Category Archives: System Center

System Center Virtual Machine Manager 1711: managing virtual machines on Azure

As is already the case for the operating system from next year for the System Center products Microsoft will release updated versions every 6 months (semi-annual channel). The main objective of releasing new versions of the product at a higher rate is to improve support for increasingly heterogeneous environments, enhancing the user experience, performance and stability, and ensure a speedy integration with the cloud world.

Figure 1 – Release Cadence of System Center products

The only exception is that Configuration Manager will continue to respect the release of 3 versions every year to better support integration with Intune.

System Center 1801 will introduce new features with regard to Operations Manager, Virtual Machine Manager, and Data Protection Manager, while for Orchestrator \ SMA and Service Manager will include only security-related updates and resolution of issues.

In November was announced the preview of the new version of System Center (version 1711) which you can download at this link to evaluate the new features that will be introduced in the next year.

In this article, we will learn the feature found in Virtual Machine Manager that allows you to manage Azure virtual machines from SCVMM console. With the current version of Virtual Machine Manager, this feature is now limited because it only supports the management of virtual machines that you create with the defined deployment model Azure Service Management (ASM) and only for the public region of Azure. Even the authentication process must necessarily be done through management certificate. In SCVMM 1711 (Technical Preview) the integration to manage virtual machines in Azure extends by introducing the following changes:

Support for virtual machines created using the deployment model Azure Resource Manager (ARM).
Authentication in Azure Active Directory and not only certificate-based.
Subscription management present not only in the public region of Azure, but also in specific region as Germany, China and US Government.

Following are the steps that you must follow to configure this integration using Azure Active Directory as authentication and authorization process. This authentication method is required to manage both Azure virtual machines created in classic mode (ASM) that in ARM mode. To do this configuration it is necessary to create an Azure Application and assign the necessary permissions to access to the Azure subscription. To create the application you can follow the step reported in detail in Microsoft's official documentation.

Figure 2 – Adding a new Azure Active Directory Application

After you create the Azure Application you should make a note of its Application ID and you need to generate a new Application Key. These values are required by the configuration wizard of SCVMM:

Figure 3 - Application ID and the generation of an authentication key

The Azure AD Application must be a member of a role that only allow you to manage the virtual machines in the Azure subscription. For this reason, you must associate the App you just created to the role Virtual Machine Contributor in the Azure subscription.

Figure 4 - Assignment of the role "Virtual Machine Contributor" to the Azure AD App

By accessing the Virtual Machine Manager console, from the workspace VMs and Services you can add one or more Azure subscriptions:

Figure 5 – Addition of the Azure subscription from the SCVMM console

The configuration screen requires the input of data relating to the subscription and the information to perform the authentication process by Azure AD App:

Figure 6 – Subscription data and authentication information through Azure AD

At the end of this configuration will be displayed in the Virtual Machine Manager console the virtual machines configured in the Azure subscription. On these virtual machines at the moment you can do only the following basic tasks: Start, Stop, Stop e Deallocate, Restart and launch the RDP connection. In addition, for each virtual machine there are some information related to the configuration of the Azure environment.

Figure 7 – Managing Azure virtual machines from SCVMM console

Conclusions

Having in a single console all virtual machines, including those present in Azure, enables administrators to manage, even with simple tasks, easily and with greater rapidity hybrid environments. At the moment it comes as a basic integration but thanks to an accelerated release cycle expected for Virtual Machine Manager is very likely that this integration can be expanded more and more.

Integration between System Center Operations Manager and OMS Log Analytics

For those who are using System Center Operations Manager (SCOM) there is the possibility to extend the functionality of the product, enabling integration with Log Analytics. This allows you to benefit the potential of OMS to get a more efficient and complete strategy for monitoring your infrastructure . In this article we will analyze the steps that you must follow to enable this integration and we will parse the function of the architecture.

Before you enable this kind of integration you must ensure that you have one of the following supported versions of SCOM :

Operations Manager 2016.
Operations Manager 2012 R2 UR2 or higher.
Operations Manager 2012 SP1 UR6 or higher.

Also you should allow outgoing traffic, to the OMS cloud services, coming from monitor agents, from the Management Servers and from the SCOM console, directly or via an OMS Gateway.

The integration process is done by using the Operations Manager console according to few simple steps later reported:

Figure 1 – Start the registration process

Figure 2 — Select the OMS environment

Figure 3 – Start the authentication process

Figure 4 – Selection of the OMS workspace you plan to incorporate in SCOM

Figure 5 - Confirmation Screen Settings

Figure 6 -Final Confirmation

At the end of this configuration the connection is established towards the OMS workspace, but no data of SCOM agents connected to the SCOM management group is sent to Log Analytics. In order to collect the data from managed Operations Manager agents in Log Analytics is selectively required going to specify individual computer objects or a group that contains your Windows computer objects. The whole can be carried out directly from the branch Connection in the section Operations Management Suite:

Figure 7 – Selection of computer objects that you want to enable

At the end of this operation in the OMS portal it is possible to check the connection status of its Management Group and the number of connected servers:

Figure 8 - Information reported in the OMS portal after the integration

From the SCOM console you can check the status of the OMS connection browsing the section Operations Management Suite – Health State of the workspace Monitoring:

Figure 9 - Property Authentication service URI in the Health State of the Management Server

After establishing the connection between the SCOM infrastructure and the OMS workspace, the Management Server will start to receive configuration updates by OMS web services in the form of Management Packs, that include both the base MPs that those relating to solutions that have been enabled. Operations Manager carries out checks at regular intervals to check for updates for these Management Packs. This behavior is governed by these SCOM rules:

SystemCenter.Advisor.MPUpdate: handles updating of base MPs of OMS and by default runs every 12 hours.
SystemCenter.Advisor.Core.GetIntelligencePacksRule: handle upgrade of MPs related to enabled OMS solutions in the connected workspace and by default it is performed every five minutes.

