twitter
facebook 
| More Polished Operations Manager Nearing Completion |
| Jun. 7, 2004 |
The next version of Microsoft Operations Manager (MOM), software for centrally monitoring and managing the health of servers, will be more scalable and secure and will include a new console, reporting system, and management packs. Slated for release in summer 2004, MOM 2005 will also be available in a cheaper scaled-down version for smaller businesses. Since MOM 2005's architecture hasn't changed much, upgrading MOM 2000 systems should be relatively painless. However, although MOM 2005 will require less initial tuning and tweaking to begin getting useful information, using it still requires considerable skill and system knowledge. Monitoring remains an important technology for minimizing downtime for critical systems, and MOM is Microsoft's primary product for monitoring Windows servers. (Readers unfamiliar with basic system monitoring concepts should see the sidebar "The Need for Monitoring". Readers unfamiliar with MOM should see the sidebar "MOM Overview".) MOM 2005 will also be one of the core components of System Center 2005, a new monitoring and systems-configuration product that also includes Systems Management Server (SMS) 2003. System Center is due by the end of 2004. MOM Key to Microsoft’s Management Initiative Systems management is becoming a major priority at Microsoft, and the company has a long-term strategy—the Dynamic Systems Initiative (DSI)—that calls for manageability to be designed into application and system components even before coding begins. This manageability involves two parts: Instrumentation. Just as an airplane has various instruments that tell the pilot information such as location, altitude, attitude, and engine measurements, software developers can "instrument" their OS components and applications to expose important events and performance information. Knowledge. Taking the airplane analogy a bit further, to build an autopilot capable of replacing a pilot, instrumentation is just the starting point. Such an autopilot would have to capture the same flying knowledge learned by pilots and use it together with instrument readings and air traffic control communications in order to fly the plane safely. Similarly, if software developers want their systems to be able to manage themselves, they need to somehow supply the operational "knowledge" needed to make the system run itself properly in a distributed environment and correctly identify problems that require human assistance. Although it will take some years before specialized management knowledge will be encoded in standard OS and application components, Microsoft is asking developers and IT pros to start capturing management knowledge today in the form of MOM Management Packs—sets of rules and scripts that define healthy behavior—that ship with rather than within the applications themselves. Even as the concept of built-in operational knowledge develops, DSI will still require centralized management tools to watch and manage these components, and these future products will be outgrowths of today’s MOM and SMS servers. (For a review of the overall management roadmap, see "More Integration on Management Roadmap" on page 11 of the May 2004 Update.) Microsoft describes MOM 2005 as an early step on the DSI path for two key reasons: Rewritten management packs. MOM 2005’s management packs have been rewritten in accordance with DSI design guidelines spelled out in a PDC 2003 white paper entitled "Design for Operations: Building Health, Task, and State Models." It provides some early guidance on how to capture and use management knowledge more systematically. Establishing MOM as a standard. By increasing MOM’s flexibility to manage third-party and custom applications—even on non-Windows platforms—and by introducing a lower-cost version of MOM for smaller companies, Microsoft hopes to build an installed base large enough to get ever-increasing attention to management by developers. Establishing this cycle is important to the success of the company’s DSI strategy, as Microsoft must ensure that its manageability interfaces and tools become de facto standards present on most corporate Windows environments. Microsoft believes that many Windows ISVs are already planning to establish MOM as a monitoring standard for their server-based applications, if for no other reason than that better application monitoring can reduce ISVs’ support loads. What’s New in MOM 2005? The basic architecture and agent-server communication protocol of MOM 2005 have not undergone radical changes, allowing for backward compatibility with existing MOM 2000 management packs and letting MOM-managed servers be upgraded gradually. However, MOM 2005 is a significant improvement over its predecessor. Highlights include improvements to scalability and security, a new operator’s console, new management packs, a new reporting system, and the ability to monitor systems even when no agent is installed. More Scalable, Secure Microsoft took pains to make MOM 2005 appropriate for both very small and very large environments and reduced its vulnerability to certain types of attacks. Some of the main improvements include the following: Increased capacity. MOM 2005 nearly doubles the maximum number of managed servers—from 2,000 in MOM 2000 Service Pack 1 (SP1) to 3,500—that a single MOM management database can support. (Note: Each MOM management server can manage a maximum of 1,200 servers, but multiple MOM servers can feed a single SQL Server-based management database.) Organizations with more than 3,500 servers can create a tiered architecture that forwards alerts from "child" MOM servers up to a "master" MOM