project happen.
This project was completed by the sheer will of those involved. I still am amazed that it is done.
Derek ComingoreDerek Comingore is the software development manager for Hosting.com. He holds the MCAD/MCDBAMicrosoft certifications, the Carnegie Mellon Personal Software Process (PSP) credential, and an AAS/BSin Computer Information Systems. In addition to his role for Hosting.com, Derek enjoys writing articlesfor Hosting.com’s newsletter and has written his first article for MSDN (soon to be published) on lever-aging SQL Server 2005 Service Broker to obtain real-time ETL. He is also starting up a new SQL Servercommunity, www.sqlserver360.org, which promises to deliver a rich and rewarding experience forthe SQL Server professional.
First and foremost I wish to thank my fiancée, Misty Neely, for her everlasting patience with me as I satin front of the computer until 3 a.m. on several occasions. I love you very much. My son, Derek StevenComingore—there is no better feeling in the world than when you come tackle Daddy when he gets homefrom work; you are the best gift God could ever have given me. My family also deserves much praise asthey gave me a good home to grow up in with strong morals and love; their guidance continues to help meachieve higher levels of success in my life.
Jim Minatel, thank you, not only for this opportunity but also for mentoring me in the technical writingfield. Jim slowly exposed me to the technical writing industry by asking me to be a technical editor for sev-eral other Wrox titles, and now a contributing author on this book. Ed Connor deserves thanks as he wasunder a lot of pressure when things got tight, but he “quarterbacked” the project quite well. Hosting.com,my employer, has been supportive of my technical writing, and I appreciate it. Finally, I thank DarrenKing, Hosting.com CEO, who continues to challenge and mentor me.
01_589636 ffirs.qxp 4/13/06 6:59 PM Page vi
-
CreditsSenior Acquisitions EditorJim Minatel
Development EditorEd Connor
Technical EditorsDerek ComingoreBrian RodgersTodd Meister
Copy EditorNancy Rapoport
Editorial ManagerMary Beth Wakefield
Production ManagerTim Tate
Vice President and Executive Group PublisherRichard Swadley
Vice President and Executive PublisherJoseph B. Wikert
Project CoordinatorMichael Kruzil
Graphics and Production SpecialistsCarrie A. FosterMary J. GillotJoyce HaugheyStephanie D. JumperAlicia B. South
Quality Control TechniciansJohn GreenoughCharles Spencer
Proofreading and IndexingTechbooks
01_589636 ffirs.qxp 4/13/06 6:59 PM Page vii
-
01_589636 ffirs.qxp 4/13/06 6:59 PM Page viii
-
Contents
Introduction xv
Whom This Book Is For xvWhat This Book Covers xviHow This Book Is Structured xviWhat You Need to Use This Book xviiErrata xviip2p.wrox.com xvii
Chapter 1: The Basics of Operations Management 1
Systems Management on the Microsoft Platform 2Moving Toward the Future: Dynamic Systems Initiative 7
Design for Operations 9System-Level Management 10Policy-Driven Operations 10Hardware Abstraction 10
Management Strategies 10Summary 11
Chapter 2: MOM, SMS, and WSUS: How They Fit Together 13
MOM: A Solution for Operations Management 14SMS: A Software Deployment and Management Solution 21WSUS: Update Services for Decentralized Environments 26MOM, SMS, and WSUS: Better Together 29Summary 29
Chapter 3: Installing Microsoft Operations Manager 2005 31
Planning 31Infrastructure Prerequisites 32MOM Users 35Monitored Operating Systems 36Monitored Applications 36Service Level Agreements 37
02_589636 ftoc.qxp 4/13/06 6:44 PM Page ix
-
x
Contents
Network Structure 37Redundancy Requirements 38MOM Installation Steps 38
Summary 62
Chapter 4: Installation of SMS 63
Planning Your Installation 64Client Types 64Site Types 65Site Hierarchy 66Site Systems 70
Security Mode 73Standard Security 73Advanced Security 74
Active Directory Integration 74Installation Prerequisites 75
Hardware Requirements 75Software Requirements 75
Installing SMS — Step by Step 76Extending Active Directory 76Installing SMS 2003 SP1 83Basic Site Configuration 95Configuring Site Systems 95Computer Discovery 101
Summary 111
Chapter 5: Installing and Configuring Microsoft Update and Windows Server Update Services 113
Why Microsoft Update? 114Installing Microsoft Update 115Why Windows Server Update Services? 122
Improvements over Software Update Services 123Installation 131Using the Command Line 142
Summary 143
Chapter 6: MOM Configuration and Administration 145
Administrator Console 146Installing the MOM Consoles 147Administration: Agents, Consoles, and Settings 147
02_589636 ftoc.qxp 4/13/06 6:44 PM Page x
-
xi
Contents
Operator Console 158Views 158Limiting Noise 165Tracking Alerts 166Task-Based Management 167
Web Console 168Reporting Console 169Tuning Alerts 170Using the ATSA 171Tuning Rules in the Administrator Console 172Summary 173
Chapter 7: MOM and SMS Agents 175
MOM Agents: An Overview 175Configuration and Deployment of MOM Agents 177Understanding SMS Agents 183Summary 186
Chapter 8: Management Packs and Components 187
