Category Archives: Log Analytics

OMS and System Center: What's New in February 2018

The month of February was full of news and there are different updates that affected Operations Management Suite (OMS) and System Center. This article summarizes in concise terms to have a global vision and it contains the necessary references to learn more about it.

Operations Management Suite (OMS)

Log Analytics

Everyone who uses Azure ExpressRoute will be glad to know that you can now monitor it by using the Network Performance Monitor (NPM). This feature has been in previews for a few months and has now passed in the state of general availability. Among the features of this monitor solution we find:

  • Ability to view interactively, using the topology view of NPM, the various components (network on-premises, circuit provider edge, circuit ExpressRoute, edge Microsoft, and the Azure VMs) and latency measured in each hop. This allows you to easily identify any performance issues in connectivity and quickly locate the problematic segment of communication.
  • Ability to view the bandwidth usage of primary and secondary ExpressRoute circuit . Thanks to drill-down is also possible to intercept the bandwidth usage for each vNet connected to the ExpressRoute circuit.
  • Ability to create queries and custom views thanks to the fact that all details of the solution are available in the repository of Log Analytics and therefore you can use the native search functionality and correlation to suit your needs.
  • Ability to diagnose various problems of connectivity present in ExpressRoute circuit .

Figure 1 – Azure ExpressRoute Monitoring

For more information about how to configure the ExpressRoute monitor with NPM please visit the Microsoft's official documentation.

Also in Network Performance Monitor (NPM) was introduced the Service Endpoint Monitor with the integration into the monitor and into the performance of your application also of the performance end-to-end of the network. This feature allows you to create different types of tests (HTTP, HTTPS, TCP and ICMP), that must be carried out in key points of the network infrastructure, so you can quickly identify whether the problem encountered is related to the network or is related to the application. Through the use of the network topology map the problem and its nature is easily locatable. This is a feature in public preview whose characteristics are described in detail in this article.

Agent

This month the new version ofOMS agent for Linux systems fixes some bugs and also introduces an updated version of the components SCX and OMI. To obtain the updated version of the OMS agent you can access to the official GitHub page OMS Agent for Linux Patch v 1.4.4-210.

Figure 2 – Bug fixes and what's new for the OMS agent for Linux

Azure Backup

In this article is described how to build the solution of monitor in Log Analytics for Azure Backup. With this monitor solution, you can control the main aspects of Azure Backup as the backup and restore jobs, backup alert and use of cloud storage. You can do all cross Recovery Service vault and cross subscription, being able to take advantage of the features built into Log Analytics, such as the automated opening of ticket via webhooks or through integration with ITSM. It is a community solution, and each contributed is obviously welcome.

For Azure Backup was announced (in general availability) the possibility of creating consistent backups at the application layer for Linux virtual machines running on Azure. On Windows systems this is done using the VSS component, while for Linux VM it is made available one scripting framework through which you can run the pre-scripts and post-scripts to control the backup execution.

Figure 3 – Mechanism for realization of backup application consistent in VMs Linux on Azure

For more details on this you can consult theofficial announcement, while for more information about Linux virtual machine protection in Microsoft Azure, using Azure Backup, you can view the article: Azure Backup: the protection of Linux on Azure.

Azure Backup introduces the ability to protect natively Azure File Shares. This feature is currently in Public Preview and the main features are:

  • Chance, accessing Recovery Service vault, to make the discovery of storage acccount and detect files shares unprotected.
  • Large-scale protection: there is the possibility to back up multiple file shares contained in a storage account and apply a common security policy.
  • Instant and granular restore. The protection is based on file share snapshots and this allows you to quickly restore files selectively.
  • From the Azure portal you can explore the different restore point available to easily identify which files to restore.

Figure 4 – Backup of Azure File Shares

For further information you can consult theofficial announcement.

This month has been released a Mandatory Update for the Microsoft Azure Recovery Services agent (MARS). For all those who use Azure Backup you must install this update as soon as possible to avoid failures in backup and recovery tasks.

Azure Site Recovery

In Azure Site Recovery was made available a wait functionality, that allows to protect virtual machines having managed disk, in the replication scenario between different Azure regions, allowing greater flexibility for Disaster Recovery scenarios with systems in Azure.

Figure 5 – Enabling replication of a VM with Managed Disks

System Center

As announced in the last few months and as is already the case for the operating system and Configuration Manager, also the others System Center products, in particular, Operations Manager, Virtual Machine Manager, and Data Protection Manager will follow a release of updated versions every 6 months (semi-annual channel). This month there was the first release with the version 1801 of System Center.

Figure 6 – Summary of what's new in version 1801 of System Center

To know the details of what is new in this release, please consult the official announcement. Please remember that for belonging to the semi-annual channel support is guaranteed 18 months.

System Center Configuration Manager

Released the version 1802 for the branch Technical Preview of System Center Configuration Manager: Update 1802 for Configuration Manager Technical Preview Branch.

This release introduces a considerable number of innovations on different areas, including: OSD, Cloud Management Gateway, features of Windows 10 and Office 365, Software Center and Site Server High Availability.

Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

System Center Operations Manager

The feature called "Updates and Recommendations", introduced in SCOM 2016 for Management Packs from Microsoft, is useful to facilitate the process of discovery of appropriate MPs to monitor different workloads present in your infrastructure and keep them updated. This feature is enabled by well over 110 Microsoft workloads. Microsoft announced that it is extending this feature also for MPs produced and offered by third parties. In release 1801 of Operations Manager are currently covered MPs of the following external partners:

Figure 7 – Feature Updates and Recommendations with MPs of partners

As a result of the release of version 1801 of System Center were also made available the following new SCOM Management Packs:

System Center Service Manager

Released an new version of the Service Manager Authoring Tool.

Evaluation of OMS and System Center

Please remember that in order to test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

To test the various components of System Center 2016 you can access theEvaluation Center and, after registering, you can start the trial period.

