To discuss multilocation deployments, we will use our fictitious company Odyssey. Odyssey’s campus includes a corporate Plano location. Plano’s OpsMgr implementation supports 500 servers, with the load split between two management servers named Hydra and Hornet, and a database server named Thunder. Odyssey also has a Carrollton location, with 250 servers.

A common practice is to have at least two management servers in your primary location (which typically is where the database server resides) and to split the agents between the management servers to provide load balancing and redundancy when a management server is not available.

Although only one Root Management Server (RMS) can exist in a management group, we suggest you always have at least two management servers (including the RMS) in your primary location. You should also be aware that because there is no data compression between the management server(s) and the Operational and Data Warehouse databases, these components are best placed on the same network or set up to communicate over a fast link.

param($agentComputerName,$failoverManagementServerName)
$agent = get-agent | where {$_.PrincipalName -eq $agentComputerName}
$primaryManagementServer  = $agent.GetPrimaryManagementServer();
if($primaryManagementServer -eq $null)
{
"Primary management server not found"
return
}
$failoverManagementServer = Get-ManagementServer | where {$_.PrincipalName -eq $failoverManagementServerName}
if($failoverManagementServer -eq $null)
{
"Failover management server not found"
return
}
if($failoverManagementServer.PrincipalName -eq $primaryManagementServer.PrincipalName)
{
"The failover management server cannot be the same as the primary management server"
return
}
$failoverServers = New-Object
System.Collections.Generic.List''1"[[Microsoft.EnterpriseManagement. Administration.ManagementServer,Microsoft.EnterpriseManagement. OperationsManager,Version=6.0.4900.0,Culture=neutral, PublicKeyToken=9396306c2be7fcc4]]"
$failoverServers.Add($failoverManagementServer)
$agent.SetManagementServers($primaryManagementServer,$failoverServers)

Odyssey has installed a wide area network (WAN) link between the Plano and Carrollton locations and is placing an additional management server in Carrollton, as we show in Figure 10.1. The management server (Talon) in Carrollton communicates with the database server in Plano, which contains the Operations database. Using a local management server keeps each agent in Carrollton from needing to communicate with a management server in Plano, which reduces bandwidth requirements between the agents and the management server.

Figure 10.1. Management servers in Plano and Carrollton.

For multilocation deployments, we generally recommend at least one management server in each location to minimize WAN traffic and bandwidth requirements. Although the traffic between the agent and the management server is compressed, there can still be quite a bit of activity.

We can use several approaches for designing a solution for Odyssey. One implementation utilizes connected management groups, whereas the one Odyssey decided to implement uses a single management group, with a centralized database and multiple management servers to localize its server management. A potential downside of this configuration is that one of the management servers (Talon) accesses the Operations database across a WAN link. You would want to allow for this additional traffic when analyzing your WAN requirements.

One way to disperse agent traffic is by placing additional management servers in various locations; an alternative is to deploy multiple management groups. Implementing multiple management groups introduces complexity, and you will want to consider this option carefully. As discussed in Chapter 4, “Planning Your Operations Manager Deployment,” you should use multiple management groups in situations such as the following:

As discussed in Chapter 5, “Planning Complex Configurations,” a multihomed configuration exists when the agent on a server reports to more than one management group. Each management group has its own Operations database and management server(s). (An agent reporting to multiple management servers within a single management group is not multihomed.)

Multihoming allows you to distribute monitoring across multiple technical teams. For example, your security administrators can monitor a computer for security issues in one management group using ACS while your Exchange administrators can monitor the same system because it runs Microsoft Exchange. By installing multiple management groups and then multihoming agents, you can distribute monitoring requirements across multiple teams, thus enabling each team to use its own OpsMgr administrators and rule configurations. Because each management group has its own database, you can change rules in one group without affecting rules in another group.

A multihomed agent can report to a maximum of four management groups in a supported configuration. Each management group has its own set of processing rules and configuration information. A multihomed agent processes each set of processing rules independently, so there is no conflict in applying rules.

You deploy multihomed agents using the same mechanisms we discuss in Chapter 9, “Installing and Configuring Agents.” To install a multihomed agent, just install the agent in one management group and then install it in the second management group. You can install the agent using the Discovery Wizard in the Operations console or by manual agent installation, as well as any of the other techniques discussed in Chapter 9.

