Category Archives: Log Analytics

OMS and System Center: What's New in April 2018

Microsoft announces constantly news about Operations Management Suite (OMS) and System Center. Our community releases this summary monthly, allowing you to have a general overview of the main new features of the month, in order to stay up to date on these arguments and have the necessary references to conduct any insights.

Operations Management Suite (OMS)

Log Analytics

Microsoft has decided to extend the Alerts in Log Analytics from OMS to the Azure Portal, centralizing on Azure Monitor. This process will be done automatically starting from 14 May 2018 (the date has been postponed, Initially it was planned for 23 April), will not result in any change to the configuration of Alerts and related queries, and it does not foresee any downtime for its implementation. For further details please consult the specific article “The extension of Log Analytics Alerts in Azure Monitor“.

Figure 1 – Notification of alerts extension in the OMS portal

To avoid situations where, the resources managed in Log Analytics may send in an unexpected way a high volume of data to the OMS Workspace, is introduced the ability to set a Daily Volume cap. This allows you to limit the data ingestion for your workspace. You can configure the Data volume cap in all regions, accessing to the section Usage and estimated costs:

Figure 2 – Setting the Daily volume cap

The portal also shows the trend of the volume of data in the last 31 days and the total volume of data, grouped by solution:

Figure 3 – Data ingestion for solution (latest 31 days and total)

Log Search API usage, used by the old Log Analytics query language, has been deprecated since 30 April 2018. The Log Search API has been replaced with theAzure Log Analytics REST API, which supports the new query language and introduces greater scalability than the results you can return. For more details on this you can consult theofficial announcement.

Agent

This month the new version ofOMS agent for Linux systems resolves a significant number of bugs and introduces new versions of the various components. It also introduced support for Debian 9, AWS 2017 and Open SSL 1.1. To obtain the updated version of the OMS agent you can access to the official GitHub page OMS Agent for Linux Patch v 1.6.0-42.

Figure 4 – Bug fixes and what's new for the OMS agent for Linux

Azure Backup

As for Azure Backup, have been announced the following improvements in service scalability:

  • Ability to create up to 500 recovery services vaults in every subscription for region (previously the limit was 25).
  • The number of virtual machines that can be registered in each vault is increased to 1000 (it was previously 200).

Azure Backup, for the protection of Azure Iaas VM, now supports the storage account secured using storage firewalls and Virtual Networks. More details about this can be found on Microsoft's official blog.

Figure 5 - Protection of Azure Iaas VM in storage protected scenarios

There are different rules to enable the long-term backup for Azure SQL Database . The procedure, to keep the backup of Azure SQL DB up to 10 years, expected saving in an Azure Recovery Vault Service. By introducing this new feature, you have the option to keep the long-term backup directly within an Azure Blob Storage and will terminate the need for a Recovery Vault Service. All this gives you more flexibility and greater control of costs. For more details about it you can see the article SQL Database: Long-term backup retention preview includes major updates.

System Center

System Center Configuration Manager

For System Center Configuration Manager has been released the version 1804 for the Technical Preview branch. In addition to general improvements in the solution this update introduce new features concerning the OSD, the Software Center and the Configuration Manager infrastructure. All the new features included in this update can be found in the article Update 1804 for Configuration Manager Technical Preview Branch. Please note that the releases in the Technical Preview Branch help you evaluate the new features of SCCM and it is recommended to apply these updates only in test environments.

System Center Operations Manager

Microsoft has released theUpdate Rollup 5 (UR5) for System Center 2016 Long-Term Servicing Channel (LTSC). This update does not introduce new features, but fixes several bugs.

Following, are the references, about this update, for each System Center product:

There are no updates regarding Service Provider Foundation.

System Center Operations Manager 1801 introduces support for Kerberos authentication when the protocol WS-Management is used from the management server for the communication with UNIX and Linux systems. This allows you to have a higher level of security, eliminating the need to enable basic authentication for Windows Remote Management (WinRM).

Also in System Center Operations Manager 1801 introduces the following improvements on the management of the Linux log file monitor:

  • Support for Wild Card characters in the name and path of the log file.
  • Support for new match patterns that allow customized searches of log.
  • Support for pluging Fluentd published by fluentd community.

Below there are the news concerning the Management Pack of SCOM:

  • MP for Windows Server Operating System 2016 and 1709 Plus 10.0.19.0
  • MP for SQL Server 2008-2012 7.0.4.0
  • MP for SQL Server 2014 7.0.4.0
  • MP for SQL Server 2016 7.0.4.0
  • MP for Microsoft SQL Azure Database 7.0.4.0
  • MP for SQL Server Dashboards 7.0.4.0
  • MP for UNIX and Linux 7.6.1085.0

Evaluation of OMS and System Center

Please remember that in order to test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

To test the various components of System Center 2016 you can access theEvaluation Center and after the registration you can start the trial period.

The extension of Log Analytics Alerts in Azure Monitor

Being able to take advantage of a centralized and effective service for the management of Alerts of your infrastructure is definitely an important and fundamental part of the monitor strategy. For this purpose Microsoft has introduced a new experience in the management of the Alerts through Azure Monitor. This article will present how to evolve the management of Alerts in Log Analytics and what are the benefits introduced by this change.

In Log Analytics there is the ability to generate Alerts when, in the research that is done with scheduled frequency in the OMS repository, you will get the results that match with the criteria established. When an Alert is generated in Log Analytics you can configure the following actions:

  • Email notification.
  • Invocation of a webhook.
  • Running a runbook of Azure Automation.
  • IT Service Management activities (requires the presence of the connector for the ITSM solution).

Figure 1 – Alerts in Log Analytics

Until now, this type of configuration has been managed from the OMS portal.