Getting Started with Management Packs 188Importing Management Packs 188Group Types 191Following the Rules (and Other Elements) 194
Putting It All Together 198Creating a Rule Group 198Adding an Event Rule 199Adding a Performance Rule 201Adding an Alert Rule 203Associating a Computer Group to the Rule Group 205
Summary 206
Chapter 9: Management Pack Drilldown for Windows Server 209
Windows Servers Base Operating System Management Pack 210Installation 210Configuration 211
DNS Management Pack 214Installation 214Configuration 215
02_589636 ftoc.qxp 4/13/06 6:44 PM Page xi
-
xii
Contents
Active Directory Management Pack 216Installation 216Configuration 216
IIS Management Pack 225Installation 225Configuration 226
Microsoft Server Clusters Management Pack 228Installation 228Configuration 229
Summary 231
Chapter 10: More on Management Packs 233
MBSA Management Pack 233Installation 234Configuration 234
Exchange Server Management Pack 239Installation 239Configuration 240
SQL Server 2000 Management Pack 248Installation 248Configuration 249
Microsoft Management Pack Notifier 254Installation 254Configuration 255
Summary 255
Chapter 11: Third-Party Management Packs and Product Connectors 257
Common Third-Party Management Packs 259Dell OpenManage Management Pack 259Installation 259HP Proliant and Integrity Management Packs 260HP Proliant Management Pack Installation 261HP Integrity Management Pack Installation 262IBM Director v5.10 Upward Integration Module Management Pack 263Installation 263Tasks 264
Common Third-Party Product Connectors 264HP Network Node Manager 1.0 Product Connector for MOM 264HP Openview 1.0 Product Connector for MOM 265Tivoli TEC 1.1 Product Connector for MOM 265
02_589636 ftoc.qxp 4/13/06 6:44 PM Page xii
-
xiii
Contents
MOM 2005 Management Pack Developer’s Guide 265Creating Management Packs 266MOM 2005 SDK 267Creating MOM Responses with Script and Managed Code 268
Creating a MOM Script Response 269Creating a MOM Managed Code Response 274
Creating MOM Applications 274Creating MOM Product Connectors 274Summary 279
Chapter 12: Using SMS and MOM to Manage Security and Patching 281
SMS Solutions for Security and Patch Management 282Phases of Software Update Management 285The Benefits of Software Update Management 288MOM and Security Management: How Does It Fit? 290Summary 291
Chapter 13: Monitoring 293
Defining Alerts, Events, and Tasks 293Working with Alerts, Events, Performance Graphs, and Tasks in the OperatorConsole(s) 294
“Thick” Operator Console 294“Thin” Web Operator Console 299Using the Web Reporting Console 300Event-Based Monitoring 303Task-Based Monitoring 305Performance Monitoring 306Advanced Monitoring Topics 307
Summary 309
Chapter 14: Securing Your MOM, SMS, WSUS, and WU Installation 311
Configuring MOM Security 311Deploying Agents and the Agent Action Account 313Discovery-Based Agent Deployment 313Manual-Based “push” Agent Deployment 314The AAA 314Advanced MOM Security 315Using the IIS Lockdown Tool 315Using IPSec 315Using SSL 316
02_589636 ftoc.qxp 4/13/06 6:44 PM Page xiii
-
xiv
Contents
Using OLEDB Encryption 316Using SMB Packet Signing 316MOM Security Best Practices 316
Configuring SMS Security 317Operating System Security 317SQL Server Security 317WMI Security 318IIS Security 318Network Security 318Physical Security 318
SMS Accounts 319SMS Security Enhancements 319
Advanced Security Model 320Advanced Client 320Integrated Support for Active Directory 320
Configuring WSUS Security 320Simple Deployment Model Security 321Complex Deployment Model Security 323
Configuring WU Security 323Summary 325
Chapter 15: Reporting 327
SMS Reporting 327Queries 328Reports 355
MOM Reporting 370Architecture 370MOM Reporting Console 372
Summary 375
Chapter 16: System Center and the Dynamic Systems Initiative 377
System Center Today 378The Dynamic Systems Initiative 380The Roadmap for System Center Products 383Summary 383
Appendix A: MOM Management Packs and Utilities 385
Index 391
02_589636 ftoc.qxp 4/24/06 5:14 PM Page xiv
-
Introduction
Systems and operations management can be complex and expensive. A comprehensive approach to thisproblem requires the use of operations management tools, software deployment tools, configurationmanagement, and other release management tools and techniques. The knowledge of the organization iscritical in helping to make sure that everything works well. In addition, doing the job right involves cus-tom rules or scripts and reports to help ensure that everything is running as expected. For many IT pro-fessionals, this kind of operations management is a mix of a number of different tools along with customscripting and manual effort to monitor logs and other reports. While this approach will get the job done,it can often be more expensive and time consuming for administrators. In addition, the use of too manyspecial-purpose monitoring and management tools in the environment, along with custom scripts andreports, introduces more opportunities for mistakes and can lead to unsatisfied users or customers.