Figure 10.2 shows a sample multihomed configuration with two management groups (GROUP1 and GROUP2) reporting to two different management servers.

Figure 10.2. A sample multihomed configuration.

As you can see, management servers and management groups can be implemented in a variety of ways. Evaluate these options and consider the best course of action based on your specific business requirements.

Additional steps are required on a gateway server to generate and import certificates and to approve the gateway server. At a high-level, the steps are as follows:

Chapter 11, “Securing Operations Manager 2007,” includes a full discussion on generating and importing certificates.

After generating and importing your certificates (refer to Chapter 11), perform the following steps:

The suggested approach for redundancy with the Gateway Server Component is installing multiple gateway servers and distributing the load of agents between the gateway servers, such that no server is monitoring more than 200 agents at any point in time. This approach provides a way for agents to report to a different gateway server if their primary server is not available.

There is an additional level at which we want to consider redundancy. Gateway servers are configured to communicate with a specific management server. To provide redundancy at this level, we need to be able to configure the gateway servers to fail over between management servers as needed.

To configure gateway server failover between management servers, log in to the management server using an account that is a member of the Administrators role for the management group and open the Command Shell (Start -> All Programs -> System Center Operations Manager -> Command Shell).

Within the Command Shell, we can define the primary management server and failover management server for the gateway server. Perform the following steps:

This process configures the gateway server to have a primary management server of Hornet and a failover management server of Talon.

You can find additional information for the technologies used with the gateway server:

Before we delve into the specifics of how we install any of the Operations Manager 2007 components in a clustered configuration, it is important to start with a brief explanation of what a cluster is, how it works, and what is required to make it work.

A cluster is a group of computer systems that work together to provide either increased computing power or a platform for highly available applications. In the case of OpsMgr, the focus is not on increasing the computing power; rather, the focus is on providing a highly available application (Operations Manager).

A cluster consists of different computer systems called nodes. These nodes are computer systems running Windows Server operating systems (Enterprise and Datacenter edition), which are configured to be part of the cluster. Windows Server 2003 supports up to eight nodes in a server cluster. Clusters use resources that are physical or logical entities managed by the cluster. Examples of entities include IP addresses, network names, and physical disks. Each resource is owned by only by one node in the cluster at any point in time. Resources are collected together into resource groups, which can be moved between the nodes of the cluster. One important resource to be aware of is the quorum. The quorum is the resource that maintains the configuration data that is required for recovery of the cluster, including the details of changes applied to the cluster. Finally, the process of moving resources from one node to another is failover, and the process to move the resources back is failback.

Creating a Cluster

To install a cluster, you need to have multiple systems attached to a shared storage array. Installing a cluster requires at least one network adapter (per system, two recommended), two IP addresses, a cluster name, and at least one shared drive for use as the quorum drive. These components become the resources within the cluster.

The resources required in a cluster include a cluster resource group, which contains at a minimum the cluster IP address, cluster name, and quorum drive (shown in Figure 10.5). To share resources such as a database or the RMS, you would create a second resource group, which means defining at least one additional IP address, name, and shared drive. Use the Cluster Administrator, available under Start -> All Programs -> Administrative Tools, to create the cluster.

Figure 10.5. Default cluster configuration with minimum resources.

Prior to installing any of the Operations Manager components in a clustered configuration, you must first create the cluster and validate its functionality. You can validate the functionality of the cluster by failing resource groups from one node to the other, testing the functionality, and then failing the resource group back to the original node. Follow these steps:

1. For our cluster example shown in Figure 10.5, we start with resources running on the Melbourne server (which will host our clustered RMS). To validate the functionality of this cluster, we need to access the shared resources, which in this case are the IP Address, Network Name, and Physical Disk resources. This test involves pinging the name of the cluster (found on the parameters of the cluster name resources) from a system that is not a member of the cluster. A successful ping validates both name resolution and the IP address (found on the parameters of the IP address resource).