server that can track up to 35,000 managed servers. Agent improvements. MOM 2005 agents can now discover manageable components or applications (such as an instance of SQL Server) and send this information back to the MOM server. This is an improvement over MOM's previous method of discovering manageable components, in which the MOM server scanned the managed server using Distributed Component Object Model (DCOM) remote procedure calls (RPCs). Because it used DCOM, discovery of servers on the outside of a firewall could not easily be done without opening up security holes in the firewall. MOM 2005 agents also take advantage of Active Directory (AD) and Kerberos to perform mutual authentication with the management server. This helps prevent certain types of spoofing attacks and provides a mechanism for data encryption, thereby hiding management data from eavesdropping and providing protection from tampering. New Operator’s Console The current product, MOM 2000, comes with a unified MMC-based console for both administration and operations, which is not optimal for either role. In MOM 2005, the administration console is still MMC-based but has been simplified for administration tasks only, such as configuring individual rules or creating grouping criteria for servers so that they can be managed using a single rule set. MOM 2005 includes a new operator's console that provides a single-window, multipane user interface that in some ways resembles Outlook 2003. (See the illustration "New Operator’s Console".) Microsoft designed this console for use by front-line operations center personnel who need to respond to alerts, perform initial diagnostics, and possibly take corrective action. Highlights of the new console include the following: State view. The MOM 2005 operator’s console can display a matrix showing the health state of each "role" on each managed server ("roles" are related groups of services that perform a major function, such as AD domain controllers, domain name system [DNS] services, Exchange servers, Internet Information Services [IIS], and the basic OS functions). The color of each grid point indicates its health, and operators can click on failed or warning indicators to see what alerts are causing the problem. This view can list all servers or filter on various server properties. The State view is available when used in conjunction with MOM 2005 management packs only. A more traditional alert-centric view is also available. Topology diagram view. MOM 2005 has the ability to discover logical relationships between monitored servers (sometimes called a network topology) and display them in a Visio-like diagram on the new operator’s console. For example, it can show the organization’s AD topology or Exchange server topology. In this view, each computer icon contains a warning flag if it is not healthy, and operators can drill down to see the alerts and corresponding events that caused the flag to appear. Task launcher. In conjunction with MOM 2005 management packs, the new console provides an easy way to perform context-sensitive tasks that help an operator investigate problems. By highlighting a server and then clicking on a listed task, operators can launch other local and remote administration tools, such as opening the Windows event viewer, or they can run diagnostic programs or scripts, such as one that pings a server to see whether it is still responding on the network. Server maintenance mode. The new console can put servers in maintenance mode, which automatically suppresses alerts when services or whole servers are taken down for repair or planned maintenance. Like its predecessor, MOM 2005 also includes a read-only Web-based console that is useful for interested parties, such as corporate application developers who need to keep an eye on the health of their production applications or managers who need to occasionally monitor the health of one or more servers. New Management Packs The MOM server and agents provide the core monitoring infrastructure, but the MOM management packs (MPs) provide the application and OS knowledge needed to make a MOM system useful. Although it’s possible to create rules and scripts from scratch, this requires deep product understanding and a substantial amount of work. For commercial applications and OS components, customers want prewritten MPs that work out of the box with minimal extra configuration and that generate few incorrect or false-positive alerts. In keeping with its strategic DSI vision, Microsoft is placing considerable emphasis on getting each of its own and third-party application owners to take responsibility for encoding knowledge into MPs for its own products. This not only helps change the mindset of application owners to create operationally aware applications but also creates a large knowledge base for integration into products once some of the more advanced ideas of DSI become reality. Although the MOM 2000 MPs were a step in the right direction compared with competitive products, MOM 2000 still required substantial tweaking and tuning before it became useful. Microsoft’s design goal is that every alert that MOM generates should be "actionable"—that is, either an operator should have to do something, such as issue a trouble ticket or a change order, or MOM itself should take some automated response, such as restarting a service. The MOM 2005 MPs have been redesigned to be more intelligent and produce far fewer non-actionable alerts, which reduces operational costs and makes operators pay closer attention to the alerts it does produce. However, although the "signal to noise" ratios of MOM 2005 MPs are much better than their MOM 2000 predecessors, the beta 2 