Such behavior can be managed by changing the frequency or completely disabling updates (parameter Enabled) by configuring overrides of the above rules.

By accessing the workspace Administration and filtering the Management Pack for Advisor or Intelligence list the MPs downloaded and installed according to the solutions enabled in your OMS workspace:

Figure 10 – Management Packs list with name containing "Advisor"

Figure 11 – Management Packs list with name containing "Intelligence"

Figure 12 – List of Solutions installed on the OMS Workspace

As you can see for each installed OMS solution there is a corresponding Management Pack imported into the Operations Manager infrastructure.

At the end of this configuration also the communication-enabled monitor agents can send the required data from the solution directly to the OMS web service or the solution's data can be sent directly from the SCOM Management Server to the connected OMS workspace. Everything depends on the solution enabled and in no case this information are saved within the Operations Manager databasea (OperationsManager and OperationsManagerDW). If the Management Server lost the connectivity to the OMS web service data are maintained cached locally until the restart of the communication. In case the Management Server remain offline for an extended period the communication with OMS can be picked up by other Management servers in the same Management Group.

Figure 13 – Chart with communications between SCOM and OMS infrastructure components

In order to control and regulate the internet connections of monitored systems and of Management Servers to the public OMS URL you can implement a OMS Gateway:

Figure 14 – Communications between SCOM and OMS infrastructure components in the presence of an OMS Gateway

In this way the only system that must be enabled to access to the Public URL of Operations Management Suite is the OMS Gateway and all others systems will point to this machine. To apply this type of configuration is necessary, after implementing the system with this role, specify the IP address of the OMS Gateway in the proxy server with the prefix http://.

Figure 15 - Proxy Server configuration used to access the OMS cloud services

Figure 16 – IP address of the OMS Gateway with http prefix://

If you need to enable only certain systems using the OMS Gateway going to act on the rule Advisor Proxy Setting Rule and create an Override for the health service object going to populate the parameter WebProxyAddress with the URL of the OMS Gateway.

Conclusions

Microsoft Operations Management Suite (OMS) is a solution based entirely on the cloud, in constant evolution and with new features being added and extended in rapid frequency. Through this integration you can then combine the speed and efficiency inherent in OMS in collecting, hold and analyze data, with the potential of Operations Manager. This allows you to continue using the existing SCOM infrastructure to monitor your environment, keeping any integration with IT Service Management solutions (ITSM) and benefit at the same time also the potential offered by Microsoft Operations Management Suite (OMS).

OMS and System Center: What's New in November 2017

In November there have been several announcements from Microsoft concerning Operations Management Suite (OMS) and System Center. This article will summarize briefly with the necessary references to be able to conduct further studies.

Operations Management Suite (OMS)

Log Analytics

As already announced since 30 October 2017 Microsoft has launched the upgrade process of the OMS workspaces not yet updated manually. In this regard has been released this useful document that shows the differences between a legacy OMS workspace and a updated OMS workspace, with references for further details.

Solutions

Those that use circuit ExpressRoute will be glad to know that Microsoft announced the ability to monitor it through Network Performance Monitor (NPM). This is a feature currently in preview that allows you to monitor connectivity and performance between the on-premises environment and vNet in Azure in the presence of ExpressRoute circuit. For more details about the features announced you can consult theofficial article.

Figure 1 – Network map showing details of ExpressRoute connectivity

Agent

As usual it was released a new version of the OMS Agent for Linux systems that now takes place on a monthly basis. This release fixes bugs related diagnostics during agents onboarding. Are not being introduced new features. To obtain the updated version please visit the official GitHub page OMS Agent for Linux Patch v 1.4.2-124.

Protection and Disaster Recovery

Azure Backup always protected backups from on-premises world toward Azure using encryption that takes place using the passphrase defined during the configuration of the solution. To protect VMs in Azure the recommendation for greater security in the backup was to use VMs with disk-encrypted. Now Azure Backup uses Storage Service Encryption (SSE) to do the encryption of backups of virtual machines on Azure, allowing to obtain in an integrated manner in the solution a mechanism for the implementation of the backup security. This also will happen to existing backup automatically and through a background task.

Microsoft, in order to bring more clarity with regard to pricing and licensing of Azure Site Recovery, updated the FAQ which you can see in the official page of pricing of the solution.

System Center

As is already the case for the operating system and System Center Configuration Manager, the other System Center products, in particular, Operations Manager, Virtual Machine Manager, and Data Protection Manager will follow a release of updated versions every 6 months (semi-annual channel). The goal is to rapidly deliver new capabilities and to ensure a speedy integration with the cloud world, which is essential given the speed with which it evolves. In November was announced the System Center preview version 1711 which you can download at this link.

Figure 2 – Summary of what's new in System Center preview version 1711

To know the details of the new features in this release, please consult theofficial announcement.

System Center Configuration Manager

For System Center Configuration Manager current branch version 1706 was issued an important update rollup you should apply as it solves a lot of problems.

Released the version 1710 for the Current Branch (CB) of System Center Configuration Manager that introduces new features and major improvements in the product. Among the main innovations of this update definitely emerge the possibilities offered by the Co-management that expand the possibilities for device management using either System Center Configuration Manager and Microsoft Intune.

Figure 3 – Features and benefits of Co-management

For a complete list of new features introduced in this version of Configuration Manager, you can consult theofficial announcement.