Azure Monitor is a service that allows you to monitor all Azure borne resources, and it holds the "alerting" engine for the entire cloud platform. By accessing the service from the Azure portal you will have available, in a unique location, all Alerts of your infrastructure, from Azure Monitor, Log Analytics, and Application Insights. You can then take advantage of a unified experience both with regard to the consultation of the Alerts that for its authoring.

At present the Alerts created in Log Analytics are already listed in the Azure Monitor dashboard, but any change involves accessing to the OMS portal. To facilitate this management Microsoft has therefore decided to extend the Alerts in Log Analytics from the OMS portal to the Azure Portal. This process will be done automatically starting from 23 April 2018, will not result in any change to the configuration of Alerts and related queries, and it does not foresee any downtime for its implementation.

It follows that, after this operation, any actions associated with the Alerts will be made through Action Groups, which will be created automatically by the extension process.

The extension of Log Analytics Alerts in the Azure Portal, besides the advantage of being able to manage them from a single portal, allows you to take advantage of the following benefits:

  • There is no longer the limit of 250 Alerts.
  • You have the ability to manage, enumerate and display not only the Alerts of Log Analytics, but also those from other sources.
  • You have greater flexibility in the actions that can be undertaken against a Alerts, thanks to the use of Action Groups, such as the ability to send SMS or voice call.

If you don't want to wait for the automatic process you can force the migration via API or from the portal OMS, according to the steps later documented:

Figure 2 - Starting the "Extend into Azure" process from the OMS portal

Figure 3 – Step 1: view the details of the extension process.

Figure 4 – Step 2: summary of the proposed changes

Figure 5 – Step 3: confirmation of the extension process

Specifying an email address you can be notified at the end of the migration process, that contains the summary report.

Figure 6 - Notification of the planned extension of the Alerts

During the process of extension of Log Analytics Alerts on Azure you will not be able to make changes to existing and creating new Alerts Alerts shall be made from Azure Monitor.

At the end of the extension process the Alerts will be visible even from the OMS portal and you will receive notification via email, to the address specified during the migration wizard:

Figure 7 – Email notification at the end of the extension process

From the Azure portal, in the section “Monitor – Alerts”, you will have a full management of Log Analytics Alerts:

Figure 8 - Example of modifying an Alert Rule from the Azure Monitor

The extension of the Alerts of Log Analytics in Azure Monitor does not involve costs, but you should be aware that, the use of Azure Alerts generated by Log Analytics query, is not subject to billing only if it falls within the limits and under the conditions reported in the page of Azure Monitor costs.

Conclusions

Thanks to this activity of extension of Log Analytics Alerts, Azure Monitor is confirmed that it is the new management engine of all Alerts, by providing to the administrators a simple and intuitive interface and enriching the possible actions of a notification alert.

How to monitor network activities in Azure with Traffic Analytics

Worldwide cloud networks have substantial differences compared to those in the on-premises, but they are united by the need to be constantly monitored, managed and analyzed. All this is important for to know them better, in order to protect them and optimize them. Microsoft introduced in Azure the solution called Traffic Analytics, fully cloud-based, allowing you to have an overall visibility on network activities that are undertaken in the cloud environment. This article analyzes the characteristics of the solution and explains how you can turn it.

Operating principles of the solution

In Azure to allow or deny network communication to the resources connected with Azure Virtual Networks (vNet) it uses the Network Security Group (NSG), containing a list of access rules. The NSGs are applied to network interfaces connected to the virtual machines, or directly to the subnet. The platform uses NSG flow logs to maintain the visibility of inbound and outbound network traffic from the Network Security Group. Traffic Analytics is based on the analysis of NSG flow logs and after an appropriate aggregation of data, inserting the necessary intelligence concerning security, topology and geographic map, can provide detailed information about the network traffic of your Azure cloud environment.

Figure 1 – Data flow of Traffic Analytics

Solution functionality

Using Traffic Analytics you can do the following:

  • View network activities cross Azure subscriptions and identify hotspots.
  • Intercept potential network security threats, in order to take the right remedial actions. This is made possible thanks to the information provided by the solution: which ports are open, what applications attempt to access to Internet and which virtual machines connect to unauthorized networks.
  • Understand network flows between different Azure regions and Internet, in order to optimize their deployment for network performance and capacity.
  • Identify incorrect network configurations that lead to having incorrect communication attempts.

How to enable the solution

In order to analyze the network traffic you must have a Network Watcher in every region where there are the NSGs for which you intend to analyze traffic. The Network Watcher is a regional service, which makes it possible to monitor and diagnose the networking of Azure. Enabling Network Watcher can be made by Azure Portal, using Powershell or via REST API. By creating it from the portal it is not possible to determine the name of the Network Watcher and its Resource Group, but is assigned a default name in both entities.

Figure 2 – Enabling Network Watcher from the portal

Figure 3 – Enabling Network Watcher using PowerShell

As this is a preview service in order to use it you need to redo the registration of the network resource provider on the Azure subscription interested. You must also register the provider Azure Insights.

Figure 4 - Registration of the providers through PowerShell

In order to enable the collection of NSG Flow Logs you must have a storage account on which to store them. You must also have a workspace OMS Log Analytics on which Traffic Analytics will consolidate the aggregated and indexed data. The information present in Log Analytics will then be used to generate the analysis.

First configuration step of the NSG flow logs settings:

Figure 5 - Selection of the NSGs on which enable the collection of flow logs

Choice of storage account and workspace OMS Log Analytics for each NSGs:

Figure 6 – Enabling the collection of NSG flow logs and consolidation in OMS Log Analytics

The steps above must be repeated for each NSG for which you want to enable Traffic Analytics.

