Operations Management Suite (OMS) is Microsoft's management and monitoring product that bridges the hybrid cloud environment. It integrates support for both cloud and on-premise infrastructure, allowing flexible options to shift with an organization's journey. The presentation discusses what OMS is, how to get started, who is using it, upcoming solutions, and how Softchoice can help. It provides overviews of the OMS portal, settings, solutions, and demonstrations of specific solutions like SQL assessment, security and audit, and network performance monitoring.
3. Agenda
• What is OMS and why do I need it?
• How do I get started with OMS?
• Who is using OMS and what for?
• What latest solutions are coming to OMS?
• How can Softchoice help?
• Q&A
5. What is OMS?
Operations Management Suite is Microsoft’s management and
monitoring product to bridge the hybrid cloud environment
from traditional on premise solutions. By integrating support
for both cloud and on premise infrastructure, OMS is able to
provide flexible options to shift along with your organization
and it’s journey.
6. Why OMS?
• Increased operational flexibility and agility
• Reduce the time to respond to incidents
• Optimize business critical infrastructure
• Reduce costs
16. Who is using OMS?
• Diverse industry customers with SCOM already implemented
for their on premise environment
• Early adopter Hybrid Cloud enterprises with complex systems
in both Azure and on premise
• New Azure customers with no existing monitoring and
management solutions
• Different sized customers looking for DR with Automated Site
Recovery and monitoring
37. Next Steps
• If your looking for assistance with OMS to assist in managing your Hybrid
Cloud Infrastructure…..
• Architecture guidance and support, white board session
with a Solutions Architect
• Licensing, analysis and cost guidance with a Microsoft Solutions Specialists
• Contact Luke Black at Luke.Black@Softchoice.com if you are
unsure of who your Softchoice Account Representative is.
Over 14 years experience in Information Technology roles, began with over 3 years in an internal staff role, then move to the consulting arena which included experience in data center services, managed service provider, and Sr. Systems Engineer focusing on many Microsoft centric solutions
In an organizations move to adopt Hybrid Cloud, what are the main drivers to leverage OMS?
The ability to expand and contract your Hybrid Cloud infrastructure, quickly and efficiently, as business demands change.
Get mission critical information sooner to head off downtime or slowdowns in your infrastructure. How much does downtime cost your enterprise?
Make sure your Hybrid Cloud environment is operating at peak performance and is configured according to industry best practices.
By combining the many benefits of OMS, enterprises will see a reduction in costs due to the improvements and efficiency of their Hybrid Cloud infrastructure
4 main components or solutions and services make up OMS:
Log Analytics: for immediate insight into your infrastructure
Security & Compliance: Respond faster to Security risks and identified industry leading compliance factors
Azure Automation: Enable control: Immediate alerting; On-demand remediation; Orchestrated recovery; Automated backup
Protection and Recovery: Azure Backup and Automated Site Recovery for DR of infrastructure
Azure subscriptions:
Free $200 credit for 30-days;
Microsoft Partner Credit options; MSDN subscription credits $150 every 30 days
Microsoft Action Pack credit ($475/yr) $100 every 30 days
Regions available currently are: East US, West Europe, Southeast Asia
Basic information about your OMS Workspace from the Azure Portal, this is where you install the Azure VM OMS extension, change the pricing tier of this OMS instance, add or remove storage logs, as well as get to the Quick Start help to configure OMS. You can also jump directly into the Log Search from the Workspace in place of opening the OMS Portal.
The OMS Portal lands on the Overview screen, giving you a wide view of OMS Solutions installed and configured. Each tile will take you into the individual solution overview or directly to the Log Search for the query related to that solution. In the OMS Portal Overview you have the left menu as well as the 5 default tiles to jump directly into Overview, Log Search, My Dashboard, Solutions Gallery
Getting started in OMS requires configuring the following: Solutions (select you solutions from the solutions gallery)
Connected Sources: (select your VMs from the Workspace to install the OMS extension) physical or on prem machines will need to have the OMS agent installed and configured to communicate with OMS using a workspace ID and primary & secondary key. Additional server types and sources can be connected to OMS here including Linux Servers, Azure Storage Logs, SCOM, Office 365 and additional solutions like is pictured for Windows Telemetry
Next is configuring the data to pull from the connected sources: Event Logs, Performance Counters, IIS Logs, Custom Logs, Syslog
When configuring things like Event Logs, plan on being selective at first to see how much data multiplied by how many sources are connected. Informational events can be useful, but can also add up quickly if you are not using the Standard or Premium tier. Finding event logs of interest is easy by just beginning to type into the search box and suggestions will automatically populate in the list of available logs.
The Accounts section gives you the ability to send invites to organizational users or users with a Microsoft account.
The Alerts section under settings gives you the control to disable, edit, or delete the alerts. New Alerts can be created from the Log Search screen and can pull in the current query to make it easy to build your own alerts. Alerts can contain a json payload when you enable webhooks to take advantage of services like slack.com for team collaboration and alert management. Alerts can also call a Runbook that you already have created in your Azure Automation account. This feature can trigger a PowerShell script to automatically remediate an alert that has been triggered.
Softchoice provides services to many different industries that are leveraging OMS. Whether you have already extended your infrastructure to the cloud or are still planning that first step, Softchoice has extensive experience in Hybrid Cloud planning and implementation.
The Solutions Gallery is where you can investigate new or additional solutions. New solutions notifications show up on the Overview screen to let you know they are available or coming soon. You can add as many of the available solutions as you would like, but this also will increase the amount of data and log storage consumed by OMS. Remember the free pricing tier is limited to 500MB total upload per day with a 7 day retention time. The Standard and Premium are unlimited on the daily upload limit but have a 30 day and 1 year retention period.