Everything you need to know about OMS Log Analytics workspaces

In order to use Log Analytics you must have a OMS workspace, which is the dedicated environment of Log Analytics within which we find the data repository and the different solutions. I this article will be considered the different aspects that you should evaluate about the Log Analytics workspaces.

What is a workspace?

A workspace of Log Analytics is nothing more than a container in Azure environment within which are collected, aggregated and analyzed data from different sources and collected by Log Analytics.

To create a workspace, you must have an Azure subscription. Starting from 26 September 2016 In fact, all the workspace must necessarily be connected to an Azure subscription at the time of creation. During the process of creating the workspace you will also give it a name, that is not currently possible to change post creation, and associate it with an existing Resource Group or create a specific one. Finally you are asked in what location create it and what licensing model adopt. In this regard, it is recalled that Log Analytics can be licensed according to the different modes that you can refer to this link.

Figure 1 – Creating a Log Analytics workspace

Figure 2 – Location currently available for creating a workspace

How many workspaces should be created?

Within each Azure subscription you can be created more workspaces. When you need to determine the appropriate number of workspaces to create you should consider the following factors:

  • Geographical data location. Geographically distributed companies may need to store data in specific regions to contemplate policies of sovereignty and for compliance reasons. Another aspect to consider may be the presence of other resources in the Azure environment that must report data in Log Analytics. In these scenarios, to avoid charges caused by outbound data transfer, it is good to keep, whenever possible, the resources and the OMS workspace in the same region.
  • Data Isolation. If you need to manage data in Log Analytics from different customers (for example Service Provider) or separate organizational units that must be kept isolated for several reasons you may want to create separate workspaces.
  • Billing flexibility. You are billed for the workspace so it can be useful, to keep distinct the billing costs and have greater visibility, create separate workspaces for different departments or for different business units.

When considering the number of Log Analytics workspaces that you must create you should keep in mind that if in your environment you have enabled theintegration between System Center Operations Manager and OMS Log Analytics you can connect each Operations Manager management group with only one workspace. The Microsoft Monitoring Agent may instead be configured directly to return the data that both towards Operations Manager towards different workspaces of Log Analytics.

Figure 3 – Configuration of the Microsoft Monitoring Agent to return data to multiple workspaces

How to perform queries across multiple Log Analytics workspaces

Thanks to the new language introduced in recent months in Log Analycts you can now perform queries across multiple Log Analytics workspaces to analyze and aggregate data included in separate workspaces. This type of query you can run it by logging in to the new Advanced Analytics Portal.

When creating queries, to refer to another workspace, you must use the expression workspace(). More details about you can consult them in Microsoft's official documentation.

Figure 4 – Sample query cross workspaces

How to migrate workspaces

The migration of an existing Log Analytics workspace to another Azure subscription can take place directly from Azure portal or by using the cmdlet powershell Move-AzureRmResource. There isn't the ability to migrate the data contained in a workspace to another Log Analytics workspace or change the region where the data resides.

Figure 5 – Select the change of the subscription

Figure 6 – Migrating a workspace to another Azure subscription

Depending on installed solutions might be necessary to repeat the installation of the same solutions post-migration.

Conclusions

When you decide to adopt Log Analytics is appropriate to conduct a detailed assessment to establish the more appropriate deployment design, passing first by the aspects addressed concerning workspaces. Certain choices made at the time of creation of the workspace can not be easily changed later and for this reason it is appropriate to carry them out in a targeted manner, following the deployment best practices, to perform a successful deployment of Log Analytics.

OMS and System Center: What's New in January 2018

The new year has begun with different ads from Microsoft regarding what's new in Operations Management Suite (OMS) and System Center. This article summarizes briefly with the necessary references in order to learn more about.

Operations Management Suite (OMS)

Log Analytics

The release of theIT Service Management Connector (ITSMC) for Azure provides a bi-directional integration between Azure monitoring tools and ITSMC solutions such as: ServiceNow, Provance, Cherwell, and System Center Service Manager. With this integration you can:

  • Create or update work-items (event, alert, incident) in ITSM solutions on the basis of alerts present in Azure (Activity Log Alerts, Near real-time metric alerts and Log Analytics alerts).
  • Consolidate in Azure Log Analytics data related to Incident and Change Request.

To configure this integration you can consult the Microsoft's official documentation.

Figure 1 – ITSM Connector dashboard of the Log Analytics solution

Agent

This month the new version ofOMS agent for Linux systems fixes important bugs also introducing an updated version of the components SCX and OMI. Given the large number of bug fixes included in this release the advice is to consider the adoption of this upgrade. To obtain the updated version of the OMS agent you can access to the official GitHub page OMS Agent for Linux Patch v 1.4.3-174.

Figure 2 – Bug fixes and what's new for the OMS agent for Linux

Azure Backup

During the process of creating virtual machines from Azure portal now there is the ability to enable the protection via Azure Backup:

Figure 3 – Enabling backup while creating a VM

This ability improves in a considerable way the experience of creation of the virtual machine from the Azure Portal.

Azure Site Recovery

Azure Site Recovery allows you to handle different scenarios to implement Disaster Recovery plans, including replication of VMware virtual machines to Azure. In this context the following important changes have been introduced:

  • Release of a template in the format Open Virtualization Format (OVF) to deploy the Configuration Server. This allows you to deploy the template in your virtualization infrastructure and have a system with all the necessary software already preinstalled, with the exception of MySQL Server 5.7.20 and VMware PowerCLI 6.0, to speed up the deployment and the registration to Recovery Service Vault of the Configuration Server.
  • Introduced in Configuration Server a web portal to drive the main configuration actions necessary such as proxy server settings, details and credentials to access the vCenter server and the management of the credentials to install or update the Mobility Service on virtual machines involved in the replication process.
  • Improved the experience for deploying the Mobility Service on virtual machines. Since the 9.13.xxxx.x version of the Configuration Server would be used VMware tools to install and update the Mobility Service on all VMware virtual machines protected. This means that you no longer need to open firewall ports for WMI and for File and Printer Sharing services on Windows systems, previously used to perform the push installation of the Mobility Service.

