Excalibur and Orchestrator Magic

When Citrix released Excalibur they also included a whole bunch of Powershell which allows you to run Powershell cmdlets to alter anything.
If you are inside the Studio console you can see that there is a PowerShell window there, which shows all of the cmdlets that you have run.

and how does this help ? With the combination of Orchestrator, we can add automation to the equation.
What if we could automate the assignment of application to users via Orchestrator? and we could also add an approval workflow if we used it with Service Manager.
If a new users want a set of 20 new desktop for his or hers company we could create a new workflow which would run a PowerShell script against MCS and do this automatically.
However, I’m not going to go ahead of myself here, this is a start post to show what we can do with the provided PowerShell modules.

First I’m going to show how to import the modules that Citrix provides in this release.
Head over to the Studio server and open Powershell ISE
From there you can run this import commands.

There are more modules but these cover most of the administrative tasks.
If you refresh the ISE modules list now, the Citrix components will show up.

If we created a simple “Publish Application task” We can use the New-BrokerApplication to publish notepad.

New-brokerApplication -CommandLineExecutable C:\windows\notepad -displayname notepad -Applicationtype HostedonDesktop

NOTE: A bit of advice if you are unsure of how the cmd should look like, create an application with the wizard and extract the info after using the get-brokerapplication cmdlet.
Now we have a functional PowerShell cmd to publish Notepad to the studio.

So we know now that we have to import the modules first, then we can run the command to publish notepad, but how do to this via Orchestrator?
First set set-executionpolicy unrestricted on the Studio server.

And your script should be saved.

Now we simplest way is to use the Run Command activity in Orchestrator

I saved the script file locally on the Studio server, and the script looks like the output from the PowerShell ISE above.
So when I run this runbook what happens ?

This just publishes the application in Desktop Studio, it still isn’t assigned a user yet, that requires a bit more in PowerShell ill come back to that later this is just to show the abilities you have with Excalibur and PowerShell

Excalibur and Configuration Manager

Now Citrix released a beta build of Excalibur a couple of months ago, which shows the next generation of XenDesktop and XenApp architecture. (Well actually just XenDestkop, since the XenApp architecture is disappearing)
In addition, with this release we have some fancy choices for how to manage the machines within XenDesktop.

Excalibur will add additional WMI classes to all its desktop.
Which are listed here à

http://support.citrix.com/proddocs/topic/xendesktop-ibi/cds-manage-sccm-ibi.html

This allows you to create collections based upon if it’s VDI or Session host based, and even if it is assigned to a user or not.
Now in order to make these attributes available in Configuration Manager we have to add some WMI classes.

Go into Client Settings -> and alter the clients policy -> Go into hardware inventory and choose add classes. And from the list choose Add Hardware inventory class. From there you can browse to a remote computer that is installed as a VDA and in the namespace you can type \root\citrix\desktopinformation

And choose “Citrix_VirtualDesktopInfo”
Then Press OK

This will give you some more attributes on that WMI class

Which you can again use to create collections based on the variables.

Since Excalibur does not have any direct integration with for instance App-V you can now create user-based assignments to delivery groups.
So the user has multiple options of application deliveries.

Either via Software Portal and Configuration or Storefront with Citrix.

What’s new in the latest Intune release

The new Intune release that will be an early christmas gift for many has numerous new features including:

And now you can connect your on-premise ConfigMgr instance with Intune for more broad device management.

Here you have a list of the fully supported mobile devices.

Still missing the direct support for Android based phones but I’m guessing that is on the horizon as well
For Windows 8 users, they will get a new Self-service portal in order to get their apps, which is going to be a fully blown “new-gui” app.
 
You can read more about what’s new here –>  http://bit.ly/ZBOdcs

Configuration Manager SP1 instant actions & Orchestrator

With Service Pack 1 there is a lot of new features available for instant actions. ConfigMgr is not happening “real-time” so when you deploy software to a computer it needs to wait for the computer to update its policy before it realizes that a new software is available. With Service Pack 1 you have more options to “speed things up” for instance you can do an remote computer update policy from within ConfigMgr.
Which is pretty similar with what you can with in Windows Server 2012 and Group Policy management where you can do a remote force update policy.

So you can do this on computer level or at collection level.

So as you can see we have
“Client Notification –> from here we can choose Update Computer Policy”
Endpoint Protection –> Update definition and full scan on the collection”

You can also do this at computer level, the options available will be reflected upon what component is installed. So if Endpoint protection is not installed you can not force update the definitions or run a full scan.

