SCOM 2012 Linux Monitoring (Lab) – Part 2 Configure SCOM 2012

In part 1 we installed LINUX and now it is time to get SCOM 2012 ready for LINUX monitoring.

There are several steps we need to do:

  1. Set up a Resource Pool
  2. Import the management packs
  3. Setup name resolution
  4. Configure the RunAs accounts
  5. Assign the RunAs accounts to profiles.

1. Create Resource Pool

This pool groups one or more SCOM management server together to achive high available monitoring for LINUX. For example if one management server fails another management server in the Resource Pool will take over.

In SCOM console go to Administration/Resource Pools right-click an choose “Create Resource Pools”

image

Give it a meaningful name e.g. LINUX

image

Add the management servers to the pool which are responsible for LINUX monitoring. I just have set up one management server.

image

If you add more than one management server to the pool you need to take an additional step according to here. For each management server you need to export the root certificate and import each management server root certificate from every management server in the Resource Pool. Do this after the Resource Pool wizard is finished.

For example – Resource Pool “LINUX” contains management server (MS) MS1, MS2, MS3. MS1 must import the certificates from MS2 und MS3. MS2 must import the certificates form MS1 und MS3 and so on…

The commands are:

Export:

%ProgramFiles%\System Center Operations Manager 2012\Server\scxcertconfig.exe – export c:\Temp\<filename>

Import:

%ProgramFiles%\System Center Operations Manager 2012\Server\scxcertconfig.exe –import c:\Temp\<filename>

Note: If you deploy from MS1 an agent to a LINUX machine, the management server MS1 signs the certificates for the agents with its certificate. In case MS1 fails and the LINUX agent makes a failover to MS2 the LINUX agent would not trust to the new management server because MS2 has a different certificate – no communication would be possible. Because of that you need to exchange the certificates.

On the next screen hit “Save”

image

And “Close”

image

2. Import Management Pack

Start the management pack import wizard and choose to import MP from disk. Go to your SCOM 2012 source and navigate to the Management Packs folder. Now you need to select the following MP.

image

Click “Install”

image

After you imported these MPs RESTART the System Center Management and System Center Management Configuration Services or just reboot the management server. I had trouble installing the LINUX agent but after restart of the services/server everything went ok. Just in case…

image

3. Setup Name Resolution

In order to get the name resolution working for the LINUX system from the management server I modified the hosts file in C:\Windows\System32\drivers\etc on my SCOM management server…

image

After modification ping the the name of your LINUX system and make sure the name resolves to its IP address.

4. RunAs Accounts

There are three accounts we need to setup and map these to the appropriate profile.

I copied this a table out of a ppt slide from the CEP SCOM program. This shows you the accounts and what they are used for.

image

In my example I used a user called “monuser” as used in this script which we will need in Part 3. Also in part 3 we will add this user to our SUSELinux computer. For now every time you need to enter the monuser credentials  choose the same password.

To create the accounts in the SCOM console go to Administration/UNIX/Linux Account/Create Run As Account…

image

First we create a low privileged LINUX Action Account. Choose Monitoring Account…

image

Give it a display name…

image

Enter the monuser credentials. Remember this user will be created in part 3, at this time it doesn’t exist. You just choose some password, but be sure to set the same password later in part 3!

image

Choose More secure an add the management server(s)…

image

Finish/Close…

image

LINUX Privileged Account

Choose Monitoring Account…

image

Give it a display name…

image

Again enter the monuser credential which we are going to set in part 3.  Now choose for this account “Elevate the account using sudo for privileged access”…

image

Again More secure and add the management server(s)…

image

Finish/Close…

image

Agent Maintenance Account

For upgrade/uninstall/restart the LINUX agent we need the Agent Maintenance Account.  Start the same wizard as before, but now select Agent Maintenance Account…

image

Add a display name…

image

Enter the monuser credentials. Remember this user will be created in part 3, at this time it doesn’t exist. You just choose some password, but be sure to set the same password later in part 3! Choose “This account does not have privileged access”…

image

Very important choose “Use sudo elevation”…

image

Choose More secure an add the management server(s)…

image

Close/Finish…

image

Now that you created these 3 accounts we need to assign these accounts to profiles.

5. LINUX Profiles

After you imported the LINUX management packs these 3 profiles were created…

image

Add to each of these profile the appropriate account which we created in the step before.

UNIX/Linux Action Account Profile

image

Add the LowPrivAccount to this profile. Select “All targeted objects”…

image

UNIX/Linux Privileged Account Profile

image

Add the HighPrivAccount to this profile. Select “All targeted objects”…

image

UNIX/Linux Agent Maintenance Account Profile

image

Add the AgentMaintAccount to this profile. Select “All targeted objects”…

image

That’s it SCOM is now ready for the next part…

About Stefan Roth

Consultant
This entry was posted in Xplat. Bookmark the permalink.

10 Responses to SCOM 2012 Linux Monitoring (Lab) – Part 2 Configure SCOM 2012

  1. mohammad says:

    where is part 3 ???

  2. Matt says:

    Hi,

    Can the same management server(s) monitor both linux/unix servers as well as windows ones. Reading about resource pools for Network Monitoring, the resource pool and the management servers it contains must be dedicated to Network Monitoring. Is the same true for linux/unix monitoring? In a big distributed monitoring environment this could get expensive if the same management servers cannot reside in 2 pools (the all servers pool for windows management and the linux/unix resource pool) and do monitoring for both.

    • scomfaq says:

      Hi Matt

      Well it depends :). If you have a large Environment of Linux machines then it is best practice to assign dedicated management server(s) in a dedicated resource pool for Linux. If you just got a few Linux computers and also Windows computers you can share this pool for both tasks.
      Technically a management server can reside in multiple pools.

      Regards,

      Stefan

  3. kabir says:

    Hi

    Im confused is this to allow us to Add red hat servers to SCOM so we can manage alerts from there, sorry very new to SCOM and struggling to add Red Hat Servers to the application.

    • scomfaq says:

      Hi

      This post Shows you how to integrate Linux machines into SCOM and which steps you need to take. As you might know SCOM is for monitoring Windows systems and in SCOM 2012 there is better support for monitoring Linux systems. Finally the Linux systems will show up in the SCOM console and there will be basic stuff monitored as network adapter, disk space, memory, processor etc.

      Cheers,

      Stefan

  4. Bas says:

    Hi,

    Great guide on adding Linux monitoring. However (and I don’t know if this is a SCOM 2012 SP1 feature is) when importing the management packs make sure to import the appropriate .MPB file as well (in this case it would be the Microsoft.Linux.SLES.11.mpb located on the installation source). This MPB file contains the agent installation sources for the specific Linux distribution.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s