The monitoring features included natively in Azure Site Recovery have been greatly enriched for having a complete and immediate visibility. The Panel Overview of Recovery Service Vault is now structured, for the section Site Recovery, as follows:

Figure 4 – Azure Site Recovery dashboard

These the various sections, which are updated automatically every 10 minutes:

  1. Switch between Azure Backup and Azure Site Recovery dashboards
  2. Replicated Items
  3. Failover test success
  4. Configuration issues
  5. Error Summary
  6. Infrastructure view
  7. Recovery Plans
  8. Jobs

For more details on the various sections you can see the official documentation or view this short video.

Known Issues

Please note the following possible problem in the execution of backup of Linux VMs on Azure. The error code returned is UserErrorGuestAgentStatusUnavailable and you can follow this workaround to resolve the error condition.

System Center

System Center Configuration Manager

Released the version 1801 for the branch Technical Preview of System Center Configuration Manager: Update 1801 for Configuration Manager Technical Preview Branch.

Among the new features in this release there are:

  • Ability to import and run signed scripts and monitor the execution result.
  • The distribution point can be moved between different primary sites and from a secondary site to a primary site.
  • Improvement in the client settings for the Software Center, with the ability to view a preview before the deployment.
  • New settings for Windows Defender Application Guard (starting with Windows 10 version 1709).
  • Ability to view a dashboard with information about the co-management.
  • Phased Deployments.
  • Support for hardware inventory string longer than 255 characters.
  • Improvements in the scheduling of Automatic Deployment Rule.

Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

In addition to System Center Configuration Manager current branch, version 1710 was issued an update rollup that contains a large number of bug fixes.

Evaluation of OMS and System Center

Please remember that in order to test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

To test the various components of System Center 2016 you can access to the’Evaluation Center and after the registration you can start the trial period.

Integration between Service Map and System Center Operations Manager

Service Map is a solution that you can enable in Operations Management Suite (OMS) able to automatically carry out the discovery of application components, on both Windows and Linux systems, and to create a map that shows almost real-time communications between the various services. All this allows you to view the servers as interconnected systems that deliver services.

In System Center Operations Manager (SCOM) there is the possibility to define Distributed Application to provide an overall view of the health status of an application consists of different objects. The Distributed Application does not provide additional monitor functionality, but merely to relate the state of the objects in the system monitor, to provide the overall health status of the application.

Through integration between Service Map and System Center Operations Manager, you can automatically create in SCOM diagrams that represent the Distributed Application based on the detected dependencies from the Service Map solution.

This article will examine the procedure to be followed to activate this integration bringing back the main features.

Prerequisites

This kind of integration is possible if the following requirements are verified:

  • Environment System Center Operations Manager 2012 R2 or later.
  • Workspace OMS with Service Map solution enabled.
  • The presence of a Service Principal with access to the Azure subscription that contains the OMS workspace.
  • Operations Manager-managed servers and that send data to Service Map.

Supports both Windows and Linux systems, but with one important distinction.

For Windows systems you can evaluate the use of the scenario of integration between SCOM and OMS, as described in the article Integration between System Center Operations Manager and OMS Log Analytics and simply add the Dependencing Agent of Service Map on the various servers.

For Linux systems you cannot collect directly data of agents managed by Operations Manager in Log Analytics. It will therefore always required the presence of both the SCOM agent and the OMS agent. At the moment, in a Linux environment, the two agents share some binaries, but these are distinct agents that can coexist on the same machine as long as the SCOM agent is at least version 2012 R2. OMS agent installation on a Linux system managed by Operations Manager updates the OMI and the SCX SCX. We recommend that you always install the SCOM agent first and then the OMS agent, otherwise you need to edit the configuration file of OMI (/etc/opt/omi/conf/omiserver.conf) by adding the parameter httpsport=1270. After the editing you must restart the OMI Server component using the following command: sudo /opt/omi/bin/service_control restart.

The process for activating the integration

The first step required is the import, using the System Center Operations Manager console, of the following management packs (now in Public Preview), contained within the bundle that you can download to this link:

  • Microsoft Service Map Application Views.
  • Microsoft System Center Service Map Internal.
  • Microsoft System Center Service Map Override.
  • Microsoft System Center Service Map.

Figure 1 – Start importing the Management Pack

Figure 2 – Install the Management Pack for the integration with Service Map

After completing the installation of the management pack you will display the new node Service Map, in the workspace Administration, within the section Operations Management Suite. From this node you can start the integration configuration wizard:

Figure 3 – Configuration of the OMS workspace where there is the Service Map solution

At the moment you can configure the integration with a single OMS workspace.

The wizard prompts you to specify a Service Principal for read access to the Azure subscription that contains the OMS workspace, with the Service Map solution enabled. To create the Service Principal you can follow the procedure in Microsoft's official documentation.

Figure 4 – OMS workspace connection parameters

Based on the permissions assigned to the Service Principal the wizard shows the Azure subscriptions and its associated OMS workspaces:

Figure 5 - Selection of the Azure subscription, OMS Resource Group and OMS workspace

At this point you are prompted to select which groups of machines in Service Map you want to synchronize in Operations Manager:

Figure 6 – Selection of the Service Map Machine Group to synchronize in SCOM

On the next screen you are prompted to select which servers in SCOM synchronize with information retrieved from Service Map.

Figure 7 – Selection of items of SCOM

In this regard, in order to make sure that this integration is able to create the diagram of the Distributed Application for a server, this must be managed by SCOM, by Service Map and must be present within the Service Map group previously selected .

Then you are prompted to select an optional Management Server Resource Pool for communication with OMS and if necessary a proxy server:

Figure 8 - Optional configuration of a Management Server Resource Pool and a proxy server

Registration takes few seconds after which the following screen appears and Operations Manager performs the first synchronization of Service Map, by taking the data from the OMS workspace.