2. To validate the physical disk resource, we access that drive from the node that owns the resource. Opening up the Q: drive on the Melbourne server, you will get one of the following results:

   • If the node owns the resource, the drive is able to read and write to the drive.

   • If the node does not own the resource, a message displays stating that the device is not ready.

Testing Failover

Once we have validated the resources on the first node, we need to fail over the cluster to the second node. Right-click the resource group and choose the Move Group option. Once you have moved the resources to the other node (see Figure 10.6), perform the same process you performed on the first node. Once that test is done, fail back the resources to the original node.

Figure 10.6. Cluster failover to the second node.

If there are any failures in these tests, do not continue installing the application you will be clustering (such as the RMS or Microsoft SQL Server). Instead, focus on resolving the issues and stabilizing the cluster before starting the application installation. Do not install a clustered application until the cluster can successfully function on each node of the cluster and can fail over and fail back without issues.

Tip: Installing Clusters in Virtual Server 2005 R2

You can use Microsoft Virtual Server 2005 R2 to provide a clustering environment without the extensive hardware that is typically required. With Virtual Server, you can create a cluster with a single physical node using virtual SCSI controllers to provide the shared storage for the cluster. This is an excellent method to provide both testing or demonstration environments and can also be used in production environments, depending on the hardware requirements.

An excellent write-up that provides step-by-step processes to create a virtual server cluster is available at http://www.roudybob.net/downloads/Setting-Up-A-Windows-Server-2003-Cluster-in-VS2005-Part1.pdf.

Installing a functional cluster is relevant for the OpsMgr components that use SQL Server and for the RMS component, which we will discuss in the “Root Management Server Clustering” section of this chapter.

After installing the cluster, if you will be providing redundancy for an OpsMgr database component, your next step is to install SQL Server 2005 into your clustered configuration. You can use SQL Server 2005 clusters with the Operations Database, Data Warehouse Database, and ACS Database Components. Because installing a SQL Server 2005 cluster is very similar to a nonclustered SQL Server installation, we will focus on what the differences are and what is required to complete the installation:

The installation process actually occurs on each of the nodes at the same time (which is actually pretty cool!) and is shown in Figure 10.12.

Figure 10.12. SQL Server simultaneously installs on two nodes.

After the SQL Server 2005 installation completes, install SQL 2005 Service Pack (SP) 1. Run the Service Pack installation in the active node in the cluster; like the SQL 2005 installation, the active node can run both SP 1 installations simultaneously. After installing SP 1, reboot each of the nodes (one at a time) before continuing with any other installation activities on the nodes.

Installing the Operations database in a clustered configuration is basically the same as the process explained in Chapter 6. The installation needs to occur on the active node of the SQL cluster. To verify the node, open the Cluster Administrator (Start -> All Programs -> Administrative Tools -> Cluster Administrator), open the connection to the SQL cluster, and make sure that all cluster resources are running on the node where you will be installing the operations database. When installing, make sure to only check the Database component (uncheck the other selections), as shown in Figure 10.13.

Figure 10.13. Installation of the Operations database only.

During the installation process, the SQL Server Database Instance screen has a check box labeled Second node of a Windows Server Cluster, as shown in Figure 10.14. This box should not be checked and can be ignored. Because no program files are installed on the cluster nodes during the database-only installation, there is no need to repeat the installation on the second node of the cluster. (We discuss sizing for the database and logs in Chapter 4.)

Figure 10.14. Specifying the SQL instance.

After completing the installation, you can verify the success of the installation by opening the SQL Server Management Studio (Start -> All Programs -> Microsoft SQL Server 2005 -> SQL Server Management Studio), connecting to the cluster, and verifying that the Operations database exists (the default database name is OperationsManager).

Redundancy Using Log Shipping

Operations Manager 2007 supports log shipping for redundancy on the Operations and Data Warehouse databases.

Log shipping is essentially the process of automating the backup of database and transaction log files on a production SQL server, then restoring them to a standby server. More than that, the key feature of log shipping is that it will automatically back up transaction logs at an interval you specify, and automatically restore them to the standby server. This essentially keeps the two SQL Server systems in sync. If the production server fails (and if you put enough effort into your log shipping setup), all you have to do is point your users to the new server and “go.”