Figure 7 – List of NSGs with settings enabled

Within a few minutes from enabling, time necessary to obtain a quantity of sufficiently indicative aggregated data, its dashboard is populated with the information of Traffic Analytics.

Figure 8 – Traffic Analytics Dashboard

From the dashboard of Traffic Analytics information is readily available such as: hosts with a high level of communication, the most widely used application protocols, the communications that occur more frequently and the flows relating to network traffic in the cloud.

Selecting the section of interest is shown the query of Log Analytics that extrapolates the data:

Figure 9 - Sample query of Log Analytics showing the allowed malicious traffic

For a complete overview of the possible scenarios for using Traffic Analytics you can see this Microsoft's document.

Conclusions

Traffic Analytics is a new feature, currently in preview, introduced in Azure. It is an effective and easy-to-use tool that helps you keep track of the status of your network in Azure reporting very useful data, as who and where are connected, which ports are exposed to the internet, which network traffic is generated and more. This information is critical for detecting anomalies and make appropriate corrective actions. All operations that are difficult to achieve without this fully integrated tool in the platform.

OMS and System Center: What's New in February 2018

The month of February was full of news and there are different updates that affected Operations Management Suite (OMS) and System Center. This article summarizes in concise terms to have a global vision and it contains the necessary references to learn more about it.

Operations Management Suite (OMS)

Log Analytics

Everyone who uses Azure ExpressRoute will be glad to know that you can now monitor it by using the Network Performance Monitor (NPM). This feature has been in previews for a few months and has now passed in the state of general availability. Among the features of this monitor solution we find:

  • Ability to view interactively, using the topology view of NPM, the various components (network on-premises, circuit provider edge, circuit ExpressRoute, edge Microsoft, and the Azure VMs) and latency measured in each hop. This allows you to easily identify any performance issues in connectivity and quickly locate the problematic segment of communication.
  • Ability to view the bandwidth usage of primary and secondary ExpressRoute circuit . Thanks to drill-down is also possible to intercept the bandwidth usage for each vNet connected to the ExpressRoute circuit.
  • Ability to create queries and custom views thanks to the fact that all details of the solution are available in the repository of Log Analytics and therefore you can use the native search functionality and correlation to suit your needs.
  • Ability to diagnose various problems of connectivity present in ExpressRoute circuit .

Figure 1 – Azure ExpressRoute Monitoring

For more information about how to configure the ExpressRoute monitor with NPM please visit the Microsoft's official documentation.

Also in Network Performance Monitor (NPM) was introduced the Service Endpoint Monitor with the integration into the monitor and into the performance of your application also of the performance end-to-end of the network. This feature allows you to create different types of tests (HTTP, HTTPS, TCP and ICMP), that must be carried out in key points of the network infrastructure, so you can quickly identify whether the problem encountered is related to the network or is related to the application. Through the use of the network topology map the problem and its nature is easily locatable. This is a feature in public preview whose characteristics are described in detail in this article.

Agent

This month the new version ofOMS agent for Linux systems fixes some bugs and also introduces an updated version of the components SCX and OMI. To obtain the updated version of the OMS agent you can access to the official GitHub page OMS Agent for Linux Patch v 1.4.4-210.

Figure 2 – Bug fixes and what's new for the OMS agent for Linux

Azure Backup

In this article is described how to build the solution of monitor in Log Analytics for Azure Backup. With this monitor solution, you can control the main aspects of Azure Backup as the backup and restore jobs, backup alert and use of cloud storage. You can do all cross Recovery Service vault and cross subscription, being able to take advantage of the features built into Log Analytics, such as the automated opening of ticket via webhooks or through integration with ITSM. It is a community solution, and each contributed is obviously welcome.

For Azure Backup was announced (in general availability) the possibility of creating consistent backups at the application layer for Linux virtual machines running on Azure. On Windows systems this is done using the VSS component, while for Linux VM it is made available one scripting framework through which you can run the pre-scripts and post-scripts to control the backup execution.

Figure 3 – Mechanism for realization of backup application consistent in VMs Linux on Azure

For more details on this you can consult theofficial announcement, while for more information about Linux virtual machine protection in Microsoft Azure, using Azure Backup, you can view the article: Azure Backup: the protection of Linux on Azure.

Azure Backup introduces the ability to protect natively Azure File Shares. This feature is currently in Public Preview and the main features are:

  • Chance, accessing Recovery Service vault, to make the discovery of storage acccount and detect files shares unprotected.
  • Large-scale protection: there is the possibility to back up multiple file shares contained in a storage account and apply a common security policy.
  • Instant and granular restore. The protection is based on file share snapshots and this allows you to quickly restore files selectively.
  • From the Azure portal you can explore the different restore point available to easily identify which files to restore.

Figure 4 – Backup of Azure File Shares

For further information you can consult theofficial announcement.

This month has been released a Mandatory Update for the Microsoft Azure Recovery Services agent (MARS). For all those who use Azure Backup you must install this update as soon as possible to avoid failures in backup and recovery tasks.

Azure Site Recovery

In Azure Site Recovery was made available a wait functionality, that allows to protect virtual machines having managed disk, in the replication scenario between different Azure regions, allowing greater flexibility for Disaster Recovery scenarios with systems in Azure.

Figure 5 – Enabling replication of a VM with Managed Disks

System Center

As announced in the last few months and as is already the case for the operating system and Configuration Manager, also the others System Center products, in particular, Operations Manager, Virtual Machine Manager, and Data Protection Manager will follow a release of updated versions every 6 months (semi-annual channel). This month there was the first release with the version 1801 of System Center.

Figure 6 – Summary of what's new in version 1801 of System Center

To know the details of what is new in this release, please consult the official announcement. Please remember that for belonging to the semi-annual channel support is guaranteed 18 months.