So in this case Endpoint protection is not installed on this computer so we can not update the endpoint. But this new features will allow for administrators to more quickly deploy updates / applications / endpoint definitions to computer.
Just remember that running updates on a large collection might result in a CPU spike on the Management Servers.

Now on the other hand we also have the ability to automate jobs from Orchestrator against Configuration Manager.
Now why would we do this ?
Just pretend we have a runbook that creates multiple virtual machines for a customer, we would want to have a custom computer collection created for that customer were we place all these new computers, where we would deploy baselines based upon what applications that customer wants as well. Might also be that a superuser wishes to deploy a new application that he purchased for his users that he wishes to deploy. Ill give some better examples as we go trough here.
Now to let’s take a look at the activities we have available in Orchestrator.

We have
* Deploy program
* Add Collection Rule
* Create Collection
* Perform Client Action
* Get Deployment Status
* Get Collection
* Deploy Task Sequence
* Query ConfigMgr
* Deploy Software Update
* Delete Collection
* Delete Collection rule
* Update Collection Membership
* Deploy Software
* Deploy Application
* Deploy Configuration Baseline

These actions can be used to deploy a runbook for a customer. For instance a superuser can issue a application deployment for its users after the software has been ordered.
Or a new customer can get a new computer collection created for its computers (or for instance a new VMM deployment can get a computer collection created in ConfigMgr and get baselines attached to it)
There are endless options here for deployment. You can also use this to do an instant “update” on the client using the Perform Client Action activity.

Configuration Manager 2012 Client Communication & Hardware Planning

Now Configuration Manager is a complex beast, when designing a ConfigMgr site you have to plan carefully your network because there is going to be a lot of traffic going back and forth from your servers to your clients, and from your servers to your other servers. So you have to take some considerations on how many clients and how many distribution points you are going to have for your site, also depending on what kind of features you are going to use.

Now before we start with the networking part, let’s review the supported configuration and hardware requirements.

CAS:
25 child primary sites.
400.000 clients

Primary Site:
250 secondary sites.
100,000 clients
10,000 devices running windows embedded
10 Management Points
250 Distribution Point
1 Fallback Status Point
Multiple Application Catalog Website Point

Secondary Site:
5,000 clients
1 Management Point

Management Point:
25,000 clients

Fallback Status Point:
100,000 clients

Distribution Point:
4,000 clients

Software Update Point:
25,000 clients

Application Catalog Website Point:
400,000 clients

Application Catalog Web Service Point:
400,000 clients

And as you can see this can lead up to a VERY complex setup if you have a large setup. Microsoft has also deployed Configuration Manager on their own computers

And Microsoft also have made a good Hardware Requirement for list.

You can read more about it here –> http://bit.ly/S3fRJB

Clients searches for a management point by using the following options in the order specified:

1. Management point (If specified by agent installation)
2. Active Directory Domain Services
3. DNS

Now when an agent connects to a MP it makes a list of all the Management Point which is within the Boundary and if the client has PKI certificate installed it makes a priority list over all
MP’s that has HTTPS enabled.
Now let’s start with the client communication to the servers. There are 3 ports that are the common used
Port 443 HTTPS = Used to communicate with a management point over HTTPS
Port 445 SMB = Used to communicate
Port 80 = Used to contact the Fallback status point
New with SP1! Port 10123 = Client Notification, to start or initiate an malware or policy update/scan
Port 9 UDP = Wake on Lan
You can see more about the port requirements for ConfigMgr here –> http://technet.microsoft.com/en-us/library/hh427328.aspx
Now clients connect to a distribution point either via HTTP or HTTPS using BITS. Now in order to limit the usage of network you have to specify a client setting for BITS.
Here we can define the bandwidth usage and throttling time.

You can also specify BITS settings in Group Policy. You need to remember that you have to plan on what features that you are going to use.
If you are using Software Metering, Software Inventory, Baselines & Compliance, Hardware Inventory etc. So there is a lot of feature that can generate a lot of traffic.

Citrix and Microsoft cloud solutions

Now If people see any wrong facts here please leave a comment below, I can’t cover everything but this post is written purely based on my opinions and my own knowledge and not everything may be correct.
The purpose of this post is to show capabilities and features that Citrix and Microsoft’s cloud solutions possess and how they can benefit each other. Let’s face it, Microsoft or Citrix (which are huge huge huge! in the cloud market)  for that matter can’t do everything themselves, they both have a solid solution around cloud, but each solution has their strengths and their weaknesses.