Microsoft is taking a comprehensive approach to systems and operations management and is buildingtools targeted at the small business all the way up to the largest enterprises. While there is more work todo in improving these products, Microsoft’s focus to build a well-integrated set of monitoring and sys-tems management solutions is significant and should be a point of consideration for any IT administratorwho is evaluating or implementing these tools in their environment. This book was written to show howthe current Microsoft tools for systems and operations management can work together to provide a com-prehensive approach to automating IT operations. In addition, this book takes a look at where these toolsare going and what IT administrators can expect from Microsoft in the future to help make operations andsystems management tasks easier. It is important for IT administrators to consider not only the presentoperational and systems management requirements but their future needs as well when evaluating andimplementing the technologies, and this book attempts to address both of these areas.
Whom This Book Is ForWhen the idea for Professional MOM 2005, SMS 2003, and WSUS was first discussed, the goal was to pro-vide a single source for IT administrators to understand how these systems and operations managementtechnology can be used in their environments. Since that time, the book has also evolved into a compara-tive tool that can help a reader to understand which tool is right for which job. The audience for this bookincludes anyone who is involved with implementing, supporting, or managing a set of tools for systemsand operations management, including IT operators, IT administrators, IT infrastructure managers, andsystem architects.
Readers with some background in systems and operations management will probably get the most outof this book; however, no specific level of skill or knowledge is assumed. The writing is aimed at readerswho have a basic understanding of IT infrastructure on the Windows platform and have familiarity withWindows XP (and earlier) client deployments and Windows Server technologies.
03_589636 flast.qxp 4/13/06 6:44 PM Page xv
-
xvi
Introduction
For readers who understand the principles behind systems and operations management and who areinterested in the installation procedures and configuration for MOM 2005, SMS 2003, or the MicrosoftUpdate (MU) and Windows Server Update Services tools (WSUS), you may want to jump right intoChapters 3, 4, and 5. For those that are interested in evaluating these tools and using this book as an aid,start with Chapter 2, which covers the basics of how these products work and how they can be usedtogether. Chapter 16 looks beyond the core products that we’ve discussed throughout the book andincorporates other systems management products from Microsoft. This is a good chapter for those inter-ested in the product roadmap beyond MOM 2005 and SMS 2003.
What This Book CoversThis book covers the current shipping systems and operations management products from Microsoft.As of this writing, these products include MOM 2005, SMS 2003, MU, and WSUS. While there are olderversions of MOM and SMS, we have not covered those technologies in this book in any detail. In addi-tion, this book does not offer any detailed comparison of the current versions of these products to theprevious versions. New features in the current products are not explicitly noted.
How This Book Is StructuredOne of the challenges in writing a book that covers a broad range of products and tools is structure. Tobest address this issue, the book is organized to cover the material in logical sections. This book coversthe basics of systems management and the products, followed by installation and configuration proce-dures. In later chapters, topics covered include patching, monitoring, tuning, and reporting of the man-agement tools. Finally, the book describes the roadmap for future management products from Microsoft.
More specifically, Chapters 1 and 2 cover the basics of operations management and how the MOM 2005,SMS 2003, and other update technologies fit together. These chapters should set the stage for the mate-rial to be discussed and provide some insight on what these products can do for IT. Chapters 3 through 5are focused on the installation and deployment of MOM, SMS, MU, and WSUS. These chapters includea review of installation procedures and considerations, along with some discussion of configuration.Chapter 6 is a deeper dive into the configuration and administration of the MOM environment withMOM and alert tuning, and should help the reader to understand how to get the most out of the opera-tions monitoring tools. Chapter 7 goes into the agent technologies that make MOM and SMS work inyour environment.