version of MOM 2005 still generates a fair number of non-actionable alerts. While the number of these should be lower in the released product, some of this results from a design limitation: because MOM is unable to discover enough about the specific needs, interdependencies, and operational roles of each software and hardware component to make a fully informed decision, it must err on the side of issuing a non-actionable alert rather than risk not issuing one at all and having a needed service remain potentially unhealthy. This problem cannot truly be solved until future DSI technology that defines the aforementioned requirements, called the System Definition Model (SDM), is built into the monitored software and hardware. Fortunately, MOM 2005 has a new override feature for configuring exceptions for specific servers without affecting the rule parameters for a whole server group or role. MOM 2005 comes standard with MPs for the Windows OS services and several Microsoft server applications, such as SQL Server and Exchange, and many more will be downloadable from Microsoft once MOM 2005 ships. (For planned MPs, see the chart "MOM 2005 Management Packs from Microsoft" and the chart "Third-Party Management Packs".) Developers who want to develop MOM 2005 MPs for their applications or hardware will be able to download a free SDK once MOM 2005 ships. New Data Warehouse and Reporting System MOM 2005 includes a new reporting system built on SQL Server Reporting Services. MOM uses reports to present historical health and performance information to administrators, application developers, and managers. The new reporting system replaces the Microsoft Access-based reports in MOM 2000 and provides many advantages, including the following:
Unlike MOM 2000, which created reports from MOM’s live production database, the MOM 2005 reporting engine is based on an integrated but separate data repository specifically designed to store historical performance data. Using data warehousing concepts, MOM 2005 automatically moves a subset of the collected data into the warehouse and grooms it according to configurable criteria. This allows MOM to retain important data long enough to track long-term trends without letting the main MOM database become bloated with outdated data. Prebuilt reports are bundled with the MPs, and MOM 2005 comes standard with over 100 customizable reports. However, while Microsoft has reimplemented all the MOM 2000 Access-based reports in its range of MOM 2005 MPs, the reports bundled with older MOM 2000 MPs will not work on MOM 2005 (although the old MPs will continue to work fine in all other respects). Agentless Monitoring To get the full monitoring capability of MOM, an agent must be installed on each monitored server. However, the MOM agent requires Windows 2000 Server or higher. Fortunately, MOM provides a means to monitor Windows servers that don’t meet this requirement (such as Windows NT 4.0 servers) or when installing the agent is undesirable—for example, when application vendors won’t support installations unless they are configured exactly to their specifications, or when other departments won’t permit central IT departments to run agents on their servers. MOM 2005 supports "agentless" monitoring using periodic DCOM RPC calls from the MOM server to the managed server(s) in question. However, agentless monitoring has limitations: it can only monitor basic health indicators, it cannot monitor applications that write to text logs rather than the Windows event log, it cannot securely monitor systems on the other side of firewalls, and it imposes a much higher load on the MOM server and network. (Microsoft currently recommends that a MOM Server monitor a maximum of 60 servers using this method.) Improved Integration Microsoft introduced the MOM Connector Framework (MCF), a technology for integrating MOM with third-party management platforms, in a feature pack following the release of MOM 2000 SP1. MCF enables uni- and bidirectional alert forwarding and synchronization, thereby making it possible to view alerts from a variety of heterogeneous systems, such as Linux servers or Cisco routers, on a unified console. Although MOM 2000 could theoretically receive alerts forwarded from other management systems, such as HP OpenView or CA Unicenter, MOM 2000’s lack of a true operator’s console made this impractical. Most customers use the MCF to send MOM alerts to other management systems and to integrate it with help desk and trouble-ticketing applications so that operators can open tickets from a MOM alert and close the alert from within the ticketing application when the work has been completed. The MCF technology comprises two distinct components: the MOM Connector Framework Web service API, which provides a generalized abstraction of the MOM alerting infrastructure, and one or more product connectors, which map the Web service to the specific APIs of each management system. An SDK was also released for creating these connectors, and some vendors have used it to create commercial connectors for other management products, such as Aprisma’s Spectrum, HP OpenView, and IBM’s Tivoli. (For a list of planned connectors, see the chart "Manager-to-Manager Connectors".) MOM 2005 has an improved version of the MCF built into it, and because of its new operator’s console, MOM can function in highly Windows-centric environments as a "master console" (sometimes referred to as a "manager of managers") and collect alerts from other monitoring systems. MOM "Express" Lowers the Bar Although smaller companies (or their service providers) also need to know the health status of their systems, the cost and complexity of MOM 2000 effectively kept