Now Cloud is a term that consists in 3 shapes. Private, Public or Hybrid.
And there are some common terms that describe a Public cloud solution
* Self-Service
* Elasticity
* Scalable
* Pooling of resources
(Some Public Cloud solutions: Amazon, Windows Azure)
With Private Cloud you have more control of the resources and it is easier to do customization. More are thinking of going with the Hybrid solution which gives you the advantages that a private cloud brings and the benefits of the low cost with a Public cloud. Both Citrix and Microsoft have the ability to support a Hybrid cloud approach. Then again there are may ways to offer a cloud solution for a customer, either it is an application, infrastructure or a platform.

Now Microsoft’s cloud solution consists of the following core components

* System Center
* Windows Server
* Windows Azure (Public Cloud)

Now what do you get with System Center ?
A brief overview
App Controller ( Self-service of their services & virtual machines for system owners, with support for on-premise and public cloud)
Operations Manager ( Monitoring capabilities, SLA monitoring with support for on-premise and also allows for Azure monitoring)
Data Protection Manager ( Backup solution for Windows and Windows Applications ( Physical and Virtual)
Service Manager (IT Service Management, Helpdesk solution, self-service for the users )
Virtual Machine Manager (Manages your virtual infrastructure, network and storage. With support for Citrix, VMware and Hyper-V of course with most capabilities with Hyper-V allows for creating of 1, 2 and 3 tier templates)
Configuration Manager ( MDM, client/server management, antivirus, patch management, can integrate with Azure as well)
Orchestrator (Automation with runbooks across all kinds of different products)
And of course the corner stone of this is Windows Server.

Now a problem with Microsoft’s as of now is that System Center 2012 does not support Windows Server 2012 until Service Pack 1 is released, this will most likely be released Q1 2013, which will close the “gap” that many are waiting for.
Microsoft has acknowledged that everyone isn’t running just Microsoft and has added much more support and functionality for Unix/Linux based servers.

 
And Citrix’s cloud solution consists of the following core components

Much of Citrix strategy on Cloud is based upon Project Avalon which has the key components (Any Cloud, Any Hypervisor, Any Device)
Which comes in this nice wrapping.

Citrix is part owner of the OpenStack solution that Apache has, and has made some changes to it and have their own solution called CloudPlatform
Which is very similar to virtual machine manager. It has support for multiple hypervisors such as
* XenServer
* KVM
* VMware
But their solution has more benefits against XenServer.
It also supports storage solutions and network. So this is the main product for administrating your “cloud”.
Then we have the other products such as
* Cloudbridge (Allows you to “bridge” your private and public cloud” this is actually an add-on to Netscaler which uses IPSEC)
* Cloudgateway (Which is the gateway in for end-users (Which again consists of Netscaler and Storefront )
* Netscaler ( A Network appliance which provides for ADC (Application Delivery Controller) features
* CloudPortal (Which allows for provisioning of users and services, control panel solution)

So depending on what kind of cloud and service you wish to offer your users, both companies provide a solid cloud solution. With automation and multiple hypervisor support.
Microsoft has made a solid improvement to Hyper-V in the latest release so it provides with more advanced features then XenServer it also has support for larger workloads and scalability. So if you choose Hyper-V you need to have VMM, if you choose the latest XenServer you would need CloudStack (VMM has XenServer support but not for the latest release and not for the more advanced features)
Citrix is building much of their solutions based upon XenServer (and some VMware) for instance the AppController that is part of the CloudGateway will not function in Hyper-V

Microsoft also offers a more complete monitoring solution with System Center (You have the capability to monitor all of Microsoft’s products, Network devices, Citrix Products + inlcuding Netscaler (With ComTrade MP) and Unix/Linux services)
And I don’t have enough insight on the automation part of CloudStack go give it a good overview but Orchestrator has also the ability to run commands against SSH devices which allows for running commands against Network devices it also has a broad support of hardware and storage vendors. You can also use it to run PowerShell commands which allow for automation of Citrix installation. (And more and more vendors are implementing PowerShell cmdlets with their products, PowerShell 3 also supports CIM which many vendors support)

But what Microsoft is missing is the network component that Citrix provides with it’s Netscaler product.
* Advanced load-balancing features for all applications running on TCP with or without SSL (With hardware acceleration on the hardware appliance)
* Protection against DDoS attack (SYN flood, ICMP floods) and can also provide with defense against application level attack (XSS, HTTP DoS)
* URL responders, rewrite, filtering
* Intelligent SQL load balancing
* GSLB
* Caching and compression
You can also integrate it with System Center to provide automation of new solutions that should be load balanced. You can also use Orchestrator to automate other options with the SSH options.