Most customers are overwhelmed at the choice of solutions, but these first 7 are critical to just about every organization. Typically Softchoice would discuss your environment and determine a list of solutions by partnering with your team. After you have the primary list configured and collecting data, you can then jump into product specific solutions like SQL Assessment, ASR, Change Tracking, Azure Automation, Network Performance Monitor (Preview), and Office 365 (Preview) etc. If you are leveraging OMS for something specific in the solutions gallery, then by all means add that to your primary solutions list. Some solutions do take additional configuration outside of installing the agent. For instance the Office 365 solution requires a Global Admin account to connect the tenant to the OMS organization. There are limitations as well, like only being able to connect an Office 365 subscription to one OMS Workspace, where one OMS Workspace can have multiple Office 365 subscriptions.
Selecting a solution title will take you to a detailed view describing what can be accomplished with that solution. Adding a new solutions is as easy as clicking the big blue button. You will see the solutions you have selected both in the OMS settings -> Solutions screen or when viewing the Solutions Gallery. The solutions titles will show (Available, Coming, or Owned). Some solutions will require additional configuration, either under OMS settings, or individual client configuration. Some solutions require that client meet prerequisites and also require PowerShell scripts to enable the communication to OMS.
The My Dashboard (4th icon on the left menu) is a customizable screen to view the interesting data collected by OMS. Each tile can take you directly to Log Search to see the relevant data described in the tile. The Log Search or Log Analytics is extremely powerful and efficient to filter the event by Queries or drag & click filtering. As you can see in this lab environment there are over 5 million Security Events that can be filtered down to just the activity you wish to see.
Jumping into any of the tiles will start to use the query built to show the data on the dashboard. From the Log Search screen, you can select additional criterial by: selecting a “6 hour” bar at the top left or dragging the time period bar, or change the drop-down from 7 days to a different time period. Further filtering can also be done using the event Type on the left which include SecurityEvent, Heartbeat, Event, NetworkMonitoring, ProtectionStatus, and many more depending on the solutions added to OMS. Using the +More link will expand the list further to include types with fewer event quantities if needed.
On the Update Assessment overview, you can easily see how current the updates are in your Hybrid cloud environment. Common Update Queries are also included to jump into Log Search and drill down to get additional information on updates. If you environment uses WSUS for patching, you can also leverage the groups created for their management in OMS settings.
SQL Assessment gives you: Security, Compliance, Business Continuity, Performance and Scalabilty, Upgrade Migration and Deployment, as well as Operations and Monitoring information. This is a great way to find the most common configuration issues in your SQL infrastructure.
Selecting a Focus Area will give specific recommendations with guidance on the affected objects. Additional context is also provided to allow you to research the validity of the recommendation in your environment.
Security and Audit overview helps find possible vulnerabilities in the monitored assets. Each item on the overview leads to further detail in the Log Search screen to filter further if needed when investigating remediation steps. A heat map of any suspicious activity is also presented on a global map. One of the first instances Softchoice implemented found compromised accounts on Azure VMs that were breached due to simple passwords. These threats were found in less than an hour of turning on this service.
The AD Assessment solution gives insight into the Security & Compliance, Availability & Business Continuity, Performance & Scalability, and Upgrade, Migration & Deployment. Just from installing the OMS Agent on a few of my lab VMs I could see that I never reconfigured backup of the AD DS servers.
The AD Replication solution is fairly basic but will also allow you to catch replication issues early. This status quickly shows replication errors due to an AD DS server being removed from the lab but metadata cleanup was not performed after the removal procedure. Just by following the Replication Error Types tile we can see further detail.
Here are the details of the replication errors being recorded in the environment when you drill down into the Log Search data. Here is where we see the name of the server that is no longer replicating in the monitored hybrid cloud environment.
One of the newer items in Solutions Gallery is the Network Performance Monitor. Instead of getting network data from a tradition network device flows, the solution pulls tcp latency information from each client configured to report this data to OMS. A PowerShell script is necessary to configure, in addition to the OMS client or extension. Once your clients report into OMS after running the PS script, you will generate data to create your Networks and Subnetworks that you wish to monitor in your Hybrid cloud environment.
Once the data is showing up in the NPM setup overview, you can create Networks which are a container of defined subnets. Next you can define Subnetworks and enable or disable monitoring for that resource. Networks and Subnetworks can be named according to your organizational operations, locations, or function. Nodes configured for the NPM will populate and also give you the ability to enable or disable monitoring for that resource. The Monitor item allow you to setup different Rules based on what you want monitored. For instance, you might not have connectivity between a DMZ and internal Subnetwork that would yield a false positive in the Overview screen.
Incorrectly setting your Monitor rules will show results like this (Unhealthy Network Links). These are two healthy networks, that are not connected, but the rule is detecting the default rule for All Networks and All Subnetworks for monitoring.
Correcting the rules will clean up the false negative results on the NPM overview.
Digging into the reported data will yield latency information to chart in the NPM workspace. As you can see, when a hypervisor host was down, two VMs are reporting 100% loss due to the maintenance outage.
Cost and quantity of OMS data: Using multiple OMS Workspaces for different retention times can alleviate Dev or UAT environments from consuming too many resources and incurring additional costs.
Security of information in OMS: The collected data is sent over the Internet using certificate-based authentication & SSL 3 to the Log Analytics service, which is hosted in Microsoft Azure. Data is compressed by the agent before it is sent. Data is also logically separated between customers throughout the lifecycle and is enforced at each layer of the service.
How would you automate the installation of the OMS agent and have it configured for your workspace?
Can you move an agent installed machine to a different workspace?