Log shipping requires that the database be set to Full Recovery mode. You can change the recovery mode using the ALTER DATABASE statement with Transact-SQL, or with SQL Server Management Studio. Select Databases -> <database name> and then right-click to select Properties. On the Options page, select the dropdown for Recovery model to change from Simple to Full, as displayed in Figure 10.15 for the OperationsManager database.

Figure 10.15. Changing the recovery model for the OperationsManager database.

Details on how to configure log shipping will be included in the upcoming “Operations Manager 2007 High Availability and Disaster Recovery” white paper, which when it is completed will be available at http://technet.microsoft.com/en-us/opsmgr/bb498235.aspx.

Because the ACS database already has high processing requirements, we do not recommend log shipping (or mirroring) for this database. Also, note that overhead is associated with log shipping, and clustering the Operational and data warehouse databases offers with a less resource-intensive approach.

Before installing the data warehouse, be sure to install and test the cluster (see the “Common Clustering Concepts” section earlier in this chapter) and install SQL 2005 SP 1 on the cluster, as we discuss in the “Installing SQL 2005 Clusters” section.

The actual installation process is the same when installing on a cluster as it is when installing on a single system. When you select components in the OpsMgr setup program, be sure to only choose the Data Warehouse Component (see Figure 10.16), and not the Reporting Server Component. The SQL Server Reporting feature is not cluster-aware and we do not recommend you install it on a cluster, because installing both clustered applications and nonclustered applications on a clustered system is not a recommended best practice.

Figure 10.16. Installing the data warehouse without reporting components.

During the setup process, you choose the clustered instance you created when installing the SQL cluster (in the example shown in Figure 10.17, this is the Operations Database instance called OpsSqlCluster).

Figure 10.17. Specifying the database instance.

The database name defaults to OperationsManagerDW and a size of 1GB. Move the database files to shared storage, shown in Figure 10.18, where the data files are on the D: drive and the log files are on the L: drive. This database size should be set to the estimated database size based on the calculations for the data warehouse sizing, discussed in Chapter 4.

Figure 10.18. Specifying the location of the Data Warehouse database and log files.

Once the database installation is complete, you should see the .mdf and .ldf files in the locations that you specified during the installation (see Figure 10.18 for the path to these files).

The ACS installation will only run from a management server. Therefore, installation prerequisites include installing a management server designated as an ACS collector, and for high availability installing a clustered SQL Server 2005 database environment for the ACS database (see the “Common Clustering Concepts” and “Installing SQL 2005 Clusters” sections for details on these processes). For detailed information on ACS (other than clustering), see Chapter 15, “Monitoring Audit Collection Services.”

Installing the ACS components follows the same steps described in Chapter 6. The ACS installation process installs both the collector and the database. You can validate a successful installation of the database by accessing the server (or cluster) where you created the database and validating that the OperationsManagerAC (default name) exists.

Installing the OpsMgr Data Warehouse or Operations database only creates the database on the specified server; the installation process does not install any executable programs on the server. This is important because it increases the likelihood that these database components will be able to coexist on the same server without having issues from interaction. The ACS installation actually runs from the collector (not from the ACS database server), implying that it also does not install binary files as part of its installation process. This is important because it greatly increases the likelihood that these databases can coexist with other databases on the same server or cluster.

We have deployed multiple configurations where the Operations and Data Warehouse databases run on the same physical node and although there is an impact in terms of increased CPU, memory, disk, and network load, we have not seen any collisions caused by these databases running on the same physical server in the same SQL instance. These concepts bring two major variations on the supported cluster configurations, which would be very likely configurations to use in production deployments. Please note that Microsoft does not support either of the following two configurations at this time, but they should be viable configurations based on available information:

OpsMgr’s capability to capture, aggregate, and report on application crashes depends on the availability of the Agentless Exception Monitoring share. A Group Policy Administrative template specifies the location of this share to the ACS clients. If the AEM share is not available, crash data is not reported.

There are currently no supported (or recommended) methods to provide high availability for the AEM file share. However, using either the Windows 2003 Distributed File System (DFS) or Windows Clustering may provide a viable method of making this share available, even if one of the nodes hosting the sharing is unavailable. At this time, there are several issues with the DFS approach:

Clustering the server that provides the file share functionality (and running it on the RMS) may be the most viable option in the future. This method would allow both the share functionality and port 51906 functionality while providing a highly available solution.