In Chapters 8 through 11, the book moves into a deeper discussion of MOM management packs, includingthe deployment of management packs and the use of third-party management packs and product connec-tors. Appendix A also provides more detail on the management packs available from Microsoft and othervendors. Chapter 12 covers the security and patching features that can be supported by MOM and SMS.Chapters 13 and 14 cover monitoring and the security aspects of deploying MOM, SMS, and the updatetechnologies, helping to ensure that IT administrators lock down these powerful tools. Chapter 15 coversthe reporting capabilities of MOM and SMS detail with information on how administrators and operatorscan retrieve critical information from these tools. Chapter 16 covers the Microsoft System Center solutionsand considers the future of Microsoft’s management tools.
03_589636 flast.qxp 4/13/06 6:44 PM Page xvi
-
xvii
Introduction
What You Need to Use This BookThe readers of this book will benefit from having access to a Windows Server domain and softwareincluding MOM 2005 and SMS 2003. Some of this software is available to be downloaded for evaluationpurposes. For those without access to a lab or test network environment, products such as Virtual Serveror Virtual PC can help to build an environment for testing. For IT professionals that don’t have access tothese tools, the Virtual Labs available at Microsoft’s Tech Net site (www.microsoft.com/technet/traincert/virtuallab/default.mspx) can be used to review much of the functionality describedin this book.
ErrataWe make every effort to ensure that there are no errors in the text or in the code. However, no one is per-fect, and mistakes do occur. If you find an error in one of our books, like a spelling mistake or faulty pieceof code, we would be very grateful for your feedback. By sending in errata you may save another readerhours of frustration and at the same time you will be helping us provide even higher quality information.
To find the errata page for this book, go to www.wrox.com and locate the title using the Search box orone of the title lists. Then, on the book details page, click the Book Errata link. On this page you can viewall errata that has been submitted for this book and posted by Wrox editors. A complete book list includ-ing links to each book’s errata is also available at www.wrox.com/misc-pages/booklist.shtml.
If you don’t spot “your” error on the Book Errata page, go to www.wrox.com/contact/techsupport.shtml and complete the form there to send us the error you have found. We’ll check the informationand, if appropriate, post a message to the book’s errata page and fix the problem in subsequent editionsof the book.
p2p.wrox.comFor author and peer discussion, join the P2P forums at p2p.wrox.com. The forums are a Web-based systemfor you to post messages relating to Wrox books and related technologies and interact with other readersand technology users. The forums offer a subscription feature to e-mail you topics of interest of your choos-ing when new posts are made to the forums. Wrox authors, editors, other industry experts, and your fellowreaders are present on these forums.
At http://p2p.wrox.com you will find a number of different forums that will help you not only as youread this book, but also as you develop your own applications. To join the forums, just follow these steps:
1. Go to p2p.wrox.com and click the Register link.2. Read the terms of use and click Agree.3. Complete the required information to join as well as any optional information you wish to
provide and click Submit.
4. You will receive an e-mail with information describing how to verify your account and completethe joining process.
03_589636 flast.qxp 4/13/06 6:44 PM Page xvii
-
xviii
Introduction
You can read messages in the forums without joining P2P but in order to post your own messages,you must join.
Once you join, you can post new messages and respond to messages other users post. You can read mes-sages at any time on the Web. If you would like to have new messages from a particular forum e-mailedto you, click the Subscribe to this Forum icon by the forum name in the forum listing.
For more information about how to use the Wrox P2P, be sure to read the P2P FAQs for answers to ques-tions about how the forum software works as well as many common questions specific to P2P and Wroxbooks. To read the FAQs, click the FAQ link on any P2P page.
03_589636 flast.qxp 4/13/06 6:44 PM Page xviii
-
The Basics ofOperations Management
One of the key criteria for selecting and deploying enterprise systems is the ability to effectivelymanage their operations. By ensuring that critical business systems are healthy, responsive, andrunning as expected, information technology managers and executives are able to lower the totalcost of ownership for their systems and place more emphasis on the development and deploymentof new capabilities. In most organizations, this is the major focal point to help drive efficiency. Inthis chapter, we cover the following topics:
❑ Systems management on the Microsoft platform
❑ Model-based operations management
❑ Dynamic Systems Initiative
With the emphasis on Microsoft’s management technologies over the past few years, new releasesof SMS and MOM, and the evolution of the Microsoft Update platform, there is a greater need forIT to understand how these products can work together to provide a comprehensive systems man-agement solution that enables software deployment, systems monitoring for alerts and exceptions,and access to the data that can help IT to prevent problems in the future. Those who use the systemsmanagement tools from Microsoft benefit from having Microsoft’s knowledge of its own toolsbaked into the products, which makes it easier to manage their Windows desktop and server environments and provides the capability to work in a heterogeneous setting.
