If you’ve ever tried to manually configure the Microsoft Operations Manager (MOM) to watch over a server or an application, you know that the configuration process can be tedious. Microsoft offers out-of-the-box solutions called Management Pack Modules. They provide a set of predefined computer groups and processing rules including filters, alerts, performance monitoring, and threshold rules. The management packs also provide a link to the appropriate Microsoft Knowledgebase article when a problem is detected.
Microsoft offers three management packs: the Base Management Pack, the Application Management Pack, and the BizTalk Server Management Pack. I’ll discuss each of these in detail later on. For now, you should know that the Base Management Pack is included with MOM and is designed to monitor Windows servers. The Application Management Pack is intended for monitoring various types of BackOffice Servers, and the BizTalk Management Pack is intended for those operating Microsoft BizTalk Servers.
MOM requires a base processor license for each processor of each server that MOM is installed on, and for each processor on each device that it manages. At the time of publication, each license costs $349. The Application Management Pack and BizTalk Server Management Pack are licensed separately from the Base Management Pack. To use the Application Management Pack or the BizTalk Server Management Pack, each processor of each server running the pack and each processor of each managed device must have both a base processor license and an Application Management Pack and/or a BizTalk Management Pack license. At this time, each Application Management Pack license and BizTalk Server Management Pack license costs $349.
The Base Management Pack
As I said, the Base Management Pack is included with MOM. The goal of these management pack modules is to provide preconfigured actions and reactions applicable to managing Microsoft Windows 2000 and Windows NT servers. An example of the management pack’s actions and reactions is that MOM monitors the amount of free disk space on each volume of a monitored server (action).
If the amount of free disk space on a volume fell below a threshold value, MOM would take steps to clear some disk space for you (reaction). If MOM was unable to free adequate disk space automatically, MOM would give you prescriptive advice for fixing the problem yourself.
The main areas that the Base Management Pack monitor are Active Directory service, IIS, the core operating system, and the file replication services.
Active Directory service
Active Directory is complex and a lot of things can go wrong with it. If an Active Directory problem is left unsolved, a small problem can quickly turn into a big one. This is why I like the Active Directory module so much. It detects and tries to correct things like replication failures, DNS and global catalog availability issues, and Active Directory response problems.
The Component Services Module (formerly known as the Microsoft Transaction Server module) monitors the event logs for problems affecting the performance, security, and availability of the Component Services. This module routinely checks the component service’s availability and checks for resource issues affecting the component services and configuration and replication errors.
Default Event Collection
The Default Event Collection module is kind of a catch-all module. It compiles the event log data from across your network. It then analyzes the data and generates fully comprehensive reporting and security auditing. This allows you to get a better feel for usage patterns, server capacity, load balancing, and security.
The DHCP module monitors events related to the DHCP Server services. This module checks for stopped services, RPC service failures, and global data, registry data, or database initialization problems.
The DNS Service Module monitors your network’s DNS services. This is another critical module because Active Directory depends so heavily on the DNS services. The DNS Service module monitors DNS availability and checks for memory issues that may affect DNS performance or availability. This module also tests for corrupt data and for DNS naming conflicts, which could indicate a configuration issue.
Internet Information Service (IIS)
If you run a Web server based on IIS, the IIS module is something you don’t want to be without. The IIS module does everything you might expect, such as checking server availability and checking for bad links. It also does a lot of security and application-related monitoring. For example, the IIS service module tests for buffer overrun attacks and denial of service attacks. Furthermore, the service tests for ASP errors, which indicate that a Web application has failed.
For an idea of why ASP error monitoring is so important, consider this. Last January, I made some major revisions to my personal Web site. Although the changes worked well on my staging server, a minor problem generated a lot of errors when I uploaded the new code to the Web. By the time I found out about the error, over 20,000 people had run into the problem. Had I been monitoring the site with this module, I could have found out about the problem and corrected it within minutes instead of hours.
Message Queuing (MSMQ)
The Message Queuing module tests for message queuing problems, which typically include issues like stopping the MSMQ service or a database consistency problem. The MSMQ module can also alert you if someone tries to tamper with a message in transit.
Microsoft Operations Manager 2000
If you’re starting to think that MOM monitors just about everything, you’re right. Thanks to the MOM 2000 module, MOM even monitors itself. With this module, MOM tests itself for configuration errors, SNMP errors, DAS authentication and database location problems, and log file format issues.
The .NET Framework module is brand new with MOM SP1. This module contains a few basic rules for monitoring applications that depend on the .NET framework. To get any real benefit out of this module, though, most people will have to write their own rules that are specifically tailored to the application being monitored.
Network Load Balancing
Also new with MOM Service Pack 1 is the Network Load Balancing Module. This module monitors a load-balancing cluster to determine the performance of each cluster node and each node’s availability. Although clusters are designed for high availability, the network load balancing module allows you to detect issues with individual cluster nodes before they become a problem. Also new in MOM Service Pack 1 is the Server Clusters module, which offers similar capabilities.
