MOM Knows Better

Microsoft tries managing more than Windows

Finally acknowledging that businesses use operating systems other than Windows and might even use Unix, Microsoft Corp. has taken some baby steps toward providing full-fledged system management with MOM 2000.

Microsoft Operations Manager is Microsofts first Windows-only tool to make the jump to Unix, although that support is only rudimentary. (Microsoft is leaving it to others to develop more advanced Unix monitoring agents that can be integrated with MOM.)

Shipping since last month, MOM is based on NetIQ Corp.s Operations Manager nee Mission Critical Software Inc.s OnePoint Operations Manager, albeit with a number of improvements, including the ability to process Unix syslog data and a streamlined installation process.

But MOM is still a Windows- centric management tool. Competitors such as BMC Software Inc.s Patrol products, which can manage a wide range of Windows, Unix and mainframe systems, arent in danger of being replaced by MOM ... yet.

Judging from eWeek Labs tests, system managers with large numbers of NT and Windows 2000 servers would do well to take a look at MOM to reduce management costs. Even though the initial implementation cost is steep—$895 per managed CPU and a hefty $995 for the application management pack—MOM will likely reduce long-term costs.

Microsofts SMS (System Management Server)—the companys long- languishing first attempt at system management—will likely remain a separate tool. Slightly overlapping the server configuration and diagnostic capabilities of MOM, SMS was released more than five years ago but is still only at Version 2.

MOM monitors everything

During tests, it was simple to deploy MOM agents to managed servers. Once the agents were in place, the MOM application pack started to monitor all Microsoft applications running on those servers, including SQL Server and Exchange. Within minutes, we got a warning that the Primary Domain Controller was not correctly configured to receive external time synchronization. The warning provided instructions on how to use a command-line option to correct the oversight.

This information came from the Domain Controller Event Log; MOM consolidates warnings and informational messages from such sources as SNMP traps, event logs and performance monitors on a single screen.

As we dealt with the problem, there was space in the error notification to make notes so the next time this occurred other operators would be able to benefit from our experience. This does away with the need for the "sunflower" approach of sticking yellow Post-It notes around the edge of the management console.

From the management console (see screen, Page 57), it was easy to see system status. When a problem occurred, a red or yellow icon provided a visual cue to follow.

Although MOMs rudimentary management system kept us from being flooded with duplicate error messages, we often had to open nearly 10 windows to get to just one problem. Managers of large sites should run a pilot deployment for several months to determine how to segment MOM responsibilities so operators can effectively manage data.

MOM is built on an impressive architectural base that allows management tasks to be distributed across the enterprise. Although it took the better part of a week to understand the implications of splitting up MOM components across a number of systems, we were able to run the software without any difficulty on the first try.

Using this split configuration, MOM could track performance information such as memory and disk utilization from machines in domains that sent data to a central repository. This made viewing reports a relatively simple process, even for a large number of managed servers.

It took us less than half a day to figure out how to create sophisticated performance-monitoring tools that let us set up warnings based on complex circumstances. For example, we could get an alert when CPU utilization stayed at more than 75 percent for longer than 3 minutes.

Although MOM can receive and store information about SNMP traps from any device, its specialty is server management, and for now we recommend that IT managers use the product for that purpose only. We used the Web-based client to view performance data and utilization reports. As is usual for system management tools, the Web console is read-only.

During tests, MOM discovered NT and Windows 2000 servers in the Active Directory tree and pushed customized monitoring rules to them. On the two machines running Exchange, we were able to make a new rule that notified us when key services went down. We let MOM run overnight, and the next day the new rules were working on the Exchange servers.

Microsoft doesnt plan on providing performance-monitoring agents for any products but its own, so IT managers should keep an eye out for third-party developers to do this.