Modeling your infrastructure with SCOM



Similar documents
SCOM Infrastructure Recap

Basic principles of infrastracture security Impersonation, delegation and code injection

computer name, domain name, PDC emulator name,... always target the members directly override monitor Enabled/Disabled for a group

16) INFORMATION SECURITY INCIDENT MANAGEMENT

Web Application Proxy

MOC 10964C: Cloud and Datacenter Monitoring with System Center Operations Manager

Smart Cloud Integration Pack. For System Center Operation Manager. v User's Guide

Authoring for System Center 2012 Operations Manager

EMC CLARiiON PRO Storage System Performance Management Pack Guide for Operations Manager Published: 04/14/2011

White Paper Monitoring Active Directory Using System Center Operations Manager 2007 R2

VNLINFOTECH JOIN US & MAKE YOUR FUTURE BRIGHT. mcsa (70-413) Microsoft certified system administrator. (designing & implementing server infrasturcure)

Configuring and Managing Microsoft System Center Essentials 2010

Windows Scheduled Task and PowerShell Scheduled Job Management Pack Guide for Operations Manager 2012

CERTIFICATES AND CRYPTOGRAPHY

Designing and Implementing a Server Infrastructure

AppMetrics for Transactions SCOM Management Pack Users Guide

Configuration Guide BES12. Version 12.3

Configuration Guide BES12. Version 12.2

MS 10972A Administering the Web Server (IIS) Role of Windows Server

Windows Scheduled Tasks Management Pack Guide for System Center Operations Manager. Published: 07 March 2013

INUVIKA OVD VIRTUAL DESKTOP ENTERPRISE

Introductions. Christopher Cognetta Practice Manager Client Field Engineering Microsoft Dynamics CRM MVP

Active Management Services

Deploying the BIG-IP System with Microsoft Lync Server 2010 and 2013 for Site Resiliency

Designing and Implementing a Server Infrastructure

Core Protection Suite

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

istorage Server: High Availability iscsi SAN for Windows Server 2012 Cluster

Release Notes: SANsymphony-V System Center Operations Manager (SCOM) Management Pack 1.3

Setting Up a Backup Domain Controller

How to Set Up Automatic Subnet Scan Using SolarWinds IP Address Manager. Share:

WirelessOffice Administrator LDAP/Active Directory Support

OnCommand Performance Manager 1.1

MS 10135B Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010

Installation of MicroSoft Active Directory

SERVER PUBLISHING RULES

Assignment One. ITN534 Network Management. Title: Report on an Integrated Network Management Product (Solar winds 2001 Engineer s Edition)

NAS 206 Using NAS with Windows Active Directory

Configuration Guide BES12. Version 12.1

Designing and Implementing a Server Infrastructure

Enterprise Vault 11 Feature Briefing

Next-Gen Monitoring of Active Directory. Click to edit Master title style

Approved SCOM Health Check Report Installation Guide

LEARNING SOLUTIONS website milner.com/learning phone

Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

Silect Software s MP Author

Expert Reference Series of White Papers. Microsoft Service Manager Simplified

Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008 (MS6416)

BlackBerry Enterprise Service 10. Version: Configuration Guide

V Series Rapid Deployment Version 7.5

Rights Management Services

Installing the Microsoft Network Driver Interface

Monitoring Clearswift Gateways with SCOM

Secure Web Appliance. Reverse Proxy

Installing GFI Network Server Monitor

10972-Administering the Web Server (IIS) Role of Windows Server

Introduction. Acknowledgments Support & Feedback Preparing for the Exam. Chapter 1 Plan and deploy a server infrastructure 1

ZENworks 11 Support Pack 4 Management Zone Settings Reference. May 2016

MS Implementing an Advanced Server Infrastructure

NetApp SANtricity Management Pack for Microsoft System Center Operations Manager 3.0

Evaluation Guide. Powerful & Immediate Business Web Security via the Cloud

SyncLockStatus Evaluator s Guide

Oracle WebLogic Foundation of Oracle Fusion Middleware. Lawrence Manickam Toyork Systems Inc

20413C: Designing and Implementing a Server Infrastructure

Administrator s Upgrade Guide.

Designing and Implementing a Server Infrastructure

COURSE 20413C: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

Exchange Server 2003 Management Pack Guide for Operations Manager 2007

MS Skype for Business and Lync. Integration Guide

Integrating Eaton PRO Management Pack for Microsoft System Center Virtual Machine Manager 2008 v1.0 Page 2

Oracle EXAM - 1Z Oracle Weblogic Server 11g: System Administration I. Buy Full Product.