The goal for this chapter is to provide a basic overview of operations management and describethe problem domain and then focus on the components of the Microsoft platform now and in thefuture that will enable system administrators and IT to effectively manage their technology opera-tions. By examining the current management tools and understanding Microsoft’s DynamicSystems Initiative, you can better formulate your strategies for deploying management solutionson the Microsoft platform.
04_589636 ch01.qxp 4/13/06 6:44 PM Page 1
-
Systems Management on the Microsoft Platform
IT organizations deploy systems management and monitoring technologies in an effort to reduce costsassociated with the complexity and effort of deploying and managing large numbers of workstations,servers, and server-based applications in their enterprise environment. Achieving this goal depends onthe technology being used to provide scalability to accommodate large environments and to provide anefficient architecture. However, when comparing monitoring and management technologies, the mostcritical factor to consider is the availability of the operational assistance they offer to the operators andadministrators that rely upon these tools. These administrators want to ensure that their systems arehighly available and functional for their customers.
Monitoring technologies are only as valuable as the quality of the best-practices they provide. Traditionallymonitoring, management, and deployment technologies have been toolsets that depend on customizationby IT or consultants to determine appropriate components that should be deployed and how to best con-figure them to monitor the availability and performance of the customer’s specific application or service.Because of this, few organizations have realized the potential value of these technologies. In addition, monitoring tools that are not granular enough in detail can fall short in helping administrators to solveproblems once they are identified.
The core management solutions on the Microsoft platform include products such as Systems ManagementServer (SMS), Microsoft Operations Manager (MOM), and the Microsoft Update solution. Through theuse of SMS for software deployment, MOM for management alerts and notifications, and MicrosoftUpdate to provide easy access to updated patches for products such as Microsoft Windows, MicrosoftOffice, and many others, an enterprise systems administrator has a baseline to enable secure and well-managed systems. MOM provides the foundation for operations management while SMS enables moresophisticated configuration and release management scenarios. Together, these tools can effectively sup-port the full lifecycle for systems management.
For many years, IT administrators have been successfully using Microsoft SMS to manage Windows-baseddesktops and servers within their organizations. As the number of Windows PCs deployed within theseorganizations has grown dramatically, SMS has helped IT administrators contain the cost of managing suchheavily distributed systems, keeping the overall cost of ownership low while allowing the number ofdeployed PCs and applications to grow.
However, the environment in which Windows-based PCs are deployed is constantly changing as newtechnologies are adopted and as PCs are used in increasingly complex configurations. The most recentrelease of SMS, Systems Management Server 2003, is designed to track and support these changingtrends in PC usage and provide support for emerging usage scenarios and technologies. SMS 2003 pro-vides solutions for a number of key issues faced by IT administrators managing Windows-based PCenvironments today. SMS 2003 addresses the following key problem areas:
❑ Managing computers and users that roam around the network, often connecting over poorbandwidth links or from different geographic locations on a regular basis
❑ Tracking the deployment and usage of software assets in the organization, and using this toplan licensing and software acquisition across the company
2
Chapter 1
04_589636 ch01.qxp 4/13/06 6:44 PM Page 2
-
❑ Monitoring the patch state of all deployed Windows PCs and applications in the enterprise, andremoving vulnerabilities proactively in a closed loop process with real-time patch deploymentstatus
❑ Offering managers and users access to the management data aggregated by SMS, including liveconfiguration and operations reports
❑ Managing Windows PCs securely, but with a minimum of administrative overhead, while fend-ing off the ever-increasing number of external security threats
The core features of SMS, including software deployment, inventory tracking, and remote troubleshoot-ing are supported in SMS 2003. The SMS administration console is shown in Figure 1-1.
Figure 1-1
In addition, support has been added for the increasing number of mobile users in organizations today.This support simplifies management of Windows-based PCs and users who commonly roam to differentphysical locations, reducing the IT cost of managing such users and machines and providing seamlessone-to-many solutions for desktop, laptop, and server users. Because of increased need to maintainthe security of all deployed software in an enterprise, SMS 2003 also adds support for Security PatchManagement of deployed Windows systems. This allows administrators to easily monitor the patch stateof all systems within their enterprise through a set of powerful web reports. These reports are used toidentify any vulnerability in the network, at which point the system can then be used to download anddeploy the latest patches from Microsoft’s web site to those machines that require them. Additional sce-narios and enhancements will be supported in SP2 of SMS, which is scheduled for release in 2006.