Figure 9 – Addition of the OMS workspace successfully completed

The synchronization of Service Map data occurs by default every 60 minutes, but you can change this frequency going to act with an override on a rule named Microsoft.SystemCenter.ServiceMapImport.Rule.

Result of the integration between Service Map and SCOM

The result of this integration is visible from the Operations Manager console in the dashboard Monitoring. It is in fact created a new Service Map folder that contains :

  • Active Alerts: any active alert regarding communication between SCOM and Service Map.
  • Servers: list of servers under the monitor for which the information is synchronized from Service Map.

Figure 10 - Servers with synchronized information from Service Map

  • Machine Group Dependency Views: Displays a Distributed Application for each Service Map group selected for the synchronization.

Figure 11 – Machine Group Dependency View

  • Server Dependency Views: shows a Distributed Application for each server that synchronizes information from Service Map.

Figure 12 – Server Dependency View

 

Conclusions

Many reality that they are going to use, or have already implemented the Service Map solution also have on-premises an environment with System Center Operations Manager (SCOM). This integration will enrich the information in SCOM allowing you to have full visibility of applications and dependencies of the various systems. This is an example of how you can use the power provided by OMS actually even with SCOM, without renouncing to investments made on the instrument, such as the possible integration with IT service management solutions (ITSM).

Service Map in Operations Management Suite: introduction to the solution

In an IT world that is increasingly heterogeneous and ever changing, with hybrid and distributed architectures with systems on-premises and in public cloud providers, is crucial to adopt solutions that manage operations, effectively monitor the entire environment and facilitate any troubleshooting tasks. Operations Management Suite (OMS) is IT management tool from Microsoft, designed in the era of cloud, that includes different solutions designed just for these purposes.

This article describes the main features of the solution Service Map present in Operations Management Suite (OMS) and it will indicate the procedure to be followed to configure Service Map and make the onboarding of the agents.

What is Service Map ?

Service Map is a solution that can be activated in OMS and it is able to automatically carry out the discovery of application components, on both Windows and Linux systems, and to create a map that shows almost real-time communications between the various services. All this allows you to view the servers as interconnected systems that deliver services. Service Map shows in detail the TCP connections that exist between the various systems, with the references of the processes involved in communications and related ports used. This allows you to determine and isolate any problems and to verify communication attempts that are attempted by various systems to detect any unwanted connections or problems in establishing communications needed. This solution is also useful when you must approach to cloud systems migration scenarios to consider all the connections needed for the proper functioning of the application, without neglecting any aspect.

Figure 1 -Example of schema generated by Service Map

Solution activation

By accessing the OMS portal you can easily add the solution Service Map, present in the gallery, by following the steps documented in the following article: Add Azure Log Analytics management solutions to your workspace (OMS).

Figure 2 - Addition of the solution Service Map

Enabling Service Map does not require specific configurations but you need to install on each system a specific agent called Microsoft Dependency Agent, which retrieves information required by the solution. The Microsoft Dependency Agent can only be installed on 64 bit platforms 64 and requires as a prerequisite the presence of the OMS agent . The Service Map Agent does not transmit any information directly into the OMS workspace and therefore is not required to open specific ports to the outside. Data to Service Map are always sent by the OMS agent, directly or through an OMS gateway:

Figure 3 – Data Communication of Service Map

When you activate Service Map in a OMS workspace, the management pack Microsoft. IntelligencePacks. ApplicationDependencyMonitor is sent to all Windows system present in the workspace.

Installation of the Microsoft Dependency Agent on Windows systems

The installation of the Microsoft Dependency Agent on Windows systems is done by invoking, with administrative privileges, the executable InstallDependencyAgent-Windows.exe which can be downloaded at this link. This executable provides the interactive installation using a Wizard or you can use the parameter /S to install the agent of Service Map in a completely silent way, useful if you want to activate it on multiple systems via scripts.

Installation of the Microsoft Dependency Agent on Linux systems

On Linux systems the installation of the Microsoft Dependency Agent takes place through the execution, with root permissions, of a shell script that is contained in the binary InstallDependencyAgent-Linux64.bin, which can be obtained by accessing this link. Also in this case there is the silent installation without user interaction, using parameter -s.

For systems on Azure, you can deploy the Microsoft Dependency Agent even through a specific Azure VM Extension. The extension is available for both Windows and Linux systems and the deploy can be done either via PowerShell scripts or via a JSON template in Azure Resource Manager mode (ARM).

To verify that the installation of the Service Map agent is completed successfully you can check that they are present and running the following components:

  • Service “Microsoft Dependency Agent” on Windows systems.
  • Daemon “microsoft-dependency-agent” on Linux machines.

The Microsoft Dependency Agent sends data through the OMS agent every 15 seconds and depending on the complexity of the environment each agent can transmit approximately 25 MB per day of information related to the Service Map solution. For the Service Map agent can be estimated a use of resources equal to 0,1 % of the system memory and the 0,1 % of the CPU of the system.

Notes and resources related to Service Map solution

How to use operationally Service Map is illustrated very well and in detail in this official Microsoft document. In addition to entering into the specifics of the Service Map functioning consult this article that shows the main features via a practice demo.

Service Map is currently only available in the following regions of Azure: East US, West Europe, West Central US and Southeast Asia.

Costs of the solution

Service Map is included in the package Insight & Analytics and the licensing may be covered in the free plan (up to a maximum of 5 Service Map systems) or takes place per node. For more information, please visit the page of the OMS pricing.

Conclusions

Service Map is a useful solution that can be used to improve the visibility of application flows, evaluate the impact of maintenance on individual systems and improve troubleshooting against fault. The Service Map activation is technically very simple and the added value provided by this solution is considerable, being able to consult at any time a completed and updated map of interconnection of systems, regardless of their geographical location.