Microsoft MCSE Exam

Administering the Web Server (IIS) Role of Windows Server

Administering the Web Server (IIS) Role of Windows Server 10972B; 5 Days

Designing and Implementing a Server Infrastructure 20413C; 5 days, Instructor-led

Administering the Web Server (IIS) Role of Windows Server

Implementing an Advanced Server Infrastructure

Using Windows 2008 RADIUS Authentication with Tripp Lite SNMPWEBCARD

MS 20341B: Core Solutions of Microsoft Exchange Server 2013

PRODUCT VERSION: LYNC SERVER 2010, LYNC SERVER 2013, WINDOWS SERVER 2008

Course 20413: Designing and Implementing a Server Infrastructure

Deploying System Center 2012 R2 Configuration Manager

COURSE OUTLINE MOC 20413: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

How to Configure Active Directory based User Authentication

F-SECURE MESSAGING SECURITY GATEWAY

Cisco UCS Central Software

Checkmate 5.5 Self Hosted Quick Start Guide

Desingning and Implementing a Server Infrastructure

Archiving with MS Exchange Server

Transcription:

Modeling your infrastructure with SCOM Ondřej Ševeček GOPAS a.s. MCM: Directory Services MVP: Enterprise Security CHFI CEH CISA ondrej@sevecek.com www.sevecek.com

Agenda Brief SCOM recap Management packs hierarchy and dependencies VSAE and Management Pack Browser vs. XML Core management pack classes Inheritance, discoveries, monitors, rules Detailed investigation of DNS management pack GOC170 - Management Pack authoring

SCOM management server Microsoft Monitoring Agent works as agent on the MS TCP 5723 listening for client communications performs modules running on MS several instances of MonitoringHost.exe for running anything System Center Data Access Server TCP 5724 listening for console/powershell/msagent communication accesses databases directly System Center Management Configuration performs some MS management functions against database directly accesses databases directly

SCOM agent Microsoft Monitoring Agent HealthService Operations Manager event log 1210 - new configuration became active 1201 - new MP downloaded TCP 5723 to MS agent permanent TCP connection heartbeat every several seconds notifications from MS agent about new configuration irrespective of heartbeat Agent proxy can create hosted objects on other computers

Management pack XML configuration plus scripts.xml,.mp file or.mpb bundle file Sealed (digitally signed) or un-sealed and modifiable different MP cannot target/reference objects from an unsealed MP cannot define classes Strict versioning can update any management pack with newer version dependent MPs should work cannot remove MP which other MPs depend on Downloaded to clients %programfiles%\microsoft Monitoring Agent\Agent\Health Service State\Management Packs

Management pack dependencies Microsoft..Server.DNS Microsoft Server DNS Monitoring Microsoft..Library Core Library

Management pack dependencies Microsoft..Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery Microsoft..Server.AD.2003.Discovery Active Directory Server 2003 Discovery Microsoft..Server.AD.2000.Discovery Active Directory Server 2000 Discovery Microsoft..Server.AD.Library Active Directory Server Common Library Microsoft..Server.DNS Microsoft Server DNS Monitoring Microsoft..Library Core Library

Management pack dependencies Microsoft..Server.AD.2008.Monitoring Active Directory Server 2008 and above Monitoring Microsoft..Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery Microsoft..Server.AD.2003.Discovery Active Directory Server 2003 Discovery Microsoft..Server.AD.2000.Discovery Active Directory Server 2000 Discovery Microsoft..Server.AD.Library Active Directory Server Common Library Microsoft..Server.DNS Microsoft Server DNS Monitoring Microsoft..Library Core Library

Management pack dependencies Sevecek.Overrides Microsoft..Server.AD.2008.Monitoring Active Directory Server 2008 and above Monitoring Microsoft..Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery Microsoft..Server.AD.2003.Discovery Active Directory Server 2003 Discovery Microsoft..Server.AD.2000.Discovery Active Directory Server 2000 Discovery Microsoft..Server.AD.Library Active Directory Server Common Library Microsoft..Server.DNS Microsoft Server DNS Monitoring Microsoft..Library Core Library

Better to separate overriding MPs Sevecek.Overrides AD Microsoft..Server.AD.2008.Monitoring Active Directory Server 2008 and above Monitoring Sevecek.Overrides DNS Microsoft..Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery Microsoft..Server.AD.2003.Discovery Active Directory Server 2003 Discovery Microsoft..Server.AD.2000.Discovery Active Directory Server 2000 Discovery Microsoft..Server.AD.Library Active Directory Server Common Library Microsoft..Server.DNS Microsoft Server DNS Monitoring Microsoft..Library Core Library

Management pack elements Disco base/abstract class inherited object class object class Object Object instance object instance instance Object instance Object instance Object instance object instance object class monitor monitor monitor monitor singleton monitor monitor monitor monitormonitor monitor monitor monitor monitor rule rule