System Center Configuration Manager

Released the version 1802 for the branch Technical Preview of System Center Configuration Manager: Update 1802 for Configuration Manager Technical Preview Branch.

This release introduces a considerable number of innovations on different areas, including: OSD, Cloud Management Gateway, features of Windows 10 and Office 365, Software Center and Site Server High Availability.

Please note that the releases in the Technical Preview Branch help you evaluate the new features of SCCM and it is recommended to apply these updates only in test environments.

System Center Operations Manager

The feature called "Updates and Recommendations", introduced in SCOM 2016 for Management Packs from Microsoft, is useful to facilitate the process of discovery of appropriate MPs to monitor different workloads present in your infrastructure and keep them updated. This feature is enabled by well over 110 Microsoft workloads. Microsoft announced that it is extending this feature also for MPs produced and offered by third parties. In release 1801 of Operations Manager are currently covered MPs of the following external partners:

Figure 7 – Feature Updates and Recommendations with MPs of partners

As a result of the release of version 1801 of System Center were also made available the following new SCOM Management Packs:

System Center Service Manager

Released a new version of Service Manager Authoring Tool.

Evaluation of OMS and System Center

Please remember that in order to test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

To test the various components of System Center 2016 you can access theEvaluation Center and, after registering, you can start the trial period.

Everything you need to know about OMS Log Analytics workspaces

In order to use Log Analytics you must have a OMS workspace, which is the dedicated environment of Log Analytics within which we find the data repository and the different solutions. I this article will be considered the different aspects that you should evaluate about the Log Analytics workspaces.

What is a workspace?

A workspace of Log Analytics is nothing more than a container in Azure environment within which are collected, aggregated and analyzed data from different sources and collected by Log Analytics.

To create a workspace, you must have an Azure subscription. Starting from 26 September 2016 In fact, all the workspace must necessarily be connected to an Azure subscription at the time of creation. During the process of creating the workspace you will also give it a name, that is not currently possible to change post creation, and associate it with an existing Resource Group or create a specific one. Finally you are asked in what location create it and what licensing model adopt. In this regard, it is recalled that Log Analytics can be licensed according to the different modes that you can refer to this address.

Figure 1 – Creating a Log Analytics workspace

Figure 2 – Location currently available for creating a workspace

How many workspaces should be created?

Within each Azure subscription you can be created more workspaces. When you need to determine the appropriate number of workspaces to create you should consider the following factors:

  • Geographical data location. Geographically distributed companies may need to store data in specific regions to contemplate policies of sovereignty and for compliance reasons. Another aspect to consider may be the presence of other resources in the Azure environment that must report data in Log Analytics. In these scenarios, to avoid charges caused by outbound data transfer, it is good to keep, whenever possible, the resources and the OMS workspace in the same region.
  • Data Isolation. If you need to manage data in Log Analytics from different customers (for example Service Provider) or separate organizational units that must be kept isolated for several reasons you may want to create separate workspaces.
  • Billing flexibility. You are billed for the workspace so it can be useful, to keep distinct the billing costs and have greater visibility, create separate workspaces for different departments or for different business units.

When considering the number of Log Analytics workspaces that you must create you should keep in mind that if in your environment you have enabled theintegration between System Center Operations Manager and OMS Log Analytics you can connect each Operations Manager management group with only one workspace. The Microsoft Monitoring Agent may instead be configured directly to return the data that both towards Operations Manager towards different workspaces of Log Analytics.

Figure 3 – Configuration of the Microsoft Monitoring Agent to return data to multiple workspaces

How to perform queries across multiple Log Analytics workspaces

Thanks to the new language introduced in recent months in Log Analycts you can now perform queries across multiple Log Analytics workspaces to analyze and aggregate data included in separate workspaces. This type of query you can run it by logging in to the new Advanced Analytics Portal.

When creating queries, to refer to another workspace, you must use the expression workspace(). More details about you can consult them in Microsoft's official documentation.

Figure 4 – Sample query cross workspaces

How to migrate workspaces

The migration of an existing Log Analytics workspace to another Azure subscription can take place directly from Azure portal or by using the cmdlet powershell Move-AzureRmResource. There isn't the ability to migrate the data contained in a workspace to another Log Analytics workspace or change the region where the data resides.

Figure 5 – Select the change of the subscription

Figure 6 – Migrating a workspace to another Azure subscription

Depending on installed solutions might be necessary to repeat the installation of the same solutions post-migration.

Conclusions

When you decide to adopt Log Analytics is appropriate to conduct a detailed assessment to establish the more appropriate deployment design, passing first by the aspects addressed concerning workspaces. Certain choices made at the time of creation of the workspace can not be easily changed later and for this reason it is appropriate to carry them out in a targeted manner, following the deployment best practices, to perform a successful deployment of Log Analytics.

OMS and System Center: What's New in January 2018

The new year has begun with different ads from Microsoft regarding what's new in Operations Management Suite (OMS) and System Center. This article summarizes briefly with the necessary references in order to learn more about.

Operations Management Suite (OMS)

Log Analytics

The release of theIT Service Management Connector (ITSMC) for Azure provides a bi-directional integration between Azure monitoring tools and ITSMC solutions such as: ServiceNow, Provance, Cherwell, and System Center Service Manager. With this integration you can:

  • Create or update work-items (event, alert, incident) in ITSM solutions on the basis of alerts present in Azure (Activity Log Alerts, Near real-time metric alerts and Log Analytics alerts).
  • Consolidate in Azure Log Analytics data related to Incident and Change Request.

To configure this integration you can consult the Microsoft's official documentation.

