Microsoft Operations Management Suite - Overview. Part number 1

“And, another cloud monitoring using System Center! ..” - a few disappointedly pulled some colleagues, glancing at Microsoft Operations Management Suite (hereinafter referred to as OMS).
Someone noted that he did not understand anything about OMS visiting the official product page. And someone - for example, I - caught fire to review the components of the service and its functions. This is the first post about OMS. Below are some interesting product features and step-by-step instructions on how to start using OMS.


')
What is OMS?

Microsoft Operations Management Suite (OMS) is a comprehensive SaaS solution for managing corporate hybrid cloud environments. Microsoft Operations Management Suite provides a single portal for monitoring the IT infrastructure of any configuration: a private cloud or a hybrid environment that combines public and partner cloud services with the company's local data centers
“Operations” - OMS allows you to quickly manage and assess threats to your IT infrastructure.
"Suite" - OMS is a set of component services, the functionality of which is gradually expanding.

Under the management of OMS can be:

• Microsoft Azure Public Cloud Platform, Amazon Web Services, Russian Partner Public Clouds (COSN);
• Microsoft Azure Stack, Microsoft Hyper-V, VMware, OpenStack private cloud platforms;
• OS Linux, Microsoft Windows Server;
• Integration with the Microsoft System Center Operations Manager 2012 R2 Management Team and higher.

The service is focused on enterprises of different levels and with a different number of servers. The value of the product will be appreciated by system administrators, IT security staff, and analysts.

Why is this necessary?

To answer this question, you need to understand what OMS can do.

Out of the box, a professional OMS user receives:

1) Log Analytics: gathering data from event logs, analysis tools, visual presentations, exporting investigation results and further visualization with tools such as Power BI; Log Analytics gives you a “total immersion” in investigating the events of your IT infrastructure and helps you find answers to a number of technical questions. For example, who is added to the domain administrators group? Or maybe some non-core software was installed on the server?
2) Automation: automate actions using PowerShell both in the public cloud and in the local infrastructure.
3) Backup: backup your servers in Azure. Install the backup agent and start the backup, or integrate the System Center Data Protection Manager and use Azure to store backups.
4) Site Recovery: the service ensures the safety of workloads, servers and users. For example, you can create a replica of your site running Microsoft Hyper-V and System Center or VMware ESXi and vCenter.

The meaning of using OMS becomes obvious if you try to calculate the cost of stand-alone solutions for collecting event logs, storing and providing a tool for analytical investigation. And what if the company is large, many servers and services, and the number of events within the corporate IT infrastructure is measured in millions per year? How many investments will be needed to implement a high-performance SAN, cluster nodes for big data processing, backup storage, backup tools, automation, etc.?

This is a slice of large (albeit machine) data, the maintenance and maintenance of which leads to very high costs.

In addition to costs, it is worth thinking about efficiency. Turnkey solution, simple query tools, automation, etc. What should be the competence of the company's specialists to deploy such services? Of course, competent specialists are also needed to use OMS, but at the start the requirements are much lower, because the service is already ready! There is no need to dive into the study of the technological side and further support of the technological level.

In general, we have a service that provides everything you need to manage your infrastructure.

OMS is deployed with more than 10 thousand Microsoft clients, collectively supports tens of thousands of servers and has already managed to collect several trillion events. This is really big data that allows you to hope for the accuracy of analytics in the performance of OMS.

How does OMS work?

The scheme allows you to evaluate the architecture of OMS and the mechanisms of its work.



"Machine Data"

The term “Machine Data” is mentioned. These are system data and events that generate a huge amount of applications and devices. Of course, such data is a good and accurate source of information for analyzing the IT infrastructure.

Among the sources of machine data may be event logs, IIS logs, security logs, performance counters, Syslog, SNMP events, etc. At the current time, OMS supports standard Windows, Linux logs and Azure Diagnostics data.

"Agent"

Agent is a software component that is installed on a Windows or Linux server. It is an updated version of the Microsoft Monitoring Agent used in the System Center Operations Manager 2012 R2 infrastructure and above. The key difference of the OMS agent is the ability to connect the agent directly to the OMS subscription.

This is shown in the screenshot below.



OMS

OMS is the service technology core, which is a set of Azure services, plus the most powerful distributed cluster application for processing large machine data in real time.

The process goes something like this:

1) An OMS agent installed on a Windows or Linux server collects machine data and sends it to the OMS management group via the Internet;
2) The resulting machine data is encrypted and stored in the Azure storage (for each customer individual storage);
3) When using analytics and searching in a machine data set, requests are processed in real time, and the result is presented to the user;
4) Scheduled run scores for SQL Server, Active Directory, updates, security and other services; this information is again provided to the user.
5) The agent runs automation tasks on the local site.

How to start using?

Implementing such a service is not easy, but using it is much easier than it seems.

Step number 1.

Go to the OMS page and register: MICROSOFT.COM/OMS

Immediately after registration, you receive a ready-made service with a subscription to the free service plan Free.

The limitations of this plan - storing machine data for only 7 days and a limit on loading up to 500 MB of machine data per day - is not an obstacle in order to understand, using the example of a small piece of infrastructure, whether the service will really be useful specifically for your tasks.

The picture below shows the registration process of the start of use.



Step number 2.

Add a “Solution”.
On the left side of the panel, click the “Solutions Gallery” button and select the solutions you need (for example, Change Tracking).



Step number 3.

Install an agent or connect a SCOM management group.

On the main panel of the OMS portal, scroll to the Settings button and click it.
Next, go to the CONNECTED SOURCES section. Install the required agent using WORKSPACE ID and PRIMARY KEY.



In a few minutes you will see in this section the changed state of the connected servers, approximately as in the figure above.

Next in the DATA section, select the logs and performance counters that you need, and that's it. The process is running.



There are two subtleties:

1) In order to interact with the management group, the OMS agent must have access to the Internet to certain websites:

* .ods.opinsights.azure.com Port 443
* .oms.opinsights.azure.com Port 443
ods.systemcenteradvisor.com Port 443
* .blob.core.windows.net / Port 443

2) If you connect the SCOM management group to the OMS service, then access to certain nodes on the Internet is necessary for the management servers and the computer from which the connection to the OMS is configured in the SCOM console.

Below is a link to the official OMS configuration resource, and a full list of exceptions.
technet.microsoft.com/en-us/library/mt484101.aspx

I recommend everyone to try and evaluate OMS to perform your “oversight” corporate infrastructure tasks. In my opinion, this is a really useful service for administrators.

In the next article I will talk about the solution gallery and the possibilities provided by the Microsoft Operations Management Suite service.

Any questions on the topic of the post? Ask them in the comments.

Alexey Baltikov
Systems Engineer, MCT
Softline Company