Released the version 1711 for the Technical Preview branch of System Center Configuration Manager. The new features in this update are:

Improvements in the new Run Task Sequence step.
User interaction when installing applications in the System context even when running a task sequence.
New options, in the scenario of using Configuration Manager associated with Microsoft Intune, to manage compliance policy for devices Windows 10 related to Firewall, User Account Control, Windows Defender Antivirus, and OS build versioning.

I remind you that the releases in the Technical Preview Branch allows you to evaluate in preview new SCCM functionality and is recommended to apply these updates only in test environments.

Released an updated version of the Configuration Manager Client Messaging SDK.

System Center Operations Manager

Released the new wave of the SQL Server Management Packs (version 7.0.0.0):

The Management Packs for SQL Server 2017 can be used for the monitor of SQL Server 2017 and subsequent releases (version agnostic), this allows you to avoid having to manage different MPs for each version of SQL Server. The controls for versions of SQL Server earlier than 2014 are included in the generic MP "Microsoft System Center Management Pack for SQL Server".

System Center Service Manager

Microsoft has published a series of tips and best practices to be followed during Authoring Management Pack of System Center Service Manager (SCSM).

Please remember that in order to test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

System Center 2016: upgrade of Virtual Machine Manager in high availability

In certain environments System Center Virtual Machine Manager (SCVMM) plays a major role within your infrastructure, to the point that it requires a configuration in high availability. This happens especially at large infrastructures that host a large number of virtual machines, such as Service Provider, where Virtual Machine Manager is used extensively to perform different tasks of managing your virtual datacenter and deliver services. Thanks to the new features in Windows Server 2016 you can address the upgrade of deployments in high availability of SCVMM minimizing catches of service. This article will examine what steps to take to upgrade to Virtual Machine Manager 2016 in a high availability implementation.

A requirement to continue this activity is that Virtual Machine Manager 2012 R2 is updated with at least the update rollup 9. It is also important to ensure that the SCVMM database is hosted on a SQL Server instance of a supported version from SCVMM 2016. Before you begin the activity is essential to carry out the operations mentioned in the specific section of the official Microsoft documentation, in particular, you should ensure that you have a backup of the SCVMM database.

At this point you can follow the steps below that, also relying on the capabilities of Cluster Operating System Rolling Upgrade, allow you to update the implementation of SCVMM 2012 R2 minimizing the catch of the service only for the time needed for a failover and allowing you to also make the switch to Windows Server 2016 of the various nodes in the cluster.

The procedure initially plans to add to the existing cluster that hosts Virtual Machine Manager and with nodes based on Windows Server 2012 R2, an equal number of nodes Windows Server 2016.

Figure 1 – Adding cluster nodes

Figure 2 – Choose servers to add to the cluster environment

Figure 3 - Confirmation of the nodes to add to the cluster

Figure 4 - Adding nodes successfully completed

Since then the cluster will come in Mixed Mode with both nodes Windows Server 2012 R2 and nodes Windows Server 2016 and will continue to provide the service of SCVMM.

Figure 5 – Cluster consisting of nodes Windows Server 2012 R2 and nodes Windows Server 2016

On nodes Windows Server 2016 you must install the component Assessment and Deployment kit (ADK) of Windows 10 and proceed to install Virtual Machine Manager 2016. The installation can also be done on Windows Server 2016 without the desktop experience, assuming that you do not need to set up on the same system the SCVMM Library and that Operations Manager integration is not necessary, as it requires the presence of SCOM console which is not supported on server core.

Figure 6 - Setup of Virtual Machine Manager 2016 in a environment Windows Server 2016 (core)

The setup automatically detects the presence of a highly available SCVMM environment and prompts you to add the new SCVMM server as a node of the actual installation.

Figure 7 – Detection of HA environment

Figure 8 – Selecting features to install

Then you are prompted for information for product registration (Name, Organization and Product Key) and you must accept the license agreement. Continuing with the setup you are prompted as follows:

Figure 9 - Selecting the settings for updating SCVMM via Windows Update

Figure 10 – SCVMM installation path

The check of prerequisites checks whether the environment is suitable to accommodate the installation of SCVMM and returns any warning or error conditions:

Figure 11 – Check the prerequisites

The SQL Server command line utilities is required for SQL Server data-tier apps present in the SCVMM Fabric.

The configuration for your database is detected automatically, you can not edit it, and the setup requires upgrading of the SCVMM database recognizing that it is a DB on the previous version of SCVMM:

Figure 12 – Configuration for accessing the SCVMM database and upgrade notification

Then you are prompted to enter the password of the service account of SCVMM, which must be an administrator of the machine where you are performing the installation:

Figure 13 - Service Account and Distributed Key Management configuration

Even the ports used by the different features of SCVMM are inherited by the current installation and is not allowed to change them during setup:

Figure 14 - Summary non-editable of the ports used by the Management Server

During the setup of a Virtual Machine Manager environment in high availability you cannot specify settings related to the Library, but you must take care of it after the installation.

Figure 15 - Library settings unavailable

At this point, the setup shows a compatibility report where are highlighted some aspects to consider regarding the installation process:

Figure 16 – Upgrade compatibility report

As the last step shows a summary of your choices and you can start the installation process:

Figure 17 – Summary of installation choices

Figure 18 – Setup completed successfully

After the installation it is recommended to install the latest update rollup for System Center Virtual Machine Manager.

Concluded this setup on all new cluster nodes you want to add, you can fail over the SCVMM service to one of the upgraded nodes. After you make sure of the correct functioning of the Virtual Machine Manager 2016 you can proceed with the removal of nodes with SCVMM 2012 R2 and its uninstallation:

Figure 19 - Evict nodes with SCVMM 2012 R2

Following is appropriate to adjust if necessary the configuration relative to the Quorum in the cluster environment and validate the configuration using the Cluster Validation Wizard. Only when there is the certainty that the environment is in a final stable condition you can update the Functional Level of the cluster through the cmdlet Powershell Update-ClusterFunctionalLevel (non-reversible operation).