3
The Basics of Operations Management
04_589636 ch01.qxp 4/13/06 6:44 PM Page 3
-
Because many organizations are deploying Windows Server 2003 Active Directory service within theirnetworks, SMS 2003 is able to take advantage of this technology, further simplifying the process of man-aging clients and users. Many Active Directory features map directly to SMS targeting concepts, allowingIT administrators to target software and inventory tasks using Active Directory constructs and containers.In summary, SMS provides a strong set of features to enable software deployment and the management ofclients and users.
When it comes to systems monitoring and alerting functions, the core component of that solution isMicrosoft Operations Manager. MOM 2005 differs from traditional monitoring technology and assistscustomers in reducing the cost of management through the use of management packs. These manage-ment packs for an application combine the insight of the application developers, a knowledge base fororganizational learning and common knowledge surrounding the product along with best practicesfor operations.
The difference between MOM management packs and similar management technology lies both in theidentities of the management pack developers and the methodology used for their development. First,MOM 2005 management packs provide built-in, product-specific operational intelligence, encapsulatingknowledge from the individual Microsoft product teams developing the applications, Microsoft ConsultingServices, and Microsoft’s product support organizations. All of this knowledge is made available out of thebox for consumption by the product users. Second, the Design for Operations methodology is used to firstanalyze and then design the management of Windows applications and services.
The Design for Operations methodology of managing applications is a sharp contrast to the typical wayapplication management has been developed in the past. As opposed to a subject matter expert drivingthe approach to managing a system, Design for Operations requires developers of Microsoft applicationsand third-party applications or services to adopt an inside-out approach based on their personal knowl-edge of the application or services. Instead of simply monitoring processes or services to see if they’rerunning and then generating an alert to a console, Design for Operations requires that an application orservice be analyzed and broken down into a framework that will describe the application from a manage-ment perspective. This methodology uses three models as the basis for implementing management for aservice or application: the Health Model, the Task Model, and the State Model. The models are meant toprovide a prescriptive mechanism for ensuring that management is built for every service and applicationand that the management is aligned with the needs of the administrator who will be running the service.This design point is a requirement of the Windows Server Systems Core Engineering Criteria, which areused to determine whether a Microsoft product can be shipped under the banner of Windows ServerSystem.
The Health Model defines what it means for a system to be healthy or unhealthy, and the model defineshow a system transitions in and out of those states. Information on a system’s health is necessary for themaintenance and diagnosis of the system. The contents of the Health Model become the basis for systemevents and instrumentation on which monitoring and automated recovery is built. All too often, systeminformation is supplied in a developer-centric way that does not give the administrator operational
4
Chapter 1
04_589636 ch01.qxp 4/13/06 6:44 PM Page 4
-
visibility of the applications. The Health Model seeks to guide both what kinds of information should beprovided and how the system or the administrator should respond to the information. If a managementtechnology is monitoring an application or service without a deep understanding of Health Modeling,IT operators will be required to invest time and resources analyzing the relevance of an alert to the oper-ations of their organization.
The Task Model is used by developers to enumerate the activities that are performed in managing the sys-tem. These may be maintenance tasks performed on a routine basis, such as system backup; for event-driven tasks, such as adding a user; or for diagnostic tasks performed to correct system failures. Definingthese tasks guides the development of administration tools and interfaces, and it becomes the basis forautomation. Used in conjunction with the Health Model, the Task Model can drive self-correcting systemswith the appropriate instrumentation. Task Models are utilized by management pack developers in thecreation of product or service-specific management Rules and Administrator Tasks. Management packsalso leverage the Task Model to understand which error situations can be corrected on the managed sys-tem by using self-correcting rules and which will require human intervention. Likewise, Task Models areleveraged to provide IT administrators with preconfigured, remotely launched tasks from a MOMOperator Console that will assist in either error diagnosis or correction. Without the concept of a TaskModel, most monitoring applications rely on the IT organization or consultants to write complex scriptsand rules to determine how to resolve error situations locally or determine the correct diagnostic proce-dures or tools needed to remedy a problem remotely.
State Modeling will be increasingly leveraged by future Windows platforms and applications to provideadministrators with a comprehensive means of managing both the availability and configuration of sys-tems and applications. State Modeling catalogs the state and settings associated with an application anddefine the scope and type for each. State may be associated with the computer or the user, it may be tem-porary or permanent, and it might be user data or operational parameters. Having a strict association ofevery state entity with a scope and category allows the administrator flexibility in deployment and pro-vides a powerful tool for control. It means an administrator can separately store user data, migrate auser easily from one computer to another, and replicate computer configuration across a data center.