Installing a reporting server within a highly available environment follows the same process used for new installations (which we discussed in Chapter 6).

Note the following items of interest when installing the reporting components:

When the installation completes successfully, we have a functional OpsMgr Reporting server on a single server. At this point, we have a supported configuration, but we do not have a highly available solution.

As we discuss in Chapter 4, you can establish redundancy for this component by using Network Load Balancing, although Microsoft does not support this. The trick on this is how to keep the reporting information in sync between the systems.

Our tests indicate that the first step in creating a redundant reporting configuration is installing a single Reporting server with the Data Warehouse Components on a different server (or cluster, as discussed in the “Operations Database Clustering” and “Data Warehouse Clustering” sections of this chapter). This installation places the report databases local to the system where we installed the OpsMgr reporting components.

To make the configuration redundant, manually replicate the reporting databases between the two systems, and then configure NLB on both reporting servers. Finally, change the OpsMgr configuration to use the NLB address instead of the address of the originally installed reporting server. You can change the address in the Operations console at Administration -> Settings -> Reporting.

We recommend this approach as the most likely method of providing redundancy for the Reporting Server Component at this time.

The RMS is the only management server in the management group running the OpsMgr SDK and OpsMgr Config services. Clustering these services (and the RMS) can provide high availability. Installing a clustered RMS is not a simple process, because the RMS installs as a generic application using generic services.

As an example, when you installed the SQL cluster earlier in this chapter (in the “Installing SQL Server 2005 Clusters” section), the installation created the resources (such as the services) and placed them into the resource group. This is not the case for the RMS cluster. Additional steps are required during the installation process, which are not required with a more cluster-aware application such as SQL Server or Exchange.

The process to install a clustered RMS is not a short one. We recommend testing this process through a virtual configuration prior to trying it in a production environment because this is a long and complicated process.

The following are the high-level steps we will use to install the RMS Cluster.

OpsMgr Prerequisites

On each node of the cluster, check the prerequisites for installing the management server and user interface components, using the Check Prerequisites option from the SetupOM program on the OpsMgr installation media. These prerequisites should include Windows Server 2003 SP 1, MDAC version 2.80.1022.0 or later, .NET Framework version 2.0, and .NET Framework version 3.0 components.

You can ignore warnings from the prerequisite checker, but there is a risk of degraded performance, as shown with the example in Figure 10.24, where the system does not have enough memory available to run the RMS functionality efficiently. You must fix any failed prerequisites prior to installing the OpsMgr components.

Figure 10.24. Prerequisites for the management server and user interface.

OpsMgr Security

For each node in the RMS cluster, add the domain Operations Manager Administrators security group into the local Administrators group (if this global group does not already exist, create a group with this name as a global security group in the domain). The cluster service account needs to be a member of the Operations Manager Administrators security group that you previously added to the local Administrators group on each node. Also, add the SDK and Config service account (OM_SDK, in our case) to the local Administrators group on each node (see Figure 10.25).

Figure 10.25. Security configuration required for each node in the RMS cluster.

Testing the Cluster

To test the functionality of your OpsMgr RMS cluster, open the Operations console. To log in, you will need to specify the name of the RMS cluster (in our example, it is OpsMgrRms) for the server name. In the console, navigate to Administration -> Device Management -> Management Server. You should now see the name of the RMS cluster listed as a management server. In addition, under Administration -> Device Management -> Agentless Managed, you should also see the names of the nodes in the cluster as in Figure 10.27. Notice that the cluster nodes appear as agentless managed. This should change once the Clustering management pack is available, but for now it is normal.

Figure 10.27. Cluster nodes appear as agentless managed.

You can also use the ldifde utility to verify everything is registered properly in Active Directory. Syntax would be the following:

<LINELENGTH>90</LINELENGTH>

Ldifde -f c:ldifdeout.txt -t 3268 -d DC=<domain name>,DC=COM -l serviceprincipalname -p subtree

Although the majority of the entries will register automatically during your OpsMgr installation, you may need to use SetSPN to register the virtual name of the RMS cluster. If you are registering manually, register both the NetBIOS name itself and the FQDN.