Finally you should consider conducting the following:

Update all SCVMM agents.
If the deployment of SCVMM 2012 R2 was integrated with Azure Site Recovery you need to completely repeat the installation and configuration.
Configure the possible integration with Operations Manager. In this regard it should be noted that the System Center components must comply with a precise order in the upgrade process and SCOM needs to be updated before than SCVMM.
Removing and adding driver packages to the Library of SCVMM to allow you to properly complete the discovery process.
If there is a PXE server in the Fabric of SCVMM it is necessary to remove it and add it again to renew certificates used by role.

Figure 20 – Removal of systems with PXE Server role

Figure 21 - Adding systems with the role of PXE Server

Conclusions

Virtual Machine Manager upgrade process in high availability needs to be approached with utmost caution given the likely criticality of the service, but the intended upgrade path is simple and also thanks to the functionality of Cluster Operating System Rolling Upgrade introduced in Windows Server 2016 it is possible to upgrade the entire environment contemplating also the update of the operating system of the nodes that host SCVMM, with a short stop given by one failover activity.

OMS and System Center: What's New in October 2017

This article lists the main changes announced in October concerning Operations Management Suite (OMS) and System Center. This is a concise summary that contains the necessary references for further study.

Operations Management Suite (OMS)

Log Analytics

In Log Analytics in August was released a major update that introduces a number of changes, as the powerful new query language, the introduction of the new Advanced Analytics portal and greater integration with Power BI. For further information you can consult the specific article Log Analytics: a major update evolves the solution. During the month, Microsoft announced that from 30 October 2017 is started automatically the upgrade process of the OMS workspaces not yet updated manually. Everything will be done in a gradual way for region according to the schedule below:

Figure 1 - Scheduling for rollout of the upgrade of Log Analytics

Also starting from 16 October 2017 the new OMS workspaces are already build in the new mode and there is no possibility to create a legacy workspace. For further information you can consult the article Azure Log Analytics workspace upgrades are in progress.

Solutions

Thanks to the solution Azure Log Analytics Container Monitoring for the Service Fabric under Linux now you can:

Centralize and correlate logs that are related to containers.
For containers and nodes display in almost real-time metrics for CPU, memory, storage and network utilization.
Identify containers with excessive use of resources.
Control the use of process-wide resources (Docker container top).
See an inventory of the container node that contains information about the Orchestration.

Figure 2 – Container Monitoring solution for Linux Service Fabric

The presence of an Azure Resource Manager (ARM) template that lets you create a new Log Analytics Workspace and install during the deployment the OMS agent on all nodes of the Service Fabric cluster facilitates the activation of the monitor. At the end of the cluster deployment simply add to the workspace of Log Analytics the solution Container Monitoring available in Azure Marketplace, and in a few minutes will be available in Log Analytics information on the Service Fabric. For further information you can consult the article Azure Log Analytics Container Monitoring solution for Linux process Fabric.

By using the Azure Action Groups you can use the Log Analytics solution IT Service Management Connector Solution to automatically open incident in your product or service of IT Service Management (ITSM), if properly supported, against alert generated in the Azure environment. The steps to configure this new feature is documented in the ad Send your Azure alerts to ITSM tools using Action Groups.

Agent

Released a new version of the OMS agent for Linux systems that mainly has solved some bugs and introduced some useful improvements. For more details and to get the updated version please refer to the official GitHub page OMS Agent for Linux GA v 1.4.1-123

Figure 3 – Bug fixes and what's new for the OMS agent for Linux

Azure Automation

As for Azure Automation have been announced, currently in preview, exciting new features:

Update management: it allows you to have visibility on the updates compliance for both Windows and Linux systems, regardless of their location (Azure, on-premises or others cloud). It also allows you to schedule the deployment to install the updates within a specific maintenance window. Among the features offered is the ability to exclude specific updates from the deployment and retrieve logs for the deployment useful for troubleshooting.
Inventory: it allows you to retrieve inventory information about the installed applications within systems. All this can easily be accessed directly from the portal Azure.
Track changes: useful for monitoring changes made to systems for services, daemons, software, registry and files. This feature can be very useful to diagnose specific problems and to enable alerts against unexpected changes.

Figure 4 – New features in preview of Azure Automation

For further details please consult the specific article What's New in Azure Automation: Inventory, Change Tracking and Update Management.

Azure Automation also introduces the ability to implement runbook written in Python 2 and adds support for the role Hybrid Runbook Worker under Linux. These features are currently in public preview.

System Center

TheUpdate Rollup 4 for Microsoft System Center 2016 has been released.

These are the System Center products affected by the update that resolves several issues and introduces some improvements:

Operations Manager (4024941)
Virtual Machine Manager (4041074)
Data Protection Manager (4043316)
Orchestrator (4047355)
Service Manager (4024038)

The Update rollup 4 introduces support for the security protocol TLS 1.2 for all encrypted communications. Earlier versions of TLS and SSL encryption mechanisms are not considered with a high level of security, for this reason Microsoft has decided to introduce for the following System Center products official support for the security protocol TLS 1.2:

System Center Operations Manager (SCOM)
System Center Virtual Machine Manager (SCVMM)
System Center Data Protection Manager (SCDPM)
System Center Orchestrator (SCO)
Service Management Automation (SMA)
Service Provider Foundation (SPF)
System Center Service Manager (SM)

Enabling TLS 1.2 requires that you follow the following macro step:

Install security updates for Windows Server, .NET 4.6 and SQL Server.
Install the Update Rollup 4 of System Center 2016 on the different components. Regarding Service Management Automation (SMA) and Service Provider Foundation (SPF) you still need to apply the latest Update Rollup available. In addition to SMA you need to update its Management Pack.
Change the settings to enable TLS 1.2 in the Windows environment on all System Center components.
Adapt the System Center component-specific settings that require it (SCOM, SCDPM and SCO).