In an early adoption of State Modeling, MOM 2005 management packs provide administrators Healthand State information from new views within the MOM Operator Console. In addition to alert viewsfound in other management applications, the State Monitoring view provides MOM operators with aquick overview of server health. Each computer shown in the state monitoring view receives a ratingin critical categories. The rated categories include memory and operating system as well as specificapplication categories, such as Active Directory, SQL Server, and Exchange Server. The operator canexpand a particular category to view server status displayed in subcategories, as shown in Figure 1-2.
5
The Basics of Operations Management
04_589636 ch01.qxp 4/13/06 6:44 PM Page 5
-
Figure 1-2
MOM 2005 provides users with a variety of topological views that show the automatic discovery ofnodes and relationships. With topological views, IT administrators can view node status, navigate toother views, and launch context-sensitive actions. This can reduce resolution time for complex problemsfrom hours to minutes, significantly reducing cost and improving service levels. For example, whensomething happens to an application such as Active Directory, it turns red on the diagram. By double-clicking on the red application, a more detailed diagram opens showing one or more trouble spots inred. The operator can continue drilling down in detail until he or she uncovers the cause. The MOM console tasks and prescriptive guidance are then available to help resolve the issue. Diagram views areshown in Figure 1-3.
6
Chapter 1
04_589636 ch01.qxp 4/13/06 6:44 PM Page 6
-
Figure 1-3
Moving Toward the Future:Dynamic Systems Initiative
Knowledge is a key component for systems management. This includes knowledge of the deployed sys-tems, knowledge of the environment in which they operate, knowledge of a designer’s intent for thosesystems, and knowledge of IT policies. Specifically, knowledge may include the following:
❑ Developer constraints on settings of a component, including constraints on related systems thatthe component is hosted on or communicates with
❑ IT policy that further constrains settings or deployments
❑ Installation directives that describe how a system is to be installed
7
The Basics of Operations Management
04_589636 ch01.qxp 4/13/06 6:44 PM Page 7
-
❑ Health models that describe system states and the events or behavioral symptoms that indicatestate transitions
❑ Monitoring rules, ranging from polling frequency to event filtering and forwarding to diagnos-tic or corrective action in response to problems
❑ Schemas for instrumentation, settings, events, and actions
❑ Service-level agreements that define performance and availability
❑ Transaction flows and costs of processing steps for performance analysis
❑ Reports
As IT organizations have become more geographically dispersed and individual roles more specialized,IT professionals tend to operate in silos focused on their area of specialization. This makes it increasinglydifficult to communicate relevant system knowledge across the IT lifecycle. As a result, organizationsfind it very difficult to collaborate across roles, promote continuous improvement of a system’s designand operation, and conduct typical management tasks such as deployment, updating, and patching.
The silos that form across IT organizations interact with an application or system at some point duringits lifecycle. However, each silo possesses its own pocket of system-relevant knowledge that does not getcommunicated effectively to the rest of the organization.
Software models can be used to capture system-relevant knowledge and facilitate the communication andcollaboration around this knowledge that is required to improve the efficiency of the entire IT develop-ment, deployment, and support lifecycle. A software model provides a level of abstraction for administra-tors similar to what a blueprint provides to an architect or a prototype provides to a product designer. Butfor a dynamic and distributed software environment, a static model or blueprint is insufficient. The modelmust be a living organism and should evolve throughout the life of a system. Having the right tools forsystems management can help to keep these models current and enable users to have dynamic views ofthe system model based on an underlying operational system.
When a system is developed, basic rules and configurations are defined. As the system is deployed, thedetails of its configuration, environmental constraints, and requirements are added. As operational bestpractices are developed or enhanced, they can be incorporated into the model as well, providing a feed-back loop between the operations staff and the model. In the end, the model becomes a live, dynamicblueprint that captures knowledge about a complete distributed system in terms of its structure, behav-ior, and characteristics. The following benefits can be gained as a result of these models:
❑ The system model captures the entire system’s composition in terms of all interrelated softwareand hardware components.
❑ The system model captures knowledge as prescriptive configurations and best practices, allow-ing the effects of changes to the system to be tested before the changes are implemented.
❑ Tools that take advantage of the system model can capture and track the configuration state sothat administrators do not need to maintain it in their heads. The software maintains the desiredstate so that humans do not need to.
8
Chapter 1
04_589636 ch01.qxp 4/13/06 6:44 PM Page 8
-
❑ Administrators do not need to operate directly on real-world systems but rather can modelchanges before committing to them. In this way, “what if” scenarios can be tried without impactto a business.
❑ The system model becomes the point of coordination and consistency across administratorswho have separate but interdependent responsibilities.
The modeling system becomes the integrated platform for design and development tools that enablethe authoring of system models. It also becomes the platform for operational management and policy-driven tools used for capacity planning, deployment, configuration update, inventory control, and so on.
