Ive been trying to get my lab set up and working for our security requirements.  We are going ot implement a MOM environment where ideally no one will log on as admin unless they are doing something major.  This means a number of things have to be scripted / poweshelled / SDK'd.

 

Because Push installs are out (needs admin logon rights) the agent will be installed in the build.  I can then use powershell to approve it.  There are a load of powershell commands with MOM and im just getting used to a few of them.  For agent approval you can use get-agent, get-agentpendingaction and approve-agentpendingaction to approve it.  this is great.  it means we can script this up and you would have to get admin clearance to run this cmdlet but it means we can keep the agent in the build but do not have to weaken the security of mom (i.e. we can leave the "pending agents must be approved option on" rather than allowing the "all and sundry can connect to mom no problem" option).

 

So with that bit sorted out the next question is agent config and currently this looks like its going to be suprisingly difficult.  When you install an agent manually you specify some settings which are along the lines of "USE_MANUALLY_SPECIFIED_SETTINGS" or "USE_AD_SETTINGS" (they arent the exact switches but if you look in the product help they give you the detail).  The problem is if you use AD settings, which you certainly should do as it makes your agents dynamic in terms of learning about new Management Servers and the like it will pick up the default Action Account (the one you configure when you install the Management Server) and there doesnt seem at the moment to be a simple way of changing this.  We looked in powershell but the property is read only (!):

 

>(Get-Agent  | where-object { $_.ComputerName -eq 'BMCDFC' } ).ActionAccountIdentity

SYSTEM

>(Get-Agent  | where-object { $_.ComputerName -eq 'BMCDFC' } ).ActionAccountIdentity = 'bmcdfc0\Bob'

"ActionAccountIdentity" is a ReadOnly property.

Got back on Sunday, back to work Monday....sigh.  Still waking up at unearthly hours so not updated the site for the past couple of days.  I will put something on there tonight.  I'm going to attach a forum so that people can log their questions.  in short MMS was excellent and I would well advise it for people who work in any Windows Platform work as the knowledge you get from knowing System Center is applicable almost across the board.

Its the end of MMS.  So if your a MOM 2005 guy and your moving to MOM 2007 whats the top things to be aware of:

 

1. Groups dont have rules targeted to them any more.  They are just for scoping views now.

2. Groups dont have rules targeted to them any more.  they are just for scopring views now.

3. Groups dont have rules targeted to them any more.  Tey are just for scoping views now.

4. Re-read the above.

5. Rules are now targeted to Roles.  Roles define things in your management space, like databases, computers, agents, IIS Servers and the like.

6. THIS IS MILES BETTER.  You may not believe it initially but once you see how health models roll up you'll be popping champagne corks once you've got it.

7. Although it's quite scary initially, the way the roll / class / type idea works once you have it it will be really useful.

8. Businesses arent going to be ready for what MOM will offer them.  If your current business expectation is what MOM 2005 gives them then they are going to need a second meeting to truly grasp the power of OM 2007.

9. Its a full time job.  no question.  MOM 2005 in a lot of companies is something that people did along with running the day-to-day.  With this product that stops.  categorically.  If you try and run OM 2007 as a bit part, on the side monitoring solution it will work beautifully but what you will miss out on is huge and would easily outweight the cost of employing someone full time to do monitoring.

10. If you weren't at MMS, go next year.  Just the sessions with the MMS product guys is worth it in itself.

 

Other things from MMS:

 

1. Look out for Virtual Machine Manager.  It beings microsofts VM offerings up to and possibly past VMWare.

2. SCCM.  As soon as you've got OM mastered, you won't be sitting on your laurels...!

Just been to a superb presentation by Lorenzo Rizzi on how the new workflow engines work.  This included how relationships between different entities mean you can roll up health of systems across classes as well as the traditional bubbling up which was great.

 

There's some cool things with correlation as well: you can now say things like "if event a occurs and then event B (different criteria) occur within 30 seconds then change this state and if we dont hear any more from them for the next 45 seconds then change the state back to green".  wow!  And there were many variations on this as well.

 

It's going to be a massive challenge to design custom applicaiton monitoring in new environments - things have gone up about ten fold since MOM 2005 days - but at the moment only experience will tell as its a new product.

 

The deployment guide was released today as well which will make invalauable reading for anyone who is getting started.  You can find a link to it from www.momanswers.net

 

 

Im here at MMS in San Diego and there is a lot of new information to be had.

 

MOM 2007 (OpsMgr 2007 to be exact) has been released to manufacture.  There will be loads of work coming up as people migrate off MOM 2005 to this now.

 

The sessions are revealing all sorts of things.  Here's just a few things to bear in mind..

 

1. Cluster the Root Management Server.  If it goes down you wont be able to access the console.

2. You can write in parallel to the Operational Database and the Reporting database.  No more DTS jobs.  Thanks God.

3. The Root Management Server sends data to other Management Servers about configuration changes.

4. Rules in MOM 2005 are replaced with Rules and Monitors.

5. Groups no longer get rules targeted at them.  Rules are now targeted to roles, which are another word for classes.  Have a look at my explanation at www.momanswers.net .

 

There's lots of things being announced.  My brain feels like its going to fall out.

 

Have a look at Virtual Machine Manager if you can.  Its superb.