The following are SPN entries for a properly registered virtual RMS:

<LINELENGTH>90</LINELENGTH>

dn: CN=CLUST-RMS,CN=Computers,DC=ODYSSEY,DC=com
changetype: add
servicePrincipalName: MSOMHSvc/OPSMGRRMS
servicePrincipalName: MSOMHSvc/OPSMGRRMS.ODYSSEY.com
servicePrincipalName: MSOMHSvc/MONTGOMERY
servicePrincipalName: MSOMHSvc/MONTGOMERY.ODYSSEY.com
servicePrincipalName: MSOMHSvc/MELBOURNE
servicePrincipalName: MSOMHSvc/MELBOURNE.ODYSSEY.com
servicePrincipalName: MSClusterVirtualServer/OPSMGRRMS
servicePrincipalName: MSClusterVirtualServer/OPSMGRRMS.ODYSSEY.com
servicePrincipalName: HOST/OPSMGRRMS
servicePrincipalName: HOST/OPSMGRRMS.ODYSSEY.com

Here are some points to note:

• OPSMGRRMS is the virtual name of the RMS cluster.

• ODYSSEY is the domain name.

• MONTGOMERY and MELBOURNE are the two physical nodes in the RMS cluster.

Note that if the server is in a child domain, you will need DC entries for each level in ldifde. We have also found the following caveats:

• AD does not validate the service name. Be sure you type correctly!

• SetSPN does not return any sort of “access denied” errors if you run it with insufficient privileges.

Repromoting a Clustered RMS

Let’s say your clustered RMS goes down and you need to promote another management server in your management group to become the RMS. Then, when the cluster comes back on, you want to repromote the cluster.

Unfortunately, you cannot get this to work in the OpsMgr 2007 RTM (Released to Manufacturing) code. Microsoft will be fixing this when Service Pack 1 is released. In the interim, Microsoft is making a promotion tool available that you can try in your environment. We include this tool, RMSClusterDR.zip, on the CD accompanying this book. The zip file includes an updated version of the ManagementServerConfigTool.exe utility and instructions.

Be aware that the tool is not officially supported by Microsoft. The company suggests you use it for lab testing purposes only.

The amount of memory available to the servers in an Operations Manager 2007 environment has the most direct impact on the performance of OpsMgr. There are a variety of reasons why this is the situation:

Figure 10.28. Task Manager on RMS.

To summarize our recommendations on memory: Go big! Particularly with 64-bit operating systems, the cost required to install systems using over 2GB of memory is not anywhere near where it was in recent years. For the RMS, go with 8GB if the cost is not prohibitive. For database servers, go with 16GB (or 32GB if that is not cost prohibitive). The more memory, the better the performance you will have with your Operations Manager environment.

Operations Manager itself will notify you when you are reaching bottlenecks with your servers that run your Operations Manager components. During one deployment, we started with an RMS on a server that had 2GB of memory, but due to messages from OpsMgr, we ended up increasing it to 6GB. On the database side, we started with a 4GB configuration but ended up upgrading it to an 8GB configuration (again due to bottlenecks identified by OpsMgr itself).

Disk performance is extremely important, particularly for the database-related components used by Operations Manager. From a disk perspective, the more spindles the SQL Server has, the better it will perform. The preferred method is to configure your system using multiple drives for the operating system, SQL binaries, and the Windows page file (swap file), transaction logs, and data files:

The exception to this rule is when you are connecting your SQL Server to a Storage Array Network (SAN). In this situation, you would use the following configuration:

Remember that when it comes to performance, the more spindles you can put to a drive, the better the performance you will get from it. As an example, a RAID 10 array with four drives outperforms a RAID 10 array with two drives!

Although processor performance is important in Operations Manager, OpsMgr bottlenecks are most likely from memory or disk from a performance perspective. The same applies from a networking perspective. For high-usage environments, consider a gigabit network connection for the various OpsMgr servers to communicate with each other; but a bottleneck on the network adapter is not very likely from what we have seen.