In Microsoft’s initial implementation of the Dynamic Systems Initiative, the System Definition Model(SDM) is a foundational component of dynamic systems. SDM is a model that is used to create definitionsof distributed systems. In this context, a distributed system is a set of related software and hardwareresources working together to accomplish a common function. Multi-tier applications, Web Services,Internet web sites supporting e-commerce, and enterprise data centers are examples of systems. UsingSDM, businesses can create a live blueprint of their systems. This blueprint can be created and manipu-lated with various software tools and is used to define system elements and capture data pertinent todevelopment, deployment, and operations so that the data becomes relevant across the entire IT lifecycle.
Today, an SDM can be defined using tools available with Visual Studio 2005. Going forward, SDM will bethe basis for design of system models, used to deploy systems based on the model defined and will be keptup-to-date by an SDM service that dynamically modifies the SDM to reflect the current state of operations.While the SDM will be incorporated into the Microsoft management solutions, third parties will also beable to develop solutions based on the SDM to extend the capabilities of these models and the tools thatconsume or produce them.
Several key capabilities of IT organizations and IT systems become possible when software models areused to capture all relevant system knowledge. Through the DSI efforts and SDM, Microsoft aims toenable innovation in its products and from its partners in four areas: Design for Operations, System-Level Management, Policy-Driven Operations, and Hardware Abstraction.
Design for OperationsWhen creating mission-critical software, software architects often find themselves communicating withtheir counterparts who specify data center and infrastructure architecture. In the process of delivering asolution, an application’s logical design is often found to be at odds with the actual capabilities of thedeployment environment. Typically, this communication breakdown results in lost productivity asdevelopers and operations managers reconcile an application’s capabilities with a data center’s realities.
With new model-based development tools, such as Visual Studio Team System, these differences are miti-gated by offering a logical infrastructure designer that will enable operations managers to specify theirdeployment environment and architects to verify that their application will work within the specifieddeployment constraints. These tools use software models to capture the knowledge of a designer’s intent,knowledge of an operational environment, and knowledge of IT governing policies to ensure IT systemsare designed with operations and manageability in mind from the start. The models described can be builtusing Visual Studio 2005 and then consumed by Microsoft management tools and any other third-partytools that are built to consume the models, which are based on an open specification.
9
The Basics of Operations Management
04_589636 ch01.qxp 4/13/06 6:44 PM Page 9
-
System-Level ManagementModels can capture the entire structure of an application, including all the underlying and interrelatedsoftware and hardware resources. Management tools, such as future versions of MOM, will use thosemodels to provide a system-level view of the health and performance of that application, enablingadministrators to understand the impact of changes or errors in the system and to manage the applica-tion more effectively.
This system-wide view will enable future versions of management tools, such as MOM, to performrobust health monitoring and problem solving, as well as end-to-end performance and service-levelmanagement.
Policy-Driven OperationsModels can also capture policies tied to IT and corporate governance, such as Sarbanes-Oxley compli-ance or basic security standards and operating system versioning. Management tools, such as future versions of Microsoft SMS, will use these models for desired-state management.
By comparing the model of the real-world state with the model of the compliance definition, manage-ment tools can make systems compliant before allowing them access to corporate resources.
Hardware AbstractionSoftware models can capture an entire system’s composition in terms of all interrelated software andhardware components. As a result, a system will contain a specific description of the hardware require-ments of the environment into which it will be deployed.
This knowledge will enable new resource management technologies, such as Microsoft Virtual Server, tointerpret these hardware requirements and to be used by management tools to ease the initial provision-ing, ongoing change, or removal of hardware from an application based on changing business needs.
Management StrategiesMicrosoft’s strategy for delivering the Dynamic Systems Initiative is to leverage and extend existing man-agement solutions to take advantage of the model-based approach to systems management. Visual Studio2005 Team System and MOM 2005 with management packs are great examples of products that deliver onthe DSI vision today. With these investments and those planned for the future in products such as SMSand other System Center products, the Dynamic Systems Initiative clearly signals Microsoft’s long-termcommitment to reducing complexity across the IT lifecycle and making it possible for IT professionals todeliver greater value to their businesses.
Looking toward the future, Microsoft is working to develop products and enable solutions that willunleash the potential of SDM to simplify and automate information technology. Microsoft will bothdeliver and enable a new breed of application development tools that make it easier for companies toleverage the Design for Operations methodology. Windows and supporting applications and serviceswill evolve to manage distributed resources across a data center, provide users with dynamic system-level views of their environments, and offer new core services targeted at simplifying the deployment
10
Chapter 1
04_589636 ch01.qxp 4/13/06 6:44 PM Page 10