For more details you can follow the specific deployment guide.

System Center Configuration Manager

Released version 1709 for the branch Technical Preview of System Center Configuration Manager: Update 1709 for Configuration Manager Technical Preview Branch – Available Now!

The new features in this update are:

Co-management: solution that allows the management of devices using either System Center Configuration Manager and Microsoft Intune. Thanks to Windows 10 Fall Creators Update there is the opportunity to join the device both to the Active Directory domain (AD) on-premises and to Azure AD in the cloud. This expands the possibilities for management of devices using the Configuration Manager client and the MDM agent of Intune.

Figure 5 – Co-Management from the SCCM console

Improvement regarding the use of SCCM connected to Intune for the management of the mobile devices with regard to the settings of VPN profiles. With this update, in fact while creating a new VPN profile shows only the appropriate settings for the platform that you intend to configure. More details about you can retrieve them in this article.

Also released version 1710 always for the branch Technical Preview of System Center Configuration Manager. The many innovations introduced with this update are available in the announcement Update 1710 for Configuration Manager Technical Preview Branch – Available Now!.

I remind you that the releases in the Technical Preview Branch allows you to evaluate in preview new SCCM functionality and is recommended to apply these updates only in test environments.

System Center Operations Manager

In the table below the news about SCOM Management Pack 2016:

New versions available for DHCP Service Management Pack:
- Windows Server DHCP 2016
- Windows Server DHCP 2012 R2

The changes introduced by these new MPs can be found in the article DHCP 2016 and 2012 R2 Management Pack release.

Microsoft Advanced Threat Analytics Management Pack version 8.1.1
Released two Management Packs for SQL Server in public preview:
- Sql Server Management Packs Update (6.7.34.0)
- SQL Server 2017+ and Replication Management Pack (RC). An interesting innovation is the '+' symbol in the name of the MP indicating that it can be used to monitor the SQL Server 2017 and subsequent releases (vesion agnostic) to avoid having to manage different MP for each version of SQL Server.
Released a MP for the monitor of Office 365 through synthetic transactions it is able to control mail flow and licensing.
Released the new PowerShell Monitoring Management Pack. It is an MP open sorce available free to this link that adds support for PowerShell in the Authoring SCOM console branch.
New Management Packs for Orchestrator and Orchestrator – Service Management Automation.

System Center Orchestrator

Released the latest version of’Integration Pack for System Center 2016.

To test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

OMS Log Analytics: How to collect Virtual Machine Manager jobs

In OMS there is a new solution Virtual Machine Manager (VMM) Analytics that allows to centralize inside Log Analytics, jobs from one or more instances of Virtual Machine Manager to have an overview of all activities performed by VMM in the virtualization infrastructure.

In this article we will see how to enable and configure this new solution so you can use the tools offered by the OMS platform to more easily diagnose any issues related to the activities carried out on the virtualization hosts and virtual machines using Virtual Machine Manager. Furthermore, through the power of language to create queries in OMS you can search and correlate data collected by others OMS solutions in a simple and functional way.. Don't overlook the possibility of implementing automated tasks through runbooks in Azure Automation for the resolution of any issues.

In order to implement the solution Virtual Machine Manager (VMM) Analytics you will need the following requirements:

Azure Subscription.
OMS Workspace where to deploy the solution.
Azure Automation Account with the presence of the Hybrid Worker role able to communicate with Virtual Machine Manager.
Credentials with read permission on the VMM server from which you want to collect information.

It is an open-source solution that can be included in the workspace OMS following this steps.

First, it is necessary to access the Azure Portal and select the subscription that contains the OMS workspace which you want to add the solution. To start the deployment of the solution simply access to its GitHub page and press the button Deploy to Azure. Automatically compare the template that requires the inclusion of the following parameters:

Figure 1 – Parameters required by the template of the solution

The template of the solution requires you to select, in addition to the basic information such as the name of the Subscription and the Resource Group, the name and the region of the OMS Workspace on which will be deployed the solution. Are also requests information relating to the Automated Account that will contains everything needed for the automation allowing the solution to catch the information relating to the Virtual Machine Manager system, whose name is specified as the last parameter.

At the end of the deployment of the solution inside the specified Automation Account will be created the runbook called vmmanalytics, thanks to which is carried out the import in Log Analytics of VMM jobs.

Figure 2 – Runbook used by Virtual Machine Manager solution (VMM) Analytics

Now you need to set the variable LastRunTime in the Assets with a string expressed in the form “yyyy-MM-ddTHH:mm:ss.fffffffZ“. This variable specifies the time from which the runbook will begin to collect the jobs of VMM. At every execution of the runbook this variable is updated automatically. As you can see from the following image there are other variables already populated automatically by the process of deployment of the solution:

Figure 3 – variables used by the runbook of the solution

You also need to specify credentials with the appropriate permissions to read jobs from the instance of Virtual Machine Manager:

Figure 4 – Required credentials for collecting VMM jobs

The runbook vmmanalytics can be run manually, but to import in an automatic and recurring way the jobs of VMM in Log Analytics you can create a specific schedule to suit your needs:

Figure 5 – Schedule creation

Afterwards you must attach schedule created to the runbook vmmanalytics and set which Hybrid Worker use to contact the Virtual Machine Manager instance.