Figure 1 – ITSM Connector dashboard of the Log Analytics solution

Agent

This month the new version ofOMS agent for Linux systems fixes important bugs also introducing an updated version of the components SCX and OMI. Given the large number of bug fixes included in this release the advice is to consider the adoption of this upgrade. To obtain the updated version of the OMS agent you can access to the official GitHub page OMS Agent for Linux Patch v 1.4.3-174.

Figure 2 – Bug fixes and what's new for the OMS agent for Linux

Azure Backup

During the process of creating virtual machines from Azure portal now there is the ability to enable the protection via Azure Backup:

Figure 3 – Enabling backup while creating a VM

This ability improves in a considerable way the experience of creation of the virtual machine from the Azure Portal.

Azure Site Recovery

Azure Site Recovery allows you to handle different scenarios to implement Disaster Recovery plans, including replication of VMware virtual machines to Azure. In this context the following important changes have been introduced:

  • Release of a template in the format Open Virtualization Format (OVF) to deploy the Configuration Server. This allows you to deploy the template in your virtualization infrastructure and have a system with all the necessary software already preinstalled, with the exception of MySQL Server 5.7.20 and VMware PowerCLI 6.0, to speed up the deployment and the registration to Recovery Service Vault of the Configuration Server.
  • Introduced in Configuration Server a web portal to drive the main configuration actions necessary such as proxy server settings, details and credentials to access the vCenter server and the management of the credentials to install or update the Mobility Service on virtual machines involved in the replication process.
  • Improved the experience for deploying the Mobility Service on virtual machines. Since the 9.13.xxxx.x version of the Configuration Server would be used VMware tools to install and update the Mobility Service on all VMware virtual machines protected. This means that you no longer need to open firewall ports for WMI and for File and Printer Sharing services on Windows systems, previously used to perform the push installation of the Mobility Service.

The monitoring features included natively in Azure Site Recovery have been greatly enriched for having a complete and immediate visibility. The Panel Overview of Recovery Service Vault is now structured, for the section Site Recovery, as follows:

Figure 4 – Azure Site Recovery dashboard

These the various sections, which are updated automatically every 10 minutes:

  1. Switch between Azure Backup and Azure Site Recovery dashboards
  2. Replicated Items
  3. Failover test success
  4. Configuration issues
  5. Error Summary
  6. Infrastructure view
  7. Recovery Plans
  8. Jobs

For more details on the various sections you can see the official documentation or view this short video.

Known Issues

Please note the following possible problem in the execution of backup of Linux VMs on Azure. The error code returned is UserErrorGuestAgentStatusUnavailable and you can follow this workaround to resolve the error condition.

System Center

System Center Configuration Manager

Released the version 1801 for the branch Technical Preview of System Center Configuration Manager: Update 1801 for Configuration Manager Technical Preview Branch.

Among the new features in this release there are:

  • Ability to import and run signed scripts and monitor the execution result.
  • The distribution point can be moved between different primary sites and from a secondary site to a primary site.
  • Improvement in the client settings for the Software Center, with the ability to view a preview before the deployment.
  • New settings for Windows Defender Application Guard (starting with Windows 10 version 1709).
  • Ability to view a dashboard with information about the co-management.
  • Phased Deployments.
  • Support for hardware inventory string longer than 255 characters.
  • Improvements in the scheduling of Automatic Deployment Rule.

Please note that the releases in the Technical Preview Branch help you evaluate the new features of SCCM and it is recommended to apply these updates only in test environments.

In addition to System Center Configuration Manager current branch, version 1710 was issued an update rollup that contains a large number of bug fixes.

Evaluation of OMS and System Center

Please remember that in order to test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

To test the various components of System Center 2016 you can access to the’Evaluation Center and after the registration you can start the trial period.

Integration between Service Map and System Center Operations Manager

Service Map is a solution that you can enable in Operations Management Suite (OMS) able to automatically carry out the discovery of application components, on both Windows and Linux systems, and to create a map that shows almost real-time communications between the various services. All this allows you to view the servers as interconnected systems that deliver services.

In System Center Operations Manager (SCOM) there is the possibility to define Distributed Application to provide an overall view of the health status of an application consists of different objects. The Distributed Application does not provide additional monitor functionality, but merely to relate the state of the objects in the system monitor, to provide the overall health status of the application.

Through integration between Service Map and System Center Operations Manager, you can automatically create in SCOM diagrams that represent the Distributed Application based on the detected dependencies from the Service Map solution.

This article will examine the procedure to be followed to activate this integration bringing back the main features.

Prerequisites

This kind of integration is possible if the following requirements are verified:

  • Environment System Center Operations Manager 2012 R2 or later.
  • Workspace OMS with Service Map solution enabled.
  • The presence of a Service Principal with access to the Azure subscription that contains the OMS workspace.
  • Operations Manager-managed servers and that send data to Service Map.

Supports both Windows and Linux systems, but with one important distinction.

For Windows systems you can evaluate the use of the scenario of integration between SCOM and OMS, as described in the article Integration between System Center Operations Manager and OMS Log Analytics and simply add the Dependencing Agent of Service Map on the various servers.

For Linux systems you cannot collect directly data of agents managed by Operations Manager in Log Analytics. It will therefore always required the presence of both the SCOM agent and the OMS agent. At the moment, in a Linux environment, the two agents share some binaries, but these are distinct agents that can coexist on the same machine as long as the SCOM agent is at least version 2012 R2. OMS agent installation on a Linux system managed by Operations Manager updates the OMI and the SCX SCX. We recommend that you always install the SCOM agent first and then the OMS agent, otherwise you need to edit the configuration file of OMI (/etc/opt/omi/conf/omiserver.conf) by adding the parameter httpsport=1270. After the editing you must restart the OMI Server component using the following command: sudo /opt/omi/bin/service_control restart.