Please note that you can test and evaluate for free Operations Management Suite (OMS) by accessing this page and selecting the mode you find most suitable for your needs.

OMS and System Center: What's New in December 2017

Compared to what we were used to seeing in recent months, during the month of December, also because of the holiday period, have been announced by Microsoft a few news about Operations Management Suite (OMS) and System Center. This article will be made a summary accompanied by references required for further study.

Operations Management Suite (OMS)

Log Analytics

In Azure Monitor was including the ability to view and define alert of Log Analytics. This is a feature in preview that allows you to use Azure Monitor as a centralized point of management and visualization of alerts.

Figure 1- Defining a Log Analytics alert in Azure Monitor (preview)

This month the new version of the’OMS agent for Linux systems fixes in particular a major bug concerning the DSC package (omsconfig) that due to a possible hang prevents sending data to the OMS workspace. In this release, there are not new features. To obtain the updated version you can access to the official GitHub page OMS Agent for Linux Patch v 1.4.2-125.

Figure 2 – Bug Fix list for the new OMS agent for Linux

Azure Automation

In Azure Monitor, within Action Groups was introduced the possibility to define a Azure Automation Runbook as action type. It is a further integration that enables you to have an effective alerting platform to take action not only for workloads running on Azure, but independently from their location.

Figure 3 – Defining an action based on Automation Runbook

Protection and Disaster Recovery

Azure Backup introduced support for the protection of Azure virtual machines with discs, managed or unmanaged, encrypted using Bitlocker Encryption Key (BEK). This feature extends the possibilities of protection of encrypted virtual machines, already supported previously in the Bitlocker Encryption Key scenario (BEK) and Key Encryption Key (KEK), allowing to obtain with ease a high level of security in these protection scenarios. For further information you can consult theofficial announcement.

Figure 4 – Protection of VM encrypted using Bitlocker Encryption Key (BEK)

Microsoft has released Azure Site Recovery Deployment Planner a very useful tool that can be used when you plan to implement a disaster recovery plan through to Azure Azure Site Recovery (ASR). ASR Deployment Planner is able to make a detailed assessment of the on-premises environment, targeted use of ASR, and provides the necessary elements to be taken into consideration in order to contemplate effectively the various operations required by the DR plan (replica, virtual machine failover and DR-Drill). The tool works in VMware and Hyper-V also includes a cost estimate for the use of ASR and resources necessary for the protection of Azure virtual machines on-premises. This tool currently can also be useful to make the necessary assessments when you have the need to address real migration scenarios from Hyper-V to Azure. This is because the instrument Azure Migrate, designed specifically to assess migration scenarios, allows you to present to the assessment only of VMware environments. The support for Hyper-V in Azure Migrate will be introduced in the coming months. ASR Deployment Planner can be downloaded at this link and includes the following features:

  • Estimates of the network bandwidth required for the initial replication process (initial replication) and for delta replication.
  • Indicates the type of Storage (standard or premium) required for each VM.
  • Indicates the total number of storage accounts (standard and premium) required.
  • For VMware environments, indicates the number of Configuration Server and Process Server you need to implement on-premises.
  • For Hyper-V environments, provides guidance on additional storage needed on-premises.
  • For Hyper-V environments, indicates the number of VMs that can be protected in parallel (through batch) and the order to be followed in order to successfully activate the initial replication.
  • For VMware environments, specifies the number of VMs that can be protected in parallel to complete the initial replication at any given time.
  • Estimate the throughput attainable by ASR (on-premises to Azure).
  • Perform an assessment, of the supported virtual machines, providing details about the disks (number, its size and IOPS) and the type of the OS.
  • Estimate the costs of DR, for use it in a specific region of Azure.

For detailed information about using the tool you can consult the official documentation relating to the specific scenario:

Figure 5 – Sample reports generated by ASR Deployment Planner

System Center

System Center Configuration Manager

Released the version 1712 for the branch Technical Preview of System Center Configuration Manager. The new features in this update are:

  • Improvements on the Surface Device dashboard, that allows you to view the firmware version of Surface devices, as well as the version of the operating system.
  • Dashboard improvements in Office 365 client management.
  • Multiple installation of applications by accessing the Software Center.
  • Client can be configured to respond to PXE requests without adding a distribution point role (Client-based PXE).

Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

Microsoft allows you to test and evaluate for free Operations Management Suite (OMS) by accessing this page and selecting the mode you find most suitable for your needs.

Integration between System Center Operations Manager and OMS Log Analytics

For those who are using System Center Operations Manager (SCOM) there is the possibility to extend the functionality of the product, enabling integration with Log Analytics. This allows you to benefit the potential of OMS to get a more efficient and complete strategy for monitoring your infrastructure . In this article we will analyze the steps that you must follow to enable this integration and we will parse the function of the architecture.

Before you enable this kind of integration you must ensure that you have one of the following supported versions of SCOM :

  • Operations Manager 2016.
  • Operations Manager 2012 R2 UR2 or higher.
  • Operations Manager 2012 SP1 UR6 or higher.

Also you should allow outgoing traffic, to the OMS cloud services, coming from monitor agents, from the Management Servers and from the SCOM console, directly or via an OMS Gateway.