When regarding device access Citrix has provides a better solution with support for all types of Mobile devices, which makes it possible for full BYOD. Microsoft on the other hand also promises that you can bring your own (as long as it is running Windows) This solution  requires that you can Citrix on your terminal servers. Citrix also has more MDM capabilities then System Center has (as of today), and with the coming of MDX technology, Citrix is going to gain more ground there.
Microsoft also offers a VPN solution with allows you to connect with your Azure cloud, but this does not provide the same throughput that a dedicated Netscaler with Cloudbridge would provide (Cloudbridge again has limited support against Azure )

And I forgot to mention that Citrix has also their own monitoring and helpdesk tools which are part of the GoTo package (GoToAssist and ) But I am unsure how they compete against Operations Manager which has been around for a long time and against Service Manager which is a core part of the Self-service solution to System Center.

System Center with SPF (Service Provider Foundation) provides the capabilities for hosting providers to create their own control panel solution to automate activities against Orchestrator and VMM) This is a feature that is still in the early stages with an open API. Citrix on the other hand has a more mature product with their CloudPortal solution which can provision users, set up full services on Lync, Exchange, SharePoint, CRM, XenApp and XenDesktop ++ for customers.
But the weakness is that it does not have any integration against System Center to complete the circle on management and monitoring ( and of course backup)
But again this feature is more suited for hosters, for enterprise businesses not so much.

So a little conclusion on my part. What do I think makes a good combination of what these two deliver. This solution will consist of a few products that are yet to be released (But are in beta)
1: Hyper-V 2012 as my main Hypervisor
2: System Center for infrastructure & cloud management and monitoring (SP1 with provides support for WS2012)
3: Project Excalibur next generation XenApp / XenDesktop which provides the best BYOD support (And Provides support for WS2012)
4: XenServer for components that need XenServer
4: Cloudgateway with Netscaler ADC

So it would look like something like this
(Just a glimpse)

And I would appreciate some feedback on your thoughts

Configuration Manager 2012 silent install

To run the Setup Downloader from command promt

setupdl \\MyServer\MyShare\ConfigMgrUpdates

• /VERIFY: Use this option to verify the files in the download folder, which include language files. Review the ConfigMgrSetup.log file in the root of the C drive for a list of files that are outdated. No files are downloaded when you use this option.
• /VERIFYLANG: Use this option to verify the language files in the download folder. Review the ConfigMgrSetup.log file in the root of the C drive for a list of language files that are outdated.
• /LANG: Use this option to download only the language files to the download folder.
• /NOUI: Use this option to start Setup Downloader without displaying the user interface. When you use this option, you must specify the download path as part of the command-line.

Setup Downloader starts, verifies the files in the \\MyServer\MyShare\ConfigMgrUpdates folder, and downloads only the files that are missing or newer than the existing files.

To run the prerequisites downloader from command prompt 

1. Open a command prompt and browse to <ConfigMgrInstallationMedia>\SMSSETUP\BIN\X64 or <ConfigMgrInstallationPath>\SMSSETUP\BIN\X64.

2. Type prereqchk.exe /LOCAL to open Prerequisite Checker and run all prerequisite checks on the server.

 

To install the ConfigMgr 2012 console unattended from command prompt.

consolesetup.exe /q TargetDir=”D:\Program Files\ConfigMgr” EnableSQM=0 DefaultSiteServerName=MyServer.Contoso.com

To install a ConfigMgr 2012 Primary Site

First of you need to create a setup.ini file where you need to define a lot of variables. For a Primary site these are the ones you need.
After you have created this file you need to start the setup with the following command. setup.exe /script scriptpathandname

Content of the setup.ini file

[Identification]
Action=InstallPrimarySite

[Options]