The process for activating the integration

The first step required is the import, using the System Center Operations Manager console, of the following management packs (now in Public Preview), contained within the bundle that you can download to this address:

  • Microsoft Service Map Application Views.
  • Microsoft System Center Service Map Internal.
  • Microsoft System Center Service Map Override.
  • Microsoft System Center Service Map.

Figure 1 – Start importing the Management Pack

Figure 2 – Install the Management Pack for the integration with Service Map

After completing the installation of the management pack you will display the new node Service Map, in the workspace Administration, within the section Operations Management Suite. From this node you can start the integration configuration wizard:

Figure 3 – Configuration of the OMS workspace where there is the Service Map solution

At the moment you can configure the integration with a single OMS workspace.

The wizard prompts you to specify a Service Principal for read access to the Azure subscription that contains the OMS workspace, with the Service Map solution enabled. To create the Service Principal you can follow the procedure in Microsoft's official documentation.

Figure 4 – OMS workspace connection parameters

Based on the permissions assigned to the Service Principal the wizard shows the Azure subscriptions and its associated OMS workspaces:

Figure 5 - Selection of the Azure subscription, OMS Resource Group and OMS workspace

At this point you are prompted to select which groups of machines in Service Map you want to synchronize in Operations Manager:

Figure 6 – Selection of the Service Map Machine Group to synchronize in SCOM

On the next screen you are prompted to select which servers in SCOM synchronize with information retrieved from Service Map.

Figure 7 – Selection of items of SCOM

In this regard, in order to make sure that this integration is able to create the diagram of the Distributed Application for a server, this must be managed by SCOM, by Service Map and must be present within the Service Map group previously selected .

Then you are prompted to select an optional Management Server Resource Pool for communication with OMS and if necessary a proxy server:

Figure 8 - Optional configuration of a Management Server Resource Pool and a proxy server

Registration takes few seconds after which the following screen appears and Operations Manager performs the first synchronization of Service Map, by taking the data from the OMS workspace.

Figure 9 – Addition of the OMS workspace successfully completed

The synchronization of Service Map data occurs by default every 60 minutes, but you can change this frequency going to act with an override on a rule named Microsoft.SystemCenter.ServiceMapImport.Rule.

Result of the integration between Service Map and SCOM

The result of this integration is visible from the Operations Manager console in the dashboard Monitoring. It is in fact created a new Service Map folder that contains :

  • Active Alerts: any active alert regarding communication between SCOM and Service Map.
  • Servers: list of servers under the monitor for which the information is synchronized from Service Map.

Figure 10 - Servers with synchronized information from Service Map

  • Machine Group Dependency Views: Displays a Distributed Application for each Service Map group selected for the synchronization.

Figure 11 – Machine Group Dependency View

  • Server Dependency Views: shows a Distributed Application for each server that synchronizes information from Service Map.

Figure 12 – Server Dependency View

 

Conclusions

Many reality that they are going to use, or have already implemented the Service Map solution also have on-premises an environment with System Center Operations Manager (SCOM). This integration will enrich the information in SCOM allowing you to have full visibility of applications and dependencies of the various systems. This is an example of how you can use the power provided by OMS actually even with SCOM, without renouncing to investments made on the instrument, such as the possible integration with IT service management solutions (ITSM).

Service Map in Operations Management Suite: introduction to the solution

In an IT world that is increasingly heterogeneous and ever changing, with hybrid and distributed architectures with systems on-premises and in public cloud providers, is crucial to adopt solutions that manage operations, effectively monitor the entire environment and facilitate any troubleshooting tasks. Operations Management Suite (OMS) is IT management tool from Microsoft, designed in the era of cloud, that includes different solutions designed just for these purposes.

This article describes the main features of the solution Service Map present in Operations Management Suite (OMS) and it will indicate the procedure to be followed to configure Service Map and make the onboarding of the agents.

What is Service Map ?

Service Map is a solution that can be activated in OMS and it is able to automatically carry out the discovery of application components, on both Windows and Linux systems, and to create a map that shows almost real-time communications between the various services. All this allows you to view the servers as interconnected systems that deliver services. Service Map shows in detail the TCP connections that exist between the various systems, with the references of the processes involved in communications and related ports used. This allows you to determine and isolate any problems and to verify communication attempts that are attempted by various systems to detect any unwanted connections or problems in establishing communications needed. This solution is also useful when you must approach to cloud systems migration scenarios to consider all the connections needed for the proper functioning of the application, without neglecting any aspect.

Figure 1 -Example of schema generated by Service Map

Solution activation

By accessing the OMS portal you can easily add the solution Service Map, present in the gallery, by following the steps documented in the following article: Add Azure Log Analytics management solutions to your workspace (OMS).

Figure 2 - Addition of the solution Service Map

Enabling Service Map does not require specific configurations but you need to install on each system a specific agent called Microsoft Dependency Agent, which retrieves information required by the solution. The Microsoft Dependency Agent can only be installed on 64 bit platforms 64 and requires as a prerequisite the presence of the OMS agent . The Service Map Agent does not transmit any information directly into the OMS workspace and therefore is not required to open specific ports to the outside. Data to Service Map are always sent by the OMS agent, directly or through an OMS gateway:

Figure 3 – Data Communication of Service Map

When you activate Service Map in a OMS workspace, the management pack Microsoft. IntelligencePacks. ApplicationDependencyMonitor is sent to all Windows system present in the workspace.

Installation of the Microsoft Dependency Agent on Windows systems

The installation of the Microsoft Dependency Agent on Windows systems is done by invoking, with administrative privileges, the executable InstallDependencyAgent-Windows.exe which can be downloaded at this address. This executable provides the interactive installation using a Wizard or you can use the parameter /S to install the agent of Service Map in a completely silent way, useful if you want to activate it on multiple systems via scripts.