The integration process is done by using the Operations Manager console according to few simple steps later reported:

Figure 1 – Start the registration process

Figure 2 — Select the OMS environment

Figure 3 – Start the authentication process

Figure 4 – Selection of the OMS workspace you plan to incorporate in SCOM

Figure 5 - Confirmation Screen Settings

Figure 6 -Final Confirmation

At the end of this configuration the connection is established towards the OMS workspace, but no data of SCOM agents connected to the SCOM management group is sent to Log Analytics. In order to collect the data from managed Operations Manager agents in Log Analytics is selectively required going to specify individual computer objects or a group that contains your Windows computer objects. The whole can be carried out directly from the branch Connection in the section Operations Management Suite:

Figure 7 – Selection of computer objects that you want to enable

At the end of this operation in the OMS portal it is possible to check the connection status of its Management Group and the number of connected servers:

Figure 8 - Information reported in the OMS portal after the integration

From the SCOM console you can check the status of the OMS connection browsing the section Operations Management Suite – Health State of the workspace Monitoring:

Figure 9 - Property Authentication service URI in the Health State of the Management Server

After establishing the connection between the SCOM infrastructure and the OMS workspace, the Management Server will start to receive configuration updates by OMS web services in the form of Management Packs, that include both the base MPs that those relating to solutions that have been enabled. Operations Manager carries out checks at regular intervals to check for updates for these Management Packs. This behavior is governed by these SCOM rules:

  • SystemCenter.Advisor.MPUpdate: handles updating of base MPs of OMS and by default runs every 12 hours.
  • SystemCenter.Advisor.Core.GetIntelligencePacksRule: handle upgrade of MPs related to enabled OMS solutions in the connected workspace and by default it is performed every five minutes.

Such behavior can be managed by changing the frequency or completely disabling updates (parameter Enabled) by configuring overrides of the above rules.

By accessing the workspace Administration and filtering the Management Pack for Advisor or Intelligence list the MPs downloaded and installed according to the solutions enabled in your OMS workspace:

Figure 10 – Management Packs list with name containing "Advisor"

Figure 11 – Management Packs list with name containing "Intelligence"

Figure 12 – List of Solutions installed on the OMS Workspace

As you can see for each installed OMS solution there is a corresponding Management Pack imported into the Operations Manager infrastructure.

At the end of this configuration also the communication-enabled monitor agents can send the required data from the solution directly to the OMS web service or the solution's data can be sent directly from the SCOM Management Server to the connected OMS workspace. Everything depends on the solution enabled and in no case this information are saved within the Operations Manager databasea (OperationsManager and OperationsManagerDW). If the Management Server lost the connectivity to the OMS web service data are maintained cached locally until the restart of the communication. In case the Management Server remain offline for an extended period the communication with OMS can be picked up by other Management servers in the same Management Group.

Figure 13 – Chart with communications between SCOM and OMS infrastructure components

In order to control and regulate the internet connections of monitored systems and of Management Servers to the public OMS URL you can implement a OMS Gateway:

Figure 14 – Communications between SCOM and OMS infrastructure components in the presence of an OMS Gateway

In this way the only system that must be enabled to access to the Public URL of Operations Management Suite is the OMS Gateway and all others systems will point to this machine. To apply this type of configuration is necessary, after implementing the system with this role, specify the IP address of the OMS Gateway in the proxy server with the prefix http://.

Figure 15 - Proxy Server configuration used to access the OMS cloud services

Figure 16 – IP address of the OMS Gateway with http prefix://

If you need to enable only certain systems using the OMS Gateway going to act on the rule Advisor Proxy Setting Rule and create an Override for the health service object going to populate the parameter WebProxyAddress with the URL of the OMS Gateway.

Conclusions

Microsoft Operations Management Suite (OMS) is a solution based entirely on the cloud, in constant evolution and with new features being added and extended in rapid frequency. Through this integration you can then combine the speed and efficiency inherent in OMS in collecting, hold and analyze data, with the potential of Operations Manager. This allows you to continue using the existing SCOM infrastructure to monitor your environment, keeping any integration with IT Service Management solutions (ITSM) and benefit at the same time also the potential offered by Microsoft Operations Management Suite (OMS).

OMS and System Center: What's New in November 2017

In November there have been several announcements from Microsoft concerning Operations Management Suite (OMS) and System Center. This article will summarize briefly with the necessary references to be able to conduct further studies.

Operations Management Suite (OMS)

Log Analytics

As already announced since 30 October 2017 Microsoft has launched the upgrade process of the OMS workspaces not yet updated manually. In this regard has been released this useful document that shows the differences between a legacy OMS workspace and a updated OMS workspace, with references for further details.

Solutions

Those that use circuit ExpressRoute will be glad to know that Microsoft announced the ability to monitor it through Network Performance Monitor (NPM). This is a feature currently in preview that allows you to monitor connectivity and performance between the on-premises environment and vNet in Azure in the presence of ExpressRoute circuit. For more details about the features announced you can consult theofficial article.

Figure 1 – Network map showing details of ExpressRoute connectivity

Agent

As usual it was released a new version of the OMS Agent for Linux systems that now takes place on a monthly basis. This release fixes bugs related diagnostics during agents onboarding. Are not being introduced new features. To obtain the updated version please visit the official GitHub page OMS Agent for Linux Patch v 1.4.2-124.

Protection and Disaster Recovery

Azure Backup always protected backups from on-premises world toward Azure using encryption that takes place using the passphrase defined during the configuration of the solution. To protect VMs in Azure the recommendation for greater security in the backup was to use VMs with disk-encrypted. Now Azure Backup uses Storage Service Encryption (SSE) to do the encryption of backups of virtual machines on Azure, allowing to obtain in an integrated manner in the solution a mechanism for the implementation of the backup security. This also will happen to existing backup automatically and through a background task.

Microsoft, in order to bring more clarity with regard to pricing and licensing of Azure Site Recovery, updated the FAQ which you can see in the official page of pricing of the solution.

System Center

As is already the case for the operating system and System Center Configuration Manager, the other System Center products, in particular, Operations Manager, Virtual Machine Manager, and Data Protection Manager will follow a release of updated versions every 6 months (semi-annual channel). The goal is to rapidly deliver new capabilities and to ensure a speedy integration with the cloud world, which is essential given the speed with which it evolves. In November was announced the System Center preview version 1711 which you can download at this link.

Figure 2 – Summary of what's new in System Center preview version 1711

To know the details of the new features in this release, please consult theofficial announcement.

System Center Configuration Manager

For System Center Configuration Manager current branch version 1706 was issued an important update rollup you should apply as it solves a lot of problems.