ProductID=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
SiteCode=<Site Code>
SiteName=<Site Name>
SMSInstallDir=<ConfigMgr install folder path>
SDKServer=<FQDN for SDKServer>
RoleCommunicationProtocol=HTTPorHTTPS
ClientsUsePKICertificate=0
PrerequisiteComp=0
PrerequisitePath=<Prereqs folder path>
MobileDeviceLanguage=0
ManagementPoint=<FQDN MP server>
ManagementPointProtocol=HTTP
DistributionPoint=<FQDN DP server>
DistributionPointProtocol=HTTP
DistributionPointInstallIIS=0
AdminConsole=1 (0 is you don’t want to install the console)

[SQLConfigOptions]
SQLServerName=<FQDN SQL server machine>
DatabaseName=<SQLServerName\InstanceName> (leave blank for the default instance)
SQLSSBPort=4022

 

Now last but not least, unattended install of SQL server 2012.

setup.exe /ACTION=install /QS /INSTANCENAME=”SCCM” /IACCEPTSQLSERVERLICENSETERMS=1
/FEATURES=SQLENGINE,SSMS /SQLSYSADMINACCOUNTS=”test\administrator” /SQLCOLLATION=”SQL_Latin1_General_CP1_CS_AS”
/SQLSVCACCOUNT=”<DomainName\UserName>” /SQLSVCPASSWORD=”xxxxxxxxxxx”

So next time I will start with PowerShell automation with ConfigMgr

NOTE:
Updated with ADK install since you need this for SP1

Install Windows ADK silent

 Feature     Identifier
Application Compatibility Toolkit (ACT)     OptionId.ApplicationCompatibilityToolkit
Deployment Tools                                               OptionId.DeploymentTools
Windows (Windows PE)                                    optionId.WindowsPreinstallationEnvironment
User State Migration Tool                                 OptionId.UserStateMigrationTool

adksetup /quiet /installpath <path> /features <featureID1><featureID2>

adksetup /quick/ installpath C:\programfiles\adk /features OptionId.ApplicationCompatibilityToolkit OptionId.DeploymentTools optionId.WindowsPreinstallationEnvironment OptionId.UserStateMigrationTool

Windows Server 2012 & System Center 2012 licensing

Even thou Microsoft said that it would be easier it was still a bit difficult for me to understand how it worked, but in the end I finally got a good grasp of how the licensing model works so therefore I would like to share it with you. Windows Server 2012 and System Center 2012 is licensed in the same manner, so therefore it easier to combine both of them.

First of System Center and Windows Server 2012 comes in two editions. Standard and Datacenter
The difference between the two is the the right to virtualize.

Standard allows you to have 2 virtual server OSE
Datacenter allows for unlimited virtual servers OSE 

And also remember that each license covers two processors
You also need to remember that there are no differences between Standard and Datacenter, they have all the same functions and they have no restrictions.
If you plan to have implement both these solutions you might want to consider a Core Infrastructure license with contains either Standard ( Windows Server & System Center ) or Datacenter ( Windows Server & System Center) at a reduced price.

Some estimated prices on Server: Datacenter $4,809 Standard $882
and on System Center: Datacenter $3,607 Standard $1,323

Some examples of pricing.
1 physical server, 1 CPU, 1 VM = 1 Standard license
1 physical server, 4 CPU, 1 VM = 2 Standard license (or 2 datacenter) 
1 physical server, 4 CPU, 10 VM = 5 Standard license ( or 2 datacenter)
1 physical server, 4 CPU, 20 VM = 10 standard license ( or 2 datacenter would be a lot cheaper to buy datacenter here)
2 physical server, 2 CPU each, 2 VM each = 2 standard license (or 2 datacenter ofc it would be a lot cheaper to buy standard here)

So some other examples (What if I have 1 Datacenter license on Server 2012 and System Center and I have 2 CPU’s and I have Operations Manager installed, what happens if I want to install Configuration Manager on some virtual machines on the server?) Nothing! licensing is based on physical processors not virtual.