Concept of targeting Disco Agent object class Object instance Object instance Object instance object instance Disco Disco object class Object instance Object object instance class monitor monitor rule rule Disco Disco Object instance Object instance object class object class Object Object instance Object instance Object instance instance

Management pack dependencies @IsRODC ReadOnlyDC.Computer Microsoft..Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery DFSR Microsoft..Server.AD.2003.Discovery Active Directory Server 2003 Discovery Microsoft..Server.AD.2000.Discovery Active Directory Server 2000 Discovery Domain Forest Site SiteLink Microsoft..Server.AD.Library Active Directory Server Common Library DomainControllerRole Microsoft..Library Core Library

Management pack dependencies @IsRODC ReadOnlyDC.Computer Microsoft..Server. AD.2008.Monitoring Active Directory Server 2008 and above Monitoring Microsoft..Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery DFSR Microsoft..Server.AD.2003.Discovery Active Directory Server 2003 Discovery Microsoft..Server.AD.2000.Discovery Active Directory Server 2000 Discovery Domain Forest Site SiteLink Microsoft..Server.AD.Library Active Directory Server Common Library DomainControllerRole Microsoft..Library Core Library

Sample environment mutual forest non-selective gopas.virtual (GPS) SCOM 2012 R2 sevecek.com (SEVECEK)

Sample environment 10.10.0.1 inet <any> RR 2003 <any> gopas.cz 10.10.0.11 10.10.0.12 DC1 2012 R2 DC2 2008 R2 gopas.virtual _msdcs.gopas.virtual gopas.cz 10.10.0.13 SEVECEK-DC 2012 R2 Client81 8.1 sevecek.com

Sample environment <any> RR 2003 <any> gopas.cz DC1 2012 R2 DC2 2008 R2 gopas.virtual gopas.virtual sevecek.com _msdcs.gopas.virtual Client81 8.1 gopas.cz sevecek.com SEVECEK-DC 2012 R2 sevecek.com

Sample environment <any> RR 2003 <any> gopas.cz DC1 2012 R2 DC2 2008 R2 gopas.virtual gopas.virtual _msdcs.gopas.virtual gopas.virtual _msdcs.gopas.virtual sevecek.com gopas.cz gopas.cz SEVECEK-DC 2012 R2 Client81 8.1 sevecek.com sevecek.com

System... in SCOM 2012 R2 System.Software.Library System Software Library System.AdminItem.Library System Administration Item Library System.Health.Library Health Library System.Library System Library

System... in SCOM 2012 R2 System.Snmp.Library SNMP Library System.ApplicationLog.Library System Application Log Library System.Software.Library System Software Library System.AdminItem.Library System Administration Item Library System.Health.Library Health Library System.Library System Library

System... in SCOM 2012 R2 System.Performance.Library Performance Library System.Snmp.Library SNMP Library System.ApplicationLog.Library System Application Log Library System.Software.Library System Software Library System.AdminItem.Library System Administration Item Library System.Health.Library Health Library System.Library System Library

System... in SCOM 2012 R2 Microsof..Library Core Library System.Performance.Library Performance Library System.Snmp.Library SNMP Library System.ApplicationLog.Library System Application Log Library System.Software.Library System Software Library System.AdminItem.Library System Administration Item Library System.Health.Library Health Library System.Library System Library

Microsoft.SystemCenter.Library System Center Core Library Microsof..Library Core Library System.Performance.Library Performance Library System.Snmp.Library SNMP Library System.ApplicationLog.Library System Application Log Library System.Software.Library System Software Library System.AdminItem.Library System Administration Item Library System.Health.Library Health Library System.Library System Library

Microsoft.SystemCenter.Library System Center Core Library Microsof..Library Core Library System.Performance.Library Performance Library System.Snmp.Library SNMP Library System.ApplicationLog.Library System Application Log Library System.Software.Library System Software Library System.AdminItem.Library System Administration Item Library System.Health.Library Health Library System.Library System Library

Microsoft.SystemCenter.DataWarehouse.Library Data Warehouse Library Microsoft.SystemCenter.InstanceGroup.Library Instance Group Library Microsoft.SystemCenter.Library System Center Core Library Microsof..Library Core Library System.Performance.Library Performance Library System.Health.Library Health Library Microsoft..Server.DNS.Optional.Enabl e..2003.2008.2008r2.discovery Microsoft Server DNS Optional Enable 2003 2008 2008R2 Discovery Microsoft..Server.DNS Microsoft Server DNS Monitoring Microsoft..Server.DNS.Optional.Enabl e.event.collection Microsoft Server DNS Optional Enable Event Collection System.Library System Library Microsoft..Server.DNS.Optional.Enabl e.performance.collection Microsoft Server DNS Optional Enable Performance Collection

