Monitor Azure with SCOM

Requirements

  1. An agent-managed computer to act as the agent proxy. This server is used to query the Azure platform.
  2. Details of the DNS prefix, subscription ID and deployment slot of the application.
  3. A copy of the certificate, including the private key and its password.
  4. Access to the Azure platform through an unauthenticated web proxy. This includes the following URLs:
    1. https://application DNS prefix.table.core.windows.net/*, e.g.
      https://application.table.core.windows.net/*;
    2. https://management.core.windows.net/*;
    3. http://crl.microsoft.com/PKI/*; and
    4. http://www.public-trust.com/cgi-bin/crl/2018/cdp.crl
  5. The IP address and port number of the aforementioned proxy.

Configuration

  1. Create an account of type binary authentication to contain the certificate, and distribute it to the agent proxy computer.
  2. Create an account of type basic authentication to contain the password to access the certificate.
  3. Create a new Windows Azure Application object:
    1. entering the DNS prefix, subscription ID, deployment slot of the application;
    2. select the certificate and authentication accounts; and
    3. select the proxy agent and enter the IP address and port of the web proxy.
  4. Wait for the application become available under Monitoring > Windows Azure.
    Any problems connecting to the platform will be logged in the Operations Manager event log on the proxy agent.

Custom performance monitoring

  1. Import an existing management pack from SCOM into the Authoring Console.
  2. Create the rule:
    1. select Health Explorer > Rules > New > Custom Rule;
    2. enter an ID and name;
    3. select Windows Azure Role Instance as the target;
    4. create a data source module of type Windows Azure Role Instance Performance Counter Collection Simple Data Source called DS;
    5. edit the data source and configure the values as appropriate;
    6. if a specific instance is to be monitored, create a key called InstanceName;
    7. if all instances are to be monitored, create a key called AllInstances and set its value to true;
    8. create two actions:
      1. one of type Performance Data Collection Write Action called WriteToDb; and
      2. the other of type Performance Data Publisher called WriteToDw; and
    9. disable the rule.
  3. Export the management pack to SCOM.
  4. Create a group in SCOM containing the instance(s) of Azure to which the rule is to be applied.
  5. Override the rule to enable it for the group.

Execute a PowerShell script as a standard monitor in SCOM

Custom monitors in SCOM may, unless the Authoring Console is used or custom XML employed, only execute VBScript. PowerShell scripts can still be executed though, as long as they’re Base64-encoded and wrapped in VBScript.

  1. Write a PowerShell script that places its output on the console as easily-identifiable strings, the output from which can be easily parsed by VBScript, e.g.

    Success: 0
    Error message: Insufficient memory.
  2. Encode the PowerShell script to Base64, where {Script} is the script:

    $Command = '{Script}'
    $EncodedCommand = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($Command))
    $EncodedCommand > EncodedCommand.txt
  3. Create the monitor, implementing a VBScript similar to that below, but inserting the contents of EncodedCommand.txt into the PsScript variable.

    PsScript=""
    Command="PowerShell.exe -EncodedCommand " & PsScript
    Set Shell=CreateObject("WScript.Shell")
    Set Executor=Shell.Exec(Command)
    Executor.StdIn.Close
    varPSResult=Executor.StdOut.ReadAll
    
    varSuccess=Mid(varPSResult, InStr(varPSResult, "Success: ") +
    Len("Success: "), 1)
    varErrorMessage=Right(varPSResult, Len(varPSResult) - (InStr(varPSResult,
    "Error message: ") + Len("Error message: ") - 1))
    
    Dim oAPI, oBag
    Set oAPI=CreateObject("MOM.ScriptAPI")
    Set oBag=oAPI.CreatePropertyBag()
    
    Call oBag.AddValue("Success", varSuccess)
    Call oBag.AddValue("Error message", varErrorMessage)
    Call oAPI.Return(oBag)
    		
  4. Configure the healthy, unhealthy and other components as appropriate.

Monitor SharePoint with SCOM

Monitoring SharePoint Foundation/Server with SCOM requires some additional configuration following the installation of the management pack.

  1. Download and install the latest version of the SharePoint Foundation and, if appropriate, SharePoint Server management packs to SCOM.
  2. If using SCOM 2012 or later, also download and install the 2012-specific management pack for SharePoint.
  3. Create or utilise an existing domain user account, e.g. Domain\ScomMonitorSharePoint, granting it the following permissions:
    1. membership of the Farm administrators SharePoint group;
    2. membership of the sysadmin SQL Server role; and
    3. membership of the local administrators group on all servers in the farm, except those that exclusively run SQL Server.
  4. Create or utilise an existing Run As account in SCOM for this user account, configuring the distribution of the credential to all servers in the SharePoint farm.
  5. Ensure that the SharePoint Discovery/Monitoring Account profile is configured to use the configured account.
  6. Create (copying from the management pack installation directory) or modify the SharePoint Server management pack configuration file on the RMS (emulator), which is stored as C:\Program Files\System Center Management Packs\SharePointMP.Config: under <Association>, modify as appropriate, depending on whether or not a new Run As account has been created. Further instructions are located in this file.
  7. Run the SharePoint server discovery: select Monitoring > SharePoint Products > Administration > Tasks > Microsoft SharePoint Farm Group Tasks > Configure SharePoint Management Pack > Run.
    Resolve any errors presented.
  8. Wait for approximately 30 minutes for SCOM to discover the instance(s) of SharePoint.
    NB: any problems will be reported in the member servers’ event logs.