So what is the catch, what else do I need to think of ?
For Server you still need a CAL for each user that is accessing the server
For System Center you still need a Client ML(Management License) for each managed device that run non-server OSE’s
And for System Center you have 3 different Client ML
Configuration Manager Client ML ( Configuration Manager and Virtual Machine Manager) (Included in Core CAL)
Endpoint Protection Subscription ( Endpoint Protection ) (Included in Core CAL)
Client Management Suite Client ML ( Service Manager, Operations Manager, Data Protection Manager, Orchestrator) (Included in Enterprise CAL)

So if have 1 server with 2 physical CPU (without virtual machines on that server) and you wish to manage 50 computers using ConfigMgr and have Endpoint Protection you would need
1 Standard Server license, 1 System Center Standard license, 50 Configuration Manager Client ML + Endpoint Protection Subscription (Unless you have an Core CAL in place)

System Center 2012 and Integration Possibilities

With System Center 2012, Microsoft gathered all of their previous System Center products and gathered it as one large product.
So now in 2012, System Center now contains (Service Manager, Configuration Manager, Operations Manager, Data Protection Manager, Orchestrator, Virtual Machine Manager and App Controller)
It is split in two editions, one for standard and one for datacenter (standard is limited to running 2 OSE)

But all the features are there, and the magic with System Center 2012 is the integration possibilities which I’m going to list down. These integration possibilities are listed on what I know so far, if you have any info about other integrations that are possible please link send me some info

Configuration Manager 2012:
Citrix XenApp (Can connect to XenApp to automate application delivery to XenApp servers, and use XenApp as an deployment type out to the user
Microsofot App-V (Can use Application virtualization as an deployment type out to users)
Citrix XenDesktop (Since you can use Configuration Manager to patch windows systems you can also use SCCM to patch VDI images
Microsoft Exchange (You will use this to manage your mobile devices that are connected to Exchange in SCCM console)
Microoft SCUP (Software Catalog Update Publisher you can use this to update software patches from for instance Adobe, Dell and HP)
Secunia (Corporate Software Inspector you can use this with SCCM to patch all of your software within your enviroment )
Microsoft MDT 2012 (You can integrate this with SCCM 2012 to improve and ease deployment of OS)
Dell Client Integration (For ease of Dell client deployment)
System Center Service Manager (For importing software and hardware information to the CMDB)
System Center Orchestrator (You have an own integration pack for automating SCCM tasks)
RES Workspace Manager (You can integrate with RES Workspace Manager in order to allow for SCCM to deploy applications to RES controlled servers/computers)
AppSense Application Manager (For deployment of UV agents and UV configurations)
Windows Intune (You can connect to your windows Intune account for sentral management)
Windows Azure ( You can deploy distribution Points in Windows Azure)
Wyse Device Manager (It is for 2007, but it will be for 2012 as well)
MDT 2012
Quest Management Xtensions
NOMAD 2012

Operations Manager 2012 (Mostly Management Packs)
System Center Service Manager (For importing of alerts for further investigation in Service Manager)
System Center Virtual Machine Manager (For PRO Performance and resource optimization )
Network Devices with SNMP V3
HP MP (For HP monitoring)
Dell MP (For Dell monitoring)
System Center MP( For System Center monitoring)
Citrix MP via ComTrade (For monitoring of Citrix components)
BIG-IP F5 Monitoring
System Center Orchestrator (For automating of tasks)
NetApp On-command (For monitoring of NetApp solutions)
Cisco USC (For monitoring of UCS solutions )
Brocade (Monitoring of Brocade storage)
IBM Hardware (For monitoring of IBM hardware)
Windows Azure (GSM for application monitoring)
AppSense
NetApp monitoring

Virtual Machine Manager
Citrix Netscaler (For auto deployment of LB rules and access)
F5 BIG-IP (For auto deployment of LB rules and access )
Brocade ACX (For auto deployment of LB rules and access)
Citrix Xendesktop and PVS (For rapid deployment of vdi machines)
Citrix Xenserver (Allows to use SCVMM to manage XenServers)
Vmware vSphere (Allows to use SCVMM to manage vSphere)
Hyper-V (Allows to use SCVMM to manage Hyper-V
NetApp (Automated rapid provisioning of space-efficient VMs with System Center Virtual Machine Manager (SCVMM) or Windows PowerShell™ rapid provisioning cmdlets)
SMI-S (Is a standard storage API which work for most storage solutions)

Orchestrator (Mostly Integration Packs)
System Center 2012 (All of the products)
vSphere (Integration pack for automating of tasks)
NetApp (Integration pack for automating of tasks)
HP (ilo, Service Manager, Operations Manager) (Integration pack for automating of tasks)
IBM Tivoli ((Integration pack for automating of tasks)
Microsoft Exchange (Integration pack for automating of tasks)
EMC (Integration pack for automating of tasks)
Cisco UCS (Integration pack for automating of tasks)
IBM Tivoli
F5 BIG-IP
BMC

(This is a post which is under work, so not all the products are listed yet)