Released the version 1710 for the Current Branch (CB) of System Center Configuration Manager that introduces new features and major improvements in the product. Among the main innovations of this update definitely emerge the possibilities offered by the Co-management that expand the possibilities for device management using either System Center Configuration Manager and Microsoft Intune.

Figure 3 – Features and benefits of Co-management

For a complete list of new features introduced in this version of Configuration Manager, you can consult theofficial announcement.

Released the version 1711 for the Technical Preview branch of System Center Configuration Manager. The new features in this update are:

  • Improvements in the new Run Task Sequence step.
  • User interaction when installing applications in the System context even when running a task sequence.
  • New options, in the scenario of using Configuration Manager associated with Microsoft Intune, to manage compliance policy for devices Windows 10 related to Firewall, User Account Control, Windows Defender Antivirus, and OS build versioning.

I remind you that the releases in the Technical Preview Branch allows you to evaluate in preview new SCCM functionality and is recommended to apply these updates only in test environments.

Released an updated version of the Configuration Manager Client Messaging SDK.

System Center Operations Manager

Released the new wave of the SQL Server Management Packs (version 7.0.0.0):

The Management Packs for SQL Server 2017 can be used for the monitor of SQL Server 2017 and subsequent releases (version agnostic), this allows you to avoid having to manage different MPs for each version of SQL Server. The controls for versions of SQL Server earlier than 2014 are included in the generic MP "Microsoft System Center Management Pack for SQL Server".

System Center Service Manager

Microsoft has published a series of tips and best practices to be followed during Authoring Management Pack of System Center Service Manager (SCSM).

Please remember that in order to test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

OMS and System Center: What's New in October 2017

This article lists the main changes announced in October concerning Operations Management Suite (OMS) and System Center. This is a concise summary that contains the necessary references for further study.

Operations Management Suite (OMS)

Log Analytics

In Log Analytics in August was released a major update that introduces a number of changes, as the powerful new query language, the introduction of the new Advanced Analytics portal and greater integration with Power BI. For further information you can consult the specific article Log Analytics: a major update evolves the solution. During the month, Microsoft announced that from 30 October 2017 is started automatically the upgrade process of the OMS workspaces not yet updated manually. Everything will be done in a gradual way for region according to the schedule below:

Figure 1 - Scheduling for rollout of the upgrade of Log Analytics

Also starting from 16 October 2017 the new OMS workspaces are already build in the new mode and there is no possibility to create a legacy workspace. For further information you can consult the article Azure Log Analytics workspace upgrades are in progress.

Solutions

Thanks to the solution Azure Log Analytics Container Monitoring for the Service Fabric under Linux now you can:

  • Centralize and correlate logs that are related to containers.
  • For containers and nodes display in almost real-time metrics for CPU, memory, storage and network utilization.
  • Identify containers with excessive use of resources.
  • Control the use of process-wide resources (Docker container top).
  • See an inventory of the container node that contains information about the Orchestration.

Figure 2 – Container Monitoring solution for Linux Service Fabric

The presence of an Azure Resource Manager (ARM) template that lets you create a new Log Analytics Workspace and install during the deployment the OMS agent on all nodes of the Service Fabric cluster facilitates the activation of the monitor. At the end of the cluster deployment simply add to the workspace of Log Analytics the solution Container Monitoring available in Azure Marketplace, and in a few minutes will be available in Log Analytics information on the Service Fabric. For further information you can consult the article Azure Log Analytics Container Monitoring solution for Linux process Fabric.

By using the Azure Action Groups you can use the Log Analytics solution IT Service Management Connector Solution to automatically open incident in your product or service of IT Service Management (ITSM), if properly supported, against alert generated in the Azure environment. The steps to configure this new feature is documented in the ad Send your Azure alerts to ITSM tools using Action Groups.

Agent

Released a new version of the OMS agent for Linux systems that mainly has solved some bugs and introduced some useful improvements. For more details and to get the updated version please refer to the official GitHub page OMS Agent for Linux GA v 1.4.1-123

Figure 3 – Bug fixes and what's new for the OMS agent for Linux

Azure Automation

As for Azure Automation have been announced, currently in preview, exciting new features:

  • Update management: it allows you to have visibility on the updates compliance for both Windows and Linux systems, regardless of their location (Azure, on-premises or others cloud). It also allows you to schedule the deployment to install the updates within a specific maintenance window. Among the features offered is the ability to exclude specific updates from the deployment and retrieve logs for the deployment useful for troubleshooting.
  • Inventory: it allows you to retrieve inventory information about the installed applications within systems. All this can easily be accessed directly from the portal Azure.
  • Track changes: useful for monitoring changes made to systems for services, daemons, software, registry and files. This feature can be very useful to diagnose specific problems and to enable alerts against unexpected changes.

Figure 4 – New features in preview of Azure Automation

For further details please consult the specific article What's New in Azure Automation: Inventory, Change Tracking and Update Management.

Azure Automation also introduces the ability to implement runbook written in Python 2 and adds support for the role Hybrid Runbook Worker under Linux. These features are currently in public preview.

System Center

TheUpdate Rollup 4 for Microsoft System Center 2016 has been released.

These are the System Center products affected by the update that resolves several issues and introduces some improvements:

The Update rollup 4 introduces support for the security protocol TLS 1.2 for all encrypted communications. Earlier versions of TLS and SSL encryption mechanisms are not considered with a high level of security, for this reason Microsoft has decided to introduce for the following System Center products official support for the security protocol TLS 1.2:

  • System Center Operations Manager (SCOM)
  • System Center Virtual Machine Manager (SCVMM)
  • System Center Data Protection Manager (SCDPM)
  • System Center Orchestrator (SCO)
  • Service Management Automation (SMA)
  • Service Provider Foundation (SPF)
  • System Center Service Manager (SM)

Enabling TLS 1.2 requires that you follow the following macro step:

  1. Install security updates for Windows Server, .NET 4.6 and SQL Server.
  2. Install the Update Rollup 4 of System Center 2016 on the different components. Regarding Service Management Automation (SMA) and Service Provider Foundation (SPF) you still need to apply the latest Update Rollup available. In addition to SMA you need to update its Management Pack.
  3. Change the settings to enable TLS 1.2 in the Windows environment on all System Center components.
  4. Adapt the System Center component-specific settings that require it (SCOM, SCDPM and SCO).