Installation of the Microsoft Dependency Agent on Linux systems

On Linux systems the installation of the Microsoft Dependency Agent takes place through the execution, with root permissions, of a shell script that is contained in the binary InstallDependencyAgent-Linux64.bin, which can be obtained by accessing this address. Also in this case there is the silent installation without user interaction, using parameter -s.

For systems on Azure, you can deploy the Microsoft Dependency Agent even through a specific Azure VM Extension. The extension is available for both Windows and Linux systems and the deploy can be done either via PowerShell scripts or via a JSON template in Azure Resource Manager mode (ARM).

To verify that the installation of the Service Map agent is completed successfully you can check that they are present and running the following components:

  • Service “Microsoft Dependency Agent” on Windows systems.
  • Daemon “microsoft-dependency-agent” on Linux machines.

The Microsoft Dependency Agent sends data through the OMS agent every 15 seconds and depending on the complexity of the environment each agent can transmit approximately 25 MB per day of information related to the Service Map solution. For the Service Map agent can be estimated a use of resources equal to 0,1 % of the system memory and the 0,1 % of the CPU of the system.

Notes and resources related to Service Map solution

How to use operationally Service Map is illustrated very well and in detail in this Microsoft Official Document. In addition to entering into the specifics of the Service Map functioning consult this article that shows the main features via a practice demo.

Service Map is currently only available in the following regions of Azure: East US, West Europe, West Central US and Southeast Asia.

Costs of the solution

Service Map is included in the package Insight & Analytics and the licensing may be covered in the free plan (up to a maximum of 5 Service Map systems) or takes place per node. For more information, please visit the page of the OMS pricing.

Conclusions

Service Map is a useful solution that can be used to improve the visibility of application flows, evaluate the impact of maintenance on individual systems and improve troubleshooting against fault. The Service Map activation is technically very simple and the added value provided by this solution is considerable, being able to consult at any time a completed and updated map of interconnection of systems, regardless of their geographical location.

Please note that you can test and evaluate for free Operations Management Suite (OMS) by accessing this page and selecting the mode you find most suitable for your needs.

OMS and System Center: What's New in December 2017

Compared to what we were used to seeing in recent months, during the month of December, also because of the holiday period, have been announced by Microsoft a few news about Operations Management Suite (OMS) and System Center. This article will be made a summary accompanied by references required for further study.

Operations Management Suite (OMS)

Log Analytics

In Azure Monitor was including the ability to view and define alert of Log Analytics. This is a feature in preview that allows you to use Azure Monitor as a centralized point of management and visualization of alerts.

Figure 1- Defining a Log Analytics alert in Azure Monitor (preview)

This month the new version of the’OMS agent for Linux systems fixes in particular a major bug concerning the DSC package (omsconfig) that due to a possible hang prevents sending data to the OMS workspace. In this release, there are not new features. To obtain the updated version you can access to the official GitHub page OMS Agent for Linux Patch v 1.4.2-125.

Figure 2 – Bug Fix list for the new OMS agent for Linux

Azure Automation

In Azure Monitor, within Action Groups was introduced the possibility to define a Azure Automation Runbook as action type. It is a further integration that enables you to have an effective alerting platform to take action not only for workloads running on Azure, but independently from their location.

Figure 3 – Defining an action based on Automation Runbook

Protection and Disaster Recovery

Azure Backup introduced support for the protection of Azure virtual machines with discs, managed or unmanaged, encrypted using Bitlocker Encryption Key (BEK). This feature extends the possibilities of protection of encrypted virtual machines, already supported previously in the Bitlocker Encryption Key scenario (BEK) and Key Encryption Key (KEK), allowing to obtain with ease a high level of security in these protection scenarios. For further information you can consult theofficial announcement.

Figure 4 – Protection of VM encrypted using Bitlocker Encryption Key (BEK)

Microsoft has released Azure Site Recovery Deployment Planner a very useful tool that can be used when you plan to implement a disaster recovery plan through to Azure Azure Site Recovery (ASR). ASR Deployment Planner is able to make a detailed assessment of the on-premises environment, targeted use of ASR, and provides the necessary elements to be taken into consideration in order to contemplate effectively the various operations required by the DR plan (replica, virtual machine failover and DR-Drill). The tool works in VMware and Hyper-V also includes a cost estimate for the use of ASR and resources necessary for the protection of Azure virtual machines on-premises. This tool currently can also be useful to make the necessary assessments when you have the need to address real migration scenarios from Hyper-V to Azure. This is because the instrument Azure Migrate, designed specifically to assess migration scenarios, allows you to present to the assessment only of VMware environments. The support for Hyper-V in Azure Migrate will be introduced in the coming months. ASR Deployment Planner can be downloaded at this address and includes the following features:

  • Estimates of the network bandwidth required for the initial replication process (initial replication) and for delta replication.
  • Indicates the type of Storage (standard or premium) required for each VM.
  • Indicates the total number of storage accounts (standard and premium) required.
  • For VMware environments, indicates the number of Configuration Server and Process Server you need to implement on-premises.
  • For Hyper-V environments, provides guidance on additional storage needed on-premises.
  • For Hyper-V environments, indicates the number of VMs that can be protected in parallel (through batch) and the order to be followed in order to successfully activate the initial replication.
  • For VMware environments, specifies the number of VMs that can be protected in parallel to complete the initial replication at any given time.
  • Estimate the throughput attainable by ASR (on-premises to Azure).
  • Perform an assessment, of the supported virtual machines, providing details about the disks (number, its size and IOPS) and the type of the OS.
  • Estimate the costs of DR, for use it in a specific region of Azure.