Routing and Remote Access
If your network depends on routing and remote access, this is another module you’ll find beneficial. The module has three main purposes: to monitor security, availability, and capacity.
From a security standpoint, the module alerts you to invalid login attempts and other suspicious authentication issues. For availability and capacity, the module monitors each line to be sure that it can get a dial tone and monitors how many lines are in use and how many are free at any given time.
Systems Management Server 2.0
The System Management Server 2.0 module monitors SMS server. This module tests the various SMS services to make sure they’re running. It also checks to make sure that memory and disk resources are sufficient for SMS and that SMS hasn’t failed to install or remove files from the system.
Terminal Services 2000
The Terminal Services module monitors the various performance monitor counters that are related to the terminal services. The idea is that MOM can build a comprehensive picture of how well the terminal services are performing. This information is very useful in capacity planning and load balancing. The performance counter data is also acted on if a problem is detected.
Windows Internet Name Service
Although obsolete in pure Windows 2000 environments, the WINS module monitors the WINS service. This module checks WINS availability and constantly monitors WINS for database errors and database limits. If a database limit were reached, it would indicate a capacity problem that needed to be addressed immediately. The WINS module even checks for WINS database backup errors.
Windows operating system
All of these modules relate to specific aspects of the Windows operating system. The Windows NT 4.0 and Windows 2000 modules monitor the operating system itself.
The Windows operating system modules test primarily for network problems and security problems. Some of the network-related tests include testing for IP address conflicts and PDC failures. Security tests include checking for SAM database write failures (or Active Directory write failures), a full audit log, and illegal server message blocks. An illegal server message block could indicate a break-in attempt.
Application Management Pack
The Application Management Pack modules allow MOM to monitor and manage various Microsoft server products. These modules use an action/reaction system like the Base Management Pack does, but in a way that improves the security, availability, and performance of various Microsoft server products. The modules included with the Application Management Pack are:
- Application Center 2000: This module intercepts the WMI events compiled by Application Center. The events are then analyzed and those that may indicate performance issues, service outages, or security alerts are acted on. The module also samples the Application Center-related performance counters, comparing them to threshold values and acting on those values if necessary.
- Commerce Server 2000: This module watches the Windows Application and System event logs for Commerce Server-related events that may signal security or performance problems or a disruption of service, and takes action if necessary. The module tests the availability of remote networks, and checks for site server authentication problems, corrupt index files, and insufficient server resources. A Site Server 3.0 module is also included that offers similar functionality.
- Exchange Server 2000: The management packs can be expensive. But to me, the Exchange 2000 module makes all costs worthwhile. Anyone who has worked with Exchange in a production environment knows that Exchange is complex and plagued with reliability, performance, and security issues. The Exchange module monitors virtually all aspects of your Exchange 2000 servers and takes action when appropriate. The module checks to make sure that all required services are running and that the databases are mounted. It also monitors client logon failures, large mail queues, low disk space, and configuration errors.
- Host Integration Server 2000: Like most of the other modules, this module monitors the event logs for events related to potential failures and configuration or security problems. It checks for resynchronization failures, excessive numbers of active network resources, network connection failures, and TCP/IP configuration issues. An SNA Server 4.0 module is also included, which offers similar functionality.
- Internet Security and Acceleration Server 2000 (ISA Server 2000): This module is designed to watch for Internet security problems, but its main function is to keep an eye on your network’s Internet connection. The module takes action if the ISA service has stopped or has been paused, if ISA can’t reach the Internet, if ISA Server’s connection has been reset, or if ISA Server is out of memory. A Proxy Server 2.0 Module is also included and offers similar functionality.
- SQL Server 2000: This module is another that I think is highly beneficial. It does all of the standard actions, such as warning you if the SQL Server goes offline or can no longer accept connections. It also warns you about various hardware errors affecting the database and about database backup or recovery failures. This module will even warn you if SQL is having trouble allocating enough memory for the databases.
BizTalk Server Management Pack
The BizTalk Server Management Pack extends MOM’s functionality, allowing it to manage and monitor BizTalk 2002 Servers. It includes over 900 rules, including processing event rules for every Windows application event that BizTalk Orchestration and BizTalk Messaging are capable of generating. There are 20 performance views related to performance monitoring rules for BizTalk Server and its databases. Each of these performance rules is based on threshold values (one for a warning and one for an error). By using these rules, you can be notified when BizTalk Server goes down, when the databases get too large, when documents have been suspended, and when any number of other conditions occur.
MOM’s little helpers
The management packs for MOM extend MOM’s functionality, allowing it to manage and monitor various Microsoft products. You’ll get a lot more out of MOM by deploying these helpful packs. For more information, visit Microsoft’s MOM Management Pack Web site.