it out of the low end of the market. With MOM 2005, Microsoft will offer a simpler, less expensive new version, tentatively named MOM 2005 Express, which targets this market. MOM Express is essentially the full version of MOM 2005 minus the reporting service, data warehouse, and MCF. Like the full version, it requires a SQL Server-based database, but it can use the free, albeit limited-capacity, MSDE database. However, MOM Express can be installed on only a single management server and can manage only a limited number of servers. (As of press time, Microsoft had not yet set the exact number, but it anticipates it will be around 10.) MOM Express is also easier to install than the full version. MOM Express comes with the same MPs as its bigger sibling. Thanks to design improvements to the MOM 2005 MPs that generate substantially fewer false alerts out of the box, Microsoft feels that small businesses will not be frightened off by its complexity. However, to fine-tune the system and respond to problems, MOM Express will still require someone who understands the alerts and the events that triggered them; it is by no means an end-user tool. What’s Missing? Because MOM is an evolution of a product that began nearly a decade ago (SeNTry, initially developed by Serverware and subsequently purchased by Mission Critical Software, then NetIQ, then Microsoft), it is a solid, mature product that performs and scales well in the Windows environment. However, even with the improvements in MOM 2005, it can be a daunting product to learn and exploit fully. Part of the reason is that management and monitoring is still a bolt-on technology. Until OS and application-level requirements and dependencies are baked in as part of the DSI, it is impossible for MP writers to make design assumptions that cover all likely system configurations and states. Furthermore, although MOM 2005 does a good job of consolidating multiple alerts, it can still send a flood of different alerts all related to one root cause—reliable identification of root causes will have to wait for future versions that harness more DSI technology. MOM 2005 has several other notable limitations: Currently no Web site or Web services MP. Although MOM has an MP for monitoring IIS, it only monitors basic IIS services, not Web applications (a capability that other products, such as Tealeaf’s RealiTea Web monitoring product, offer) or Web services. Such a management pack would require application-specific knowledge. Microsoft is working on a generic MP for monitoring Web sites and services that can be a starting point for building specific custom MPs for Web applications. Although the MP will include wizards that help customers customize it, developers must still create synthetic transactions that prove the site and its dependent components, such as back-end databases, are working properly. This MP will be available for download shortly after MOM 2005 ships. Actional and NetIQ also currently offer MOM 2000 MPs for monitoring Web services, and it’s very likely they will upgrade those products to support new MOM 2005 capabilities. No non-Windows agents. MOM 2005 still does not provide native agents for non-Windows computers, such as Linux/Unix servers or mainframes, or network devices such as routers. Although many of these systems, especially Linux, are covered by MCF-compatible monitoring systems from companies such as eXc Software, MetiLinx, and NetIQ, these solutions involve additional cost and complexity. Sparse MP coverage for mission-critical applications. Although Microsoft provides MPs for all its major server applications, and third parties provide MOM MPs for applications such as Oracle database engines, most third-party MPs are for monitoring infrastructure components (e.g., OS components or utility software such as backup services). There is still a dearth of off-the-shelf MPs for monitoring big business-critical applications, such as enterprise resource planning applications from SAP and Peoplesoft, customer relationship management (CRM) applications from Siebel, and supply chain management software. Even Microsoft’s Business Solutions products (Great Plains, Axapta, Navision) do not include MPs. Microsoft believes that this situation will begin to improve once MOM 2005 ships, and Siebel has already announced its intention to create a MOM MP for the Siebel 7.7 CRM product. Microsoft claims that many more vendors have plans to announce MPs once MOM 2005 ships. Availability and Resources MOM 2005 and MOM 2005 Express are due in fall 2004. Microsoft has yet to announce pricing and licensing information, but it’s likely the full version will be similar to that of the current MOM 2000 product, which costs US$349 per CPU of each managed server. The MOM 2005 management server requires Windows Server 2000 (or higher) and MOM requires access to a SQL Server 2000 database (MOM Express may use MSDE). The new operator's console can run on any Windows 2000 or later system with the .NET Framework installed. More information and the MOM 2005 Beta 3 software can be found at www.microsoft.com/mom/evaluation/future/mom2005.asp. A catalog of current Microsoft and third-party MOM MP and product connectors is available at www.microsoft.com/management/mma/catalog.aspx. Most of these MPs will issue updates for MOM 2005 when it ships, and it’s likely even more products and companies will be offered. Microsoft’s "Design for Operations" white paper can be found at www.microsoft.com/windowsserver2003/techinfo/overview/designops.mspx. For more background information on why Microsoft invested in MOM, see "Operations Manager Provides Crucial Infrastructure Support" on page 3 of the Sept. 2001 Update. |