Figure 6 – Scheduling and execution parameters of the Runbook

After successfully completing the first run of the Runbook, using the OMS portal you can access the solution Virtual Machine Manager Analytics which includes a number of useful reports to display in a simple and intuitive way the data collected from instances of Virtual Machine Manager.

Figure 7 – Overview of VMM Analytics solution

The dashboard of the solution also allows you to define the time range to filter, more accurately and to suit your needs, the jobs collected from Virtual Machine Manager.

Figure 8 – Defining the Time Range

Conclusions

Thanks to this new solution is made available to the VMM administrators the potential of the OMS platform. This is very useful because you can hypothesize scenarios where are merged into a single OMS workspace jobs from more instances of Virtual Machine Manager. It may be possible to configure OMS alerts to notify working groups on the state of execution of the job performed using VMM and undertake remediations in the face of problems. Also by correlating jobs collected with this solution with information from others OMS solutions as Capacity and Performance and Change Tracking you can simplify troubleshooting and you can more easily identify the causes of any problems. Virtual Machine Manager (VMM) Analytics is an open-source solution so you can contribute to its development by directly accessing its GitHub page.

To test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

OMS and System Center: What's New in September 2017

Even the month of September is full of news and different updates have affected Operations Management Suite (OMS) and System Center, also thanks to Ignite 2017, the annual Microsoft conference of this week in Orlando. This article contains a summary accompanied by useful references for further study.

Operations Management Suite (OMS)

OMS Customers are using the solution Security & Compliance are given the option to use the features found in ’Azure Security Center in order to have a unified management of security and protection of their systems, all without additional cost. This is particularly useful to be able to manage workloads across hybrid environments, regardless of where they reside, on Azure, on-premises, or on other public clouds. Within the Azure Security Center will be automatically handle the security of the systems that are already connected to the solution OMS Security & Compliance and you can add additional machines simply by installing the Microsoft Monitoring Agent. To see details of the features offered I invite you to consult the publication OMS customers can now use Azure Security Center to protect their hybrid cloud workloads. In this regard it is worth noting that to enable the features just in time VM access, dynamic application controls and network threat detection of Azure resources you must select pricing tier Security Center Standard for the Subscription or the Resource Group.

Figure 1 – List of features for the protection of hybrid environments

The Azure portal now includes two features related to Operations Management Suite (OMS): Workspace Settings and View Designer. From the Azure portal you can access the settings of the workspace OMS as shown in the following figure:
Figure 2 – Settings of the Workspace who are accessible from the Azure Portal

Also, the View Designer, that allows you to create custom views, is now accessible directly from the Log Analytics section of Azure portal:

Figure 3 – View Designer available directly from the portal Azure

As already announced in a dedicated article the update of Log Analytics has introduced a new powerful query language. In this useful article highlighted the main changes introduced by the new language.
Another interesting new feature is the ability to run query not only on single workspace OMS, but in a transversal way across multiple workspace. To learn more about you can see Query across resources.
Article Monitoring SQL Azure Data Sync using OMS Log Analytics returns the configuration to be carried out in order to monitor the solution SQL Azure Data Sync using a custom solution OMS. Azure SQL Data Sync allows you to synchronize data in both directions or unidirectional between different Azure SQL database andor to SQL database on-premises. With this procedure you can detect error conditions or warning in the synchronization process so simple, thanks to OMS.
To help you to track the Big Data application involving different technologies was announced in preview the ability to monitor cluster HDInsight with Azure Log Analytics . In this video there are the details of how HDInsight customers can monitor and debug Hadoop, Spark, HBase, Kafka, Interactive Query and cluster Storm.

Solutions

In OMS there is a new solution Virtual Machine Manager (VMM) Analytics for centralizing in Log Analytics the jobs of one or more Virtual Machine Manager to have an overall view of the health and performance of the virtualization infrastructure managed by System Center Virtual Machine Manager.

Figure 4 – Overview of VMM Analytics solution

The solution for the monitor of containers see integration with package manager Helm for Kubernetes cluster in Linux environment. You can then use Helm for the deployment of agent OMS under Kubernetes on Linux.

Agent

Released a new version of the OMS agent for Linux systems that mainly has solved some bugs and introduced an updated version of some of the main components. For more details and to get the updated version please refer to the official GitHub page OMS Agent for Linux GA v 1.4.1-45

Figure 5 – Bug fixes and what's new for the OMS agent for Linux

System Center

System Center Configuration Manager

Released the Cumulative Update 6 for UNIX and Linux clients of Configuration Manager. It is a new version of the client that fixes several bugs and adds support for new Linux distributions. This release also removed support for Unix and Linux distributions even obsolete discontinued by vendor. Customers using the SCCM clients with these versions may continue to use the client updated to Cumulative Update 5. The release announcement and further details can be found in this article.
During Ignite 2017 was announced an interesting feature called co-management that interest the management of the device using either System Center Configuration Manager and Microsoft Intune. With Windows 10 Fall Creators Update there is the possibility to make the join of the device both to the Active Directory domain (AD) on-premises and to Azure AD in the cloud. This expands the possibilities for management of devices using the Configuration Manager client and the MDM agent of Intune. To deepen this topic, you can look in the video section of the Ignite site the sessions with the following reference codes: BRK3057, BRK3075, BRK3076 and BRK2079.

Figure 7 – Co-management devices with SCCM and Intune

System Center Updates Publisher

The release of the final version of System Center Updates Publisher is imminent and certainly much awaited, since this is a solution for several years not updated. During the month it was released the Preview 2 of System Center Updates Publisher. For more details and to evaluate the preview you can consult the article System Center Updates Publisher September 2017 Preview is now available.