Computer relatives Microsoft..Server.DC.Computer Domain Controller Microsoft..Server.Computer Server discovered where applicable discovered where applicable discovered everywhere Microsoft..Computer Computer System.Computer Computer System.Device Microsoft..Client.Computer Client discovered where applicable

Operating System relatives no instance discovered Microsoft..Server.OperatingSystem Server Operating System Microsoft..OperatingSystem Operating System System.OperatingSystem Operating System System.LocalEntity Microsoft..Client.OperatingSystem Client Operating System no instance discovered

Computer hosts Operating System Microsoft..Server.DC.Computer Domain Controller Microsoft..Server.Computer Server Microsoft..Computer Computer System.Computer Computer Microsoft..OperatingSystem Operating System System.OperatingSystem Operating System System.LocalEntity System.Device Microsoft..Client.Computer Client

Health Service relatives discovered everywhere Microsoft.SystemCenter.Agent.ManagementServer Management Server Agent Microsoft.SystemCenter.Agent Agent Microsoft.SystemCenter.HealthService Health Service Microsoft..LocalApplication discovered where applicable discovered where applicable

Computer Microsoft.SystemCenter.Agent.ManagementServer Management Server Agent Microsoft.SystemCenter.Agent Agent Microsoft..Server.DNS.Server DNS Server Microsoft.SystemCenter.HealthService Health Service Microsoft..OperatingSystem Operating System Microsoft..Computer Computer

Server Computer Group contains Computer Microsoft..Server.ComputerGroup Server Computer Group Microsoft.SystemCenter.ComputerGroup Computer Group Microsoft..Server.DC.Computer Domain Controller Microsoft..Server.Computer Server Microsoft..Computer Computer System.Computer Computer Microsoft..Client.Computer Client

DNS relationships Microsoft..Server.DNS.Forwarder.IPAddress Microsoft..Server.DNS.Forwarder.IPAddress Microsoft..Server.DNS.Forwarder.IPAddress Microsoft..Server.DNS.Forwarder.IPAddress DNS Forwarder IP Address Microsoft..Server.DNS.Forwarder.IPAddress Microsoft..Server.DNS.Forwarder.IPAddress DNS Forwarder IP Address DNS Forwarder IP Address Microsoft..Server.DNS. Microsoft..Server.DNS. Microsoft..Server.DNS. DNS DNS Microsoft..Server.DNS.Forwarder Microsoft..Server.DNS.Forwarder DNS Forwarder Microsoft..Server.DNS.Server DNS Server Microsoft..Computer Computer

DNS relationships Microsoft..Server.DNS.Forwarder.IPAddress. Unconditional / Conditional.Forward / Conditional.Reverse DNS Forwarder IP Address Unconditional / Conditional Forward / Conditional Reverse Microsoft..Server.DNS.Forwarder.IPAddress DNS Forwarder IP Address Microsoft..Server.DNS.Forwarder.IPAddress Microsoft..Server.DNS.Forwarder.IPAddress Microsoft..Server.DNS.Forwarder.IPAddress DNS Forwarder IP Address Microsoft..Server.DNS. Microsoft..Server.DNS. Microsoft..Server.DNS. DNS DNS Microsoft..Server.DNS.Forwarder Microsoft..Server.DNS.Forwarder DNS Forwarder Microsoft..Server.DNS.Server DNS Server Microsoft..Computer Computer

DNS relationships Microsoft..Server.DNSDomain DNS Domain Forwarder IP Address Forwarder IP Address Forwarder IP Address containment DNS DNS DNS DNS DNS DNS DNS Forwarder DNS Server containment DNS Server Microsoft..Server.DNS.Server.2008R2.Group DNS 2008 R2 Servers Computer Computer

Unit monitors DNS Domain Forwarder IP Address Forwarder IP Address Forwarder IP Address containment DNS DNS DNS DNS DNS DNS DNS Forwarder DNS Server DNS Server Computer Computer

Rollup monitors DNS Domain Forwarder IP Address Forwarder IP Address Forwarder IP Address containment DNS DNS DNS DNS DNS DNS DNS Forwarder DNS Server DNS Server Computer Computer

Deeper rollup monitors DNS Domain Forwarder IP Address Forwarder IP Address Forwarder IP Address containment DNS DNS DNS DNS DNS DNS DNS Forwarder DNS Server DNS Server Computer Computer

Deeper rollup monitors DNS Domain Forwarder IP Address Forwarder IP Address Forwarder IP Address containment DNS DNS DNS DNS DNS DNS DNS Forwarder DNS Server DNS Server Computer Computer

Děkuji za pozornost! GOC170 - Management Pack authoring Ondřej Ševeček GOPAS a.s. MCM: Directory Services MVP: Enterprise Security CHFI CEH CISA ondrej@sevecek.com www.sevecek.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information