For more details you can follow the specific deployment guide.

System Center Configuration Manager

Released version 1709 for the branch Technical Preview of System Center Configuration Manager: Update 1709 for Configuration Manager Technical Preview Branch – Available Now!

The new features in this update are:

  • Co-management: solution that allows the management of devices using either System Center Configuration Manager and Microsoft Intune. Thanks to Windows 10 Fall Creators Update there is the opportunity to join the device both to the Active Directory domain (AD) on-premises and to Azure AD in the cloud. This expands the possibilities for management of devices using the Configuration Manager client and the MDM agent of Intune.

Figure 5 – Co-Management from the SCCM console

  • Improvement regarding the use of SCCM connected to Intune for the management of the mobile devices with regard to the settings of VPN profiles. With this update, in fact while creating a new VPN profile shows only the appropriate settings for the platform that you intend to configure. More details about you can retrieve them in this article.

Also released version 1710 always for the branch Technical Preview of System Center Configuration Manager. The many innovations introduced with this update are available in the announcement Update 1710 for Configuration Manager Technical Preview Branch – Available Now!.

I remind you that the releases in the Technical Preview Branch allows you to evaluate in preview new SCCM functionality and is recommended to apply these updates only in test environments.

System Center Operations Manager

In the table below the news about SCOM Management Pack 2016:

The changes introduced by these new MPs can be found in the article DHCP 2016 and 2012 R2 Management Pack release.

System Center Orchestrator

Released the latest version of’Integration Pack for System Center 2016.

To test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

What's New in Azure Automation: Inventory, Change Tracking and Update Management

In Azure Autiomation were recently introduced new features, currently in preview, which make it possible to manage the distribution of updates, collect inventory information about the applications installed on the systems and keep track of changes made on the machines. This article will show you how to configure the Azure Automation Account to take advantage of these new features and it will show their main characteristics.

In order to use each of these features it is necessary that the Automation Account is associated with a Log Analytics Wokspace.

If the Automation Account where you want to enable these new features is not linked to any Workspace of Log Analytics is requested, in the process of activation, the binding to an existing Workspace or it propose the creation of a new Workspace:

Figure 1 - Association of Automation Account to Log Analytics Workspace

The capabilities of Change Tracking and Inventory are enabled simultaneously by the Azure portal and at the end of the activation will appear the following notification:

Figure 2 – Notification after enabling Change Tracking and Inventory features

For enabling Update management you will need to perform the same operation.

Figure 3 – Enabling the Update Management feature

At the end of these activities in the Log Analytics Workspace will be present the following solution:

Figure 4 – Solution added in Log Analytics

After the completion of the activation, the solution begins to show the data of machines already connected to the OMS Workspace associated with the Automation Account. You could also get the onboarding by further machines directly from the relevant sections of the Azure Portal:

Figure 5 - Adding additional systems

This process requires the installation of the OMS agent on systems and can be done either on Windows and Linux. If the machines are on the Azure fabric the OMS agent installation process is integrated and can happen quickly with a simple click from the Azure Portal. Otherwise you can still associate the systems by manually installing the OMS agent, independently from their location (on-premises or others cloud).

For the functionality of Inventory and Change Tracking you can access the settings (common among the two solutions) to customize the registry key information, the files under Windows and Linux that you plan to inventory and monitor:

Figure 6 – Edit your settings

Figure 7 - Personalization of the configuration

 

Inventory

This feature allows you to retrieve inventory information relating to: installed software, files, Windows Registry keys, Windows Services and Linux Daemons. All this can be accessed easily directly from the Azure portal and it is possible to apply search filters:

Figure 8 - Search the inventory data

 

Change Tracking

The functionality of Change Tracking monitors changes made to systems relatively to Daemons, File, Registry, software and services on Windows . This feature can be very useful to diagnose specific problems and to enable alerts against unexpected changes.

Figure 9 - Consultation of changes

By accessing the Log Analytics console you can also carry out more targeted searches:

Figure 10 – Log Search Analytics

Also in the Change Tracking there is the possibility to connect theAzure Activity Log of an Azure subscription to collect also changes you make in Azure side.

Figure 11 – Azure Activity Log connection

 

Update Management

The solution of Update Management allows a total visibility on the update compliance for both Windows and Linux systems:

Figure 12 - Global status of compliance of the updates on managed systems

Using the search panel you can quickly identify missing updates:

Figure 13 – Identify missing updates

The solution is not only very useful for consultation, It also allows you to schedule the deployment to install the updates within a specific maintenance window.

Figure 14 – Deplyment schedule

Very soon, even the ability to deploy on Linux systems. Among the features offered there is the ability to exclude specific updates from the deployment.

Figure 15 - Deployment Settings

Scheduled deployments and their execution status can be monitored in real time directly from the Azure Portal:

Figure 16 – List of scheduled update deployments

Figure 17 – Update Deployment in progress

Figure 18 – Update Deployment successfully completed

Selecting the deployment completed you will be sent to a well-structured and easy-to-use dashboard that allows you to check the details of the deployment:

Figure 19 – Deployment dashboard

Also useful the ability to retrieve logs that are related to deployment for troubleshooting purposes.

Conclusions

These are features that give you the ability to control and manage easily, and efficiently environments composed of few units in the cloud up to contemplate hybrid scenarios with a large number of systems. These features are currently in preview therefore intended to further expand their potential. In particular the functionality of Update Management to manage and orchestrate the updates deployment in complex environments in an efficient and flexible way will have to evolve, but it is definitely in a good point of the develop. For more details of Azure Automation I invite you to consult official documentation.