By accessing this page you can select the way you find most suitable to test and evaluate free Operations Management Suite (OMS).

OMS and System Center: What's New in August 2017

This article summarizes the main new features and includes upgrades, concerning Operations Management Suite (OMS) and System Center, that were announced during the month of August.

Operations Management Suite (OMS)

Log Analytics

For Log Analytics was published what may be called the most significant upgrade from the date of issue. Among the main changes introduced by this update there is a new powerful query language, the introduction of the new Advanced Analytics portal and greater integration with Power BI. For more details, I invite you to consult the specific article Log Analytics: a major update evolves the solution.

Figure 1 – Upgrade of Log Analytics

Agent

The agent who for Linux systems is constantly evolving and we released a new version that has fixed some bugs and improved error handling during onboarding of agent for easier troubleshooting: OMS Agent for Linux GA v 1.4.0-45

Figure 2 – Bug fixes and what's new for the OMS agent for Linux

Solutions

The OMS solution Network Performance Monitor has been improved and enhanced with the following new features:
- The diagnostic agent: the solution now provides the ability to monitor in a specific view the health status of various agents deployed on the network and in case of problems NPM reports useful diagnostic information for troubleshooting.
- Hop-by-hop latency breakdown: the topology map of the network has been enriched with details of timings found between two specific points.
- Availability on the Azure Portal: as well as continuing to be available from OMS can be added from the Marketplace Azure and used directly by the Azure Portal.
- Presence in additional region of Azure: the solution is now also available for the region Azure West Central US.

For more details see the announcement Improvements to the who Network Performance Monitor.

The emerging technology is becoming more widespread and monitor containers Docker becomes an essential component. For this reason the OMS team announced the availability of the new solution Container Monitoring that allows you to:
- Display in a unique location information for all hosts container.
- Learn which containers are running, where I am and with which image.
- See audit information concerning action taken on container.
- View and search logs for troubleshooting without needing access to hosts Docker.
- Locate the containers that are consuming an excessive amount of resources on the host.
- Display performance information centrally about the container about CPU usage, of memory, storage and network.

Figure 3 – Synthesis pathway of solution Container Monitoring

Full details on the solution Container Monitoring you can consult them in the document Container Monitoring solution in Log Analytics.

Released in preview the new solution for the monitoring of Azure Logic Apps. The solution displays various information about the status of logic app and then drill down to see details useful for troubleshooting. All aspects of this solution you can consult them in Microsoft's official documentation.

Security and Audit

The baseline assessment of OMS Security is enhanced with functionality Web security baseline assessment that was announced in public preview and lets you scan the web server with Internet Information Services (IIS) to check for security vulnerabilities and provides useful recommendations regarding the correct environment setup. The document Baseline Assessment in Operations Management Suite Web Security and Audit Solution shows additional information about.

Figure 4 – Assessment dashboard of Web security baseline

System Center

System Center Configuration Manager

Last month it was released version 1706 for the Current Branch (CB) System Center Configuration Manager as described in the article OMS and System Center: What's New in July 2017. In date 8 August was released a package update to correct some errors that were encountered during the first deployment, but this package introduced problems therefore on 11 August has been replaced with a new version. For those who have updated SCCM to version 1706 between August 8 and August 11 you need to install an additional update as documented in Microsoft knowledge base article Update for System Center Configuration Manager version 1706, first wave. This update can be installed by accessing the node "Updates and Servicing" of the SCCM console. A further update will be released in the coming week to who made the SCCM update to version 1706 prior to August 8.
Released version 1708 for the branch Technical Preview of System Center Configuration Manager: Update 1708 for Configuration Manager Technical Preview Branch – Available Now!. I remind you that the releases in the Technical Preview Branch allows you to evaluate in preview new SCCM functionality and is recommended to apply these updates only in test environments.

System Center Operations Manager

Following the news about the SCOM Management Pack 2016:

Advanced Threat Analytics 1.7 Management Pack version 1.7.1.1.
Service Map Management Pack in public preview: Thanks to this new MP you can integrate maps are created dynamically by the OMS Service solution Map with diagrams of the Distributed Application in Operations Manager to ensure that the latter are dynamically generated and maintained.

For more information I invite you to consult related documentation available online.

Figure 5 – Integration of the Service Map of who and the SCOM Distributed App

Available a hotfix to solve some problems related to the WMI monitor health.

OMS and System Center: What's New in July 2017

We inaugurate a new series of articles that will be published on a monthly basis and that will reflect the main changes, updates and information released within the last month about System Center and Operations Management Suite (OMS). It will be a summary accompanied by references for any insights.

Operations Management Suite (OMS)

Agent

Released the updated version of the OMS agent for Linux systems that solved some bugs and introduced some new features useful to extend the capabilities of OMS: OMS Agent for Linux GA v 1.4.0-12.

Figure 1 – Bug fixes and what's new for the OMS agent for Linux

Protection and Disaster Recovery

In Azure Backup introduced the ability to instant recovery of files and folders using the VM backup Azure. This feature is available for both Windows and Linux virtual machines and allows you to act quickly without having to restore the entire VM to retrieve only certain items: Instant File Recovery from Azure VM backups is now generally available.

Figure 2 – Instant File Recovery

Azure Site Recovery (ASR) introduced support for disks of size up to 4095 GB in disaster recovery scenarios and migrating virtual machines and physical systems on-premises to Azure: Azure Site Recovery now supports large disk sizes in Azure.
Using Azure Site Recovery (ASR) with replication scenarios between different datacenter Azure was included support for virtual machines with Windows Server 2016 and for configurations Storage Spaces: Azure Site Recovery support for Storage Spaces and Windows Server 2016.