SCOM 2012, part 1 installation

Since I said in my previous post that I’m working on the whole System Center package ( and I’m getting tired of blogging about SCCM, I thought I would start a bit on SCOM (Operations Manager)

Much has changed since the previous version SCOM 2007 R3 CU5 (Which I believe was the last release )
A lot of new features has entered, including:

* SNMP v3 support ( The previous versions supported only v1 & v2 )
* More PowerShell cmdlets
* Removal of the RMS role (Which was introduced in 2007 ) so all servers are now management servers and distribute the load between the MS servers, which gives HA out-of-the-box
* Agent Control panel applet
* More support Network devices and protocols (Including CDP and LLPD)
* More support for web applications J2EE, .Net

And remember that SCOM consists of the following

* Management Server
* SCOM DB
* SCOM Data warehouse DB
* Gateway Server
* ACS
* ACS Database
* Agent
* Console
* Web Console
* Reporting Server
* Management Packs
* Agents

Now that we covered the basics, we start by installing it.
PS: Remember to install .Net framework 3.5.1

After I start the setup of the SCOM 2012, I get the option to choose what I want to install, in this case since I only have 1 server I choose  Management + Console

Next is about installation location, leave it at the default.

Next the setup, verifies that you have the required hardware & software in order to run OpsMgr.
In my case I forgot to update my server to2008 R2 SP1 and I forgot to install the Report Viewer Controls.

Of course those are pretty easy to fix. (Can’t figure out thou why Microsoft couldn’t put the setup for Report Viewer on the installation media ) So after you’ve installed SP1 and installed the Report Viewer Controls run the setup again.

Now that’s done I can continue with the setup, next you create a management group.
This is unique for each instance of OpsMgr so choose a unique name if you have muliple instances.

Click next, accept the license terms.

Then Click next again, now we come to the DB setup.
Enter the name of your SQL server, and the setup will automatically connect to it.
And will by default try to store the database on the C:\ drive of the SQL server, to change that to another disk (Pref NAS/SAN)

Next we get another database setup, but this is regarding the Data warehouse DB, this is the database that the
reporting services uses & for the long term data storage.

After you are done here, click next. Now we get to the service account setup screen.
A little info about the different accounts.

Management server action account:
This account is used to carry out actions on monitored computers across a network connection.
This should be a domain account, which has local administrative rights.

System Center Configuration service and System Center Data Access service account
This account is one set of credentials that is used to update and read information in the operational database. Operations Manager ensures that the credentials used for the System Center Data Access service and System Center Configuration service account are assigned to the sdk_user role in the operational database.
This can be either a domain account or run as local system. For cases where the operational database is hosted on a remote computer that is not a management server, a domain account must be used. For security reasons, don’t use the same account as the MSAA.

Data Warehouse Write account
The Data Warehouse Write account writes data from the management server to the Reporting data warehouse and reads data from the operational database.
This account is assigned write permissions on the Data Warehouse database and read permissions on the operational database.

Data Reader account
The Data Reader account is used to define which account credentials SQL Server Reporting Services uses to run queries against the Operations Manager reporting data warehouse.
Ensure that the account you plan to use for the Data Reader account has SQL Server logon rights and Management Server logon rights.

After you have created the domain accounts, enter the username and passwords click next.

Since I choose a domain admin account as my operating manager server action account I got a warning from the installed that this is not recommended. But as I said before, it’s a demo in a closed environment no harm there

Next we have the help improvent and error reporting (choose whatever you want there)

Next we have Microsoft update, since we are using SCCM to do patch management I turned this off.

Click next and you get the summary screen, double-check the information here that click install.
And then the waiting begins. If you want you can check the logs that the setup stores under C:\users\(runninguser)\appdata\local\scom\logs and the OpsMgrSetupWizard.log
When the setup is finished, mark the “Start the console” and close the installer.

Now we are in the console, OpsMgr automatically says that there are tasks that we need to do before we can manage and monitor our network. First thing is that I want to push the OpsMgr information out to Active Directory so that our agents can find what Management Group & Server they need to connect to (of course we don’t need to publish that information in AD, if we want we can manually type that in under the setup parameters of the agent. )

This step needs to be performed as a user with domain rights.
Open the installation media on OpsMgr on a domain controller.  Browse to SUPPORTTOOLS\I386 then open MOMADADMIN via cmd. What this tool does it that It
creates an Operations Manager container under the root of the domain specified,
Creates a container under the Operations Manager container the tool just created with the name of the management group specified.
Within the management group container, the tool creates two service connection points (SCP) and one security group.