For detailed information about using the tool you can consult the official documentation relating to the specific scenario:

Figure 5 – Sample reports generated by ASR Deployment Planner

System Center

System Center Configuration Manager

Released the version 1712 for the branch Technical Preview of System Center Configuration Manager. The new features in this update are:

  • Improvements on the Surface Device dashboard, that allows you to view the firmware version of Surface devices, as well as the version of the operating system.
  • Dashboard improvements in Office 365 client management.
  • Multiple installation of applications by accessing the Software Center.
  • Client can be configured to respond to PXE requests without adding a distribution point role (Client-based PXE).

Please note that the releases in the Technical Preview Branch help you evaluate the new features of SCCM and it is recommended to apply these updates only in test environments.

Microsoft allows you to test and evaluate for free Operations Management Suite (OMS) by accessing this page and selecting the mode you find most suitable for your needs.

Integration between System Center Operations Manager and OMS Log Analytics

For those who are using System Center Operations Manager (SCOM) there is the possibility to extend the functionality of the product, enabling integration with Log Analytics. This allows you to benefit the potential of OMS to get a more efficient and complete strategy for monitoring your infrastructure . In this article we will analyze the steps that you must follow to enable this integration and we will parse the function of the architecture.

Before you enable this kind of integration you must ensure that you have one of the following supported versions of SCOM :

  • Operations Manager 2016.
  • Operations Manager 2012 R2 UR2 or higher.
  • Operations Manager 2012 SP1 UR6 or higher.

Also you should allow outgoing traffic, to the OMS cloud services, coming from monitor agents, from the Management Servers and from the SCOM console, directly or via an OMS Gateway.

The integration process is done by using the Operations Manager console according to few simple steps later reported:

Figure 1 – Start the registration process

Figure 2 — Select the OMS environment

Figure 3 – Start the authentication process

Figure 4 – Selection of the OMS workspace you plan to incorporate in SCOM

Figure 5 - Confirmation Screen Settings

Figure 6 -Final Confirmation

At the end of this configuration the connection is established towards the OMS workspace, but no data of SCOM agents connected to the SCOM management group is sent to Log Analytics. In order to collect the data from managed Operations Manager agents in Log Analytics is selectively required going to specify individual computer objects or a group that contains your Windows computer objects. The whole can be carried out directly from the branch Connection in the section Operations Management Suite:

Figure 7 – Selection of computer objects that you want to enable

At the end of this operation in the OMS portal it is possible to check the connection status of its Management Group and the number of connected servers:

Figure 8 - Information reported in the OMS portal after the integration

From the SCOM console you can check the status of the OMS connection browsing the section Operations Management Suite – Health State of the workspace Monitoring:

Figure 9 - Property Authentication service URI in the Health State of the Management Server

After establishing the connection between the SCOM infrastructure and the OMS workspace, the Management Server will start to receive configuration updates by OMS web services in the form of Management Packs, that include both the base MPs that those relating to solutions that have been enabled. Operations Manager carries out checks at regular intervals to check for updates for these Management Packs. This behavior is governed by these SCOM rules:

  • SystemCenter.Advisor.MPUpdate: handles updating of base MPs of OMS and by default runs every 12 hours.
  • SystemCenter.Advisor.Core.GetIntelligencePacksRule: handle upgrade of MPs related to enabled OMS solutions in the connected workspace and by default it is performed every five minutes.

Such behavior can be managed by changing the frequency or completely disabling updates (parameter Enabled) by configuring overrides of the above rules.

By accessing the workspace Administration and filtering the Management Pack for Advisor or Intelligence list the MPs downloaded and installed according to the solutions enabled in your OMS workspace:

Figure 10 – Management Packs list with name containing "Advisor"

Figure 11 – Management Packs list with name containing "Intelligence"

Figure 12 – List of Solutions installed on the OMS Workspace

As you can see for each installed OMS solution there is a corresponding Management Pack imported into the Operations Manager infrastructure.

At the end of this configuration also the communication-enabled monitor agents can send the required data from the solution directly to the OMS web service or the solution's data can be sent directly from the SCOM Management Server to the connected OMS workspace. Everything depends on the solution enabled and in no case this information are saved within the Operations Manager databasea (OperationsManager and OperationsManagerDW). If the Management Server lost the connectivity to the OMS web service data are maintained cached locally until the restart of the communication. In case the Management Server remain offline for an extended period the communication with OMS can be picked up by other Management servers in the same Management Group.

Figure 13 – Chart with communications between SCOM and OMS infrastructure components

In order to control and regulate the internet connections of monitored systems and of Management Servers to the public OMS URL you can implement a OMS Gateway:

Figure 14 – Communications between SCOM and OMS infrastructure components in the presence of an OMS Gateway

In this way the only system that must be enabled to access to the Public URL of Operations Management Suite is the OMS Gateway and all others systems will point to this machine. To apply this type of configuration is necessary, after implementing the system with this role, specify the IP address of the OMS Gateway in the proxy server with the prefix http://.

Figure 15 - Proxy Server configuration used to access the OMS cloud services

Figure 16 – IP address of the OMS Gateway with http prefix://

If you need to enable only certain systems using the OMS Gateway going to act on the rule Advisor Proxy Setting Rule and create an Override for the health service object going to populate the parameter WebProxyAddress with the URL of the OMS Gateway.

Conclusions

Microsoft Operations Management Suite (OMS) is a solution based entirely on the cloud, in constant evolution and with new features being added and extended in rapid frequency. Through this integration you can then combine the speed and efficiency inherent in OMS in collecting, hold and analyze data, with the potential of Operations Manager. This allows you to continue using the existing SCOM infrastructure to monitor your environment, keeping any integration with IT Service Management solutions (ITSM) and benefit at the same time also the potential offered by Microsoft Operations Management Suite (OMS).