System Center

System Center Configuration Manager

Released the version 1706 for the Current Branch (CB) of System Center Configuration Manager that introduces new features and major improvements in the product.

Among the various new products made by this update mainly these issues emerge:

Ability to manage driver updates for Microsoft Surface.
Improving the user experience for Office updates 365.
Added the ability in hardware inventory to collect information about how to enable the SecureBoot and ownership of the TPM.
Important new capabilities in mobile device management in SCCM architectures associated with Microsoft Intune.

For more details about it you can see the article: Now Available: Update 1706 for System Center Configuration Manager.

The update will be available starting from the coming weeks and it will appear a notification on node "Updates and Servicing" the SCCM console when it was performed on automatic download. To force the update you can use this PowerShell script.

Released the version 1707 for the Technical Preview branch of System Center Configuration Manager: Update 1707 for Configuration Manager Technical Preview Branch – Available Now! In the Technical Preview releases Branch help you evaluate the new features of SCCM and it is recommended to apply these updates only in test environments.

If you try to install a new Cloud Management Gateway (CMG) in Configuration Manager current branch version 1702 You may not be able to complete provisioning. In this regard has been released the hotfix described in KB 403015 (Provisioning not completed when creating a Cloud Management Gateway in System Center Configuration Manager version 1702).

System Center Operations Manager

Several SCOM Management Pack 2016 We released a new updated version:

Virtual machine Manager 2016 Management Pack version 0.6.0
Windows Storage Spaces Direct Management Pack version 1.0.46.0
Microsoft Azure Management Pack version 1.5.0.0
Microsoft Azure Stack Management Pack version 1.0.1.0
AD RMS 2016 Management Pack version 10.0.0.0

Virtual Machine Manager 2016: Installation of ’ agent in Windows Server 2016 (Server Core)

This article contains the steps that are required in order to install the Virtual machine Manager Agent via push 2016 on a Windows server 2016 installed in Server Core mode, that is certainly the most common installation option for Hyper-V systems.

Let's start with the specified that during the installation of Windows Server 2016 the wizard asks you to choose one of the following options:

Windows Server 2016 that equates all installation ’ Server Core. This is the recommended server installation mode less than special needs which require the use of the user interface or the graphical tools of management as it requires less disk space usage, reduces the potential attack surface and reduces l ’ management effort. This installation mode is not present in the standard user interface (“Server Graphical Shell”) and to manage the server you must use the command line, Windows PowerShell or you can do it from a remote system.
Windows Server (Server with the Desktop Experience) that corresponds to an equivalent version ’ Full of Windows Server 2012 R2 with installed the feature “Desktop Experience”.

Unlike previous versions of Windows Server there is the possibility of converting a Server Core installation to a Server installation with the Desktop Experience or vice versa, the only possibility of conversion is to perform a new installation of the operating system.

In Windows Server 2016 You can also use the Nano Server mode (for owners of the Datacenter Edition) for having a footprint further reduced. For more information about Nano Server I invite you to consult the following articles Windows Server 2016: Introduction to Nano Servers and Windows Server 2016: Use Nano Server Image Builder.

Trying to push install VMM agent 2016 on a default installation of Windows Server 2016 (Server Core) you will receive the following error message because it is necessary to make a number of preliminary tasks:

Figure 1 – VMM error 2016 on default installation of WS2016

By checking the details of the error you are directed towards a series of checks that should be carried out and that require different corrective actions.

Ensure ' Host ' is online and not blocked by a firewall.

The first point is obvious and requires that the system is online and that there is no firewall blocking the communication systems from the VMM server.

Ensure that file and printer sharing is enabled on ‘Host’ and it not blocked by a firewall.

Using the following command you can check that by default the firewall rule ‘File and Printer Sharing (Echo Request – ICMPv4-In)’ non è abilitata. Nell’immagine seguente è riportato il comando necessario per consentire questo tipo di traffico in ingresso:

Figure 2 – Gestione regola del firewall ‘File and Printer Sharing (Echo Request – ICMPv4-In)‘

Ensure that WMI is enabled on ‘Host’ and it not blocked by a firewall.

Similar situation also regarding the firewall rule to allow traffic Windows Management Instrumentation (WMI) inbound, default is inactive and you must enable the feature:

Figure 3 – Gestione regola del firewall ‘Windows Management Instrumentation (WMI-In)‘

Ensure that there is sufficient free space on the system volume.

Of course you need to make sure that on the system volume there is enough disk space for the installation of the VMM agent that requires a few dozen MB.

Verify that the ADMIN $ share on ' Host ' exists. If the ADMIN $ share does not exist, restart ' Host ' and then try the operation again.

During the first phase of push installation of the VMM agent is done copying the setup share ADMIN $ remote server. Windows Server 2016 installed in server core mode is devoid of the File Server role:

Figure 4 – Check for File Server role

By default there is instead the feature to support the SMB Protocol v 1.0 / CIFS which in this case can safely be removed as unnecessary.

To allow access to this share ADMIN $ You then add the File Server role by using the following Powershell command:

Figure 5 – File Server role installation and removal feature for SMB support v 1.0 / CIFS

Terminate these operations you can install the VMM agent push 2016 on a default installation of Windows Server 2016 (Server Core):

Figure 6 – Job of the VMM agent installation successfully completed

Conclusions

In Windows Server 2016 installed in Server Core mode task as simple as the VMM agent push installation 2016 require a careful and timely system setup, Despite this I believe this installation mode is the preferred choice in most deployment of Hyper-V.