The syntax is: MomADAdmin ManagementGroupName MOMAdminSecurityGroup RunAsAccount Domain
Example: MomADAdmin MyManagementGroup contoso\MOMAdmin contoso\ActionAccount Contoso

So in my instance MomADAdmin TEST_MG test\MOMadmin test\administrator test

Note thou, this only creates the folder in AD, I doesn’t add the Management servers, so the agents still don’t know which server it should contact.

Now we have to enter the console,

Go into the administration tab and into Management Servers, –> right click on the server (which is a MS) and press properties.

Next click the Add button under “Auto Agent Assigment”

Now we come to the Agent Assigment and Failover Wizad,
as you can see here it says that the Momadadmin has to been run before you can continue this wizard.

Click next, Select the domain of the computers from the Domain name drop-down list.

Set Select Run As Profile to the Run As profile associated with the Run As account that was provided when MOMADAdmin.exe was run for the domain. The default account that is used to perform agent assignment is the computer account for the root management server, also referred to as the Active Directory Based Agent Assignment Account. If this was not the account that was used to run MOMADAdmin.exe, select Use a different account to perform agent assignment in the specified domain, and then select or create the account from the Select Run As Profile drop-down list.

On the Inclusion Criteria page, either type the LDAP query for assigning computers to this management server in the text box.

The following LDAP query returns computers with a name starting with scom, (&(sAMAccountType=805306369)(objectCategory=computer)(cn=scom*))

On the Exclusion Rule page, type the fully qualified domain name (FQDN) of computers that you explicitly want to prevent from being managed by this management server

On the Agent Failover page, either select Automatically manage failoverand click Create or select Manually configure failover.

Now remember that It can take up to one hour for the agent assignment setting to propagate in Active Directory Domain Services.

Since it might take some time, we are going to install the agent manually, but before we can do that we have to change the security settings for the scom site.
Because by default, SCOM rejects manually installed agents. So therefore go into Administration tab ->

Click the Security tab, and press properties. Here change the value from Reject to automatically approve.

Then click OK. After that is done, go to the server that you want to agent to be installed. And run this command in a cmd shell as administrator.

Installing the agent:
%windir%\system32\msiexec.exe /I dir\momagent.msi /qn USE_MANUALLY_SPECIFIE_SETTINGS=1 MANAGEMENT_GROUP=TEST_MG MANAGEMENT_SERVER_DNS=scom.test.local

NOTE: That the dir here is the installation media of scom

NOTE: Active Directory Integration is disabled for agents that were installed from the Operations console. By default, Active Directory Integration is enabled for agents installed manually by using MOMAgent.msi.

After the installation it might take some time before the agent appears in the console, when it does it will appear, under the administration and Agent Managed tab.

You can also check the control panel applet on the server, this displayed info about the agent.

And under the event log under Windows logs –> Applications and services logs –> Operations Manager –> and se if you have any error messages appear.

When it is finished and you have no error messages, to into the console again, monitoring -> Windows Computers -> you will see the agent appears as Healthy here. So it seems like the agent is working as it should.

By the way, the server I installed was an SQL server. By default SCOM doesn’t contain anything useful to monitor SQL servers. Therefore we need to download a management pack for SQL server 2008, inorder for SCOM to manage the server properly.

A Management Pack is a file that contains parameters, values, task, rules, monitors for a known product. So they contain all the information that  scom needs to monitor a certain product.
Microsoft has a lot of free management packs avaliable (for free) for download via their online library. (There are other 3 party vendors also that have published management packs for their products on the website but these usually costs $$)

Next I choose to search the online catalog, and I search for the name “SQL”
And a number of Management Packs appear, and I choose the SQL 2008 server MP.

I choose Add all of these and download them to the desktop of my server.

Now after we downloaded them , we have to import them into the OpsMgr site.
Go back to the management pack pane under administration. And on the right side click “import Management Packs”
And browse to those you’ve downloaded and click install.

After you’ve done that, another view called SQL server will appear under the monitoring tab ( which was a part of the MP you installed )

After OpsMgr has updated the database, and distributed the new SQL MP to the agent, the server will appear here.

As you can see that It appears with a critical event, but we will go deeper into the events and rules in a later blog post
Part 1 done!