Microsoft System Center 2012 Operations Manager is an upgrade to System Center Operations Manager 2007 R2. The new version of Operations Manager is evolutionary, building on a successful framework rather than reinventing too much. The upgrade offers both under-the-hood improvements and UI usability enhancements. In addition, this version of Operations Manager adds a few major features to the core Operations Manager product, one of which is a new capability for managing devices that are not computers. A default installation of Operations Manager now includes a network-device discovery and monitoring engine that positively identifies specific network devices and graphically correlates computer-to-device relationships.
What's New
Operations Manager can monitor hundreds of devices such as network switches, routers, and firewalls, and load balancers at the port level, and can correlate this information with server- and application-health models. Figure 1 shows the default Network Monitoring views. Note that routers, Hot Standby Router Protocol (HSRP) groups, switches, and Virtual LANs (VLANs) have dedicated state views on the left. The network devices that are discovered on this small business network include a few Cisco routers and HP switches, some HP and Lexmark network printers, and a few other devices, such as an HP tape backup library. Also note the Certification column on the right; I'll cover this in more detail later.
Figure 1: Network Devices state view
After Operations Manager has discovered the devices on your networks, a correlation pass identifies interfaces on network devices that match up with interfaces of previously discovered devices and Windows computers. These automatically selected interfaces on network devices are monitored for performance, errors, and availability. This viewing of network-device health, in the context of computers that are interconnected by devices, is powerful and logical. The automatic selection of only key interfaces for monitoring is a clever approach that avoids collecting too much interface-performance data.
What's Now Old
At a programming level, previous versions of Operations Manager included a rudimentary, generic network-device monitoring capability that's based on the Microsoft.SystemCenter.NetworkDevice Library, which is deprecated in System Center 2012 Operations Manager. All existing third-party and in-house custom Operations Manager 2007 management packs for network devices are built on this library for SNMP device monitoring. This news isn't too bad: The earlier library was known to have scaling and performance issues, and not many IT shops have used Operations Manager extensively for network-device monitoring so far. The new version of Operations Manager includes backward-compatible support for legacy management packs written to use the older library.
The new, scalable, full-featured network monitoring in Operations Manager uses the System.NetworkManagement Library for SNMP monitoring. Publishers of commercial network-device management packs for Operations Manager 2007 will need to update those packs to use the new SNMP library, which includes support for the more secure SNMP version 3 (SNMPv3) protocol. Evolving beyond clear text, community string-based SNMPv1 and SNMPv2 security to encoded, cryptographic SNMP V3 security is important for confident automation of network device management.
Deciding to Deploy Operations Manager 2012 Network Monitoring
It's impossible to manage an enterprise network by monitoring only network devices but not servers and applications. Likewise, monitoring only servers and applications, without monitoring the network devices that interconnect and support those servers and applications, is insufficient. Experienced network admins will agree that isolating intermittent or complex connectivity issues to the application or physical layer can be a time-consuming task. Any solution that integrates both layers by highlighting application-to-device dependencies is a great innovation. Such a solution speeds fault isolation and even provides input to automatic recovery workflows. Whether you decide to deploy this feature of Operations Manager might depend on which level of integrated network monitoring you already have in place.
Monitoring both the physical and application layers of the network in a single pane of glass is a goal of most IT pros. The new Operations Manager Network Monitoring feature is Microsoft's first serious attempt to deliver that desirable, holistic picture. Many organizations today use multiple monitoring applications to instrument both the physical and application layers. It isn't uncommon for an IT shop to run Operations Manager 2007 for monitoring servers and applications, as well as running another application, such as SolarWinds Orion Network Performance Monitor or Ipswitch WhatsUp Gold Premium, for switch and router monitoring.
Where does Operations Manager Networking Monitoring fit into the management space, and should you consider deploying this feature? When making that decision, remember that monitoring network devices is not free when you use commercial software. SolarWinds charges about $2,500 for 100 interfaces; Ipswitch charges about the same, but more generously licenses 100 devices with unlimited interfaces. The license model for network devices in Operations Manager is based on the type of network device that is being monitored. There is no charge to monitor devices that operate at network Layer 3 and lower, such as conventional switches. Devices with OS environments that function above network Layer 3 require a System Center 2012 standard management license, which is about $1,300. Consider the following scenarios, which might apply to organizations that use Operations Manager to monitor their networks.
Scenario 1: Large organizations. Organizations with thousands of monitored network devices might already have deployed a high-investment network-monitoring solution. Operations Manager Network Monitoring is not designed for thousands of devices like heavyweights HP OpenView and IBM Tivoli. In this scenario, consider adding Operations Manager device monitoring to speed problem isolation in specific applications. Examples of such situations include co-monitoring of iSCSI SAN switches and network load balancers that support a critical distributed application running on Windows servers.
Scenario 2: Midsized-to-large organizations. Organizations with several hundred network devices might have deployed some device monitoring. In this case, take a hard look at the features in Operations Manager Network Monitoring. Can you retire an existing, secondary SNMP monitoring tool? You gain a lot with the Network Monitoring, computer-to-device correlation feature. However, you don't want to pay twice to monitor the same device. A hybrid approach might be to use Operations Manager for your datacenter core devices and to use another dedicated SNMP monitoring tool for large populations of edge switches and routers. Consider using a connector into Operations Manager, such as the SolarWinds Orion Management Pack, for those devices that aren't monitored natively by Operations Manager.
Scenario 3: Small-to-midsized organizations. Organizations that deploy few network-device monitoring tools might consider Operations Manager Network Monitoring for all network devices. The insight into availability metrics on your devices, and the ability to correlate network issues to server issues (without deploying any additional software), could be a big success story.
Certified vs. Generic Network Devices
Be aware that Operations Manager Network Monitoring classifies network devices as certified or generic, depending on their status in the Operations Manager network-equipment database. Generic (or unrecognized) devices are monitored for ping or SNMP responsiveness; port monitoring looks for generic devices that support standard SNMP interfaces. Certified devices are recognized and specific additional monitoring applied. For example, the left side of Figure 2 displays the Operations Manager health model for a certified router from Cisco. This model includes monitoring of memory and processor utilization. The right side of the figure shows the health model of a different Cisco router. This model includes only generic Operations Manager monitoring support.
Figure 2: Health models of two network devices
System Center 2012 Operations Manager doesn't include the ability to import or compile MIB files that you supply, or to add devices to the certified database. The database of supported network devices is static and expected to be updated centrally by Microsoft. Before expecting enhanced monitoring to work with a particular model of router or firewall, test that you can monitor your key device or devices or consult the link about supported devices in the "Learning Path."
How to Deploy System Center 2012 Operations Manager Network Monitoring
One of the under-the-hood enhancements in System Center 2012 Operations Manager is the concept of management and gateway server resource pooling. In previous Operations Manager releases, provisioning of redundant monitoring for network devices required multiple watcher nodes against the same devices. In this version of Operations Manager, fault tolerance of monitoring nodes is automated by assigning groups of managed network devices to multimember management or gateway server resource pools. In the resource pool model, two or more monitoring servers transparently load-balance and provide failover coverage for one another.
- Larger organizations (i.e., those with more than several hundred network devices to monitor) need to pay special attention to the placement and distribution of Operations Manager management and gateway servers that are members of a network-device monitoring pool. Prerelease sizing documents from Microsoft suggest that a System Center 2012 Operations Manager management group, employing two resource pools of three management servers each, can monitor about a maximum of about 2,000 network devices.
- Midsized organizations (i.e., those with up to several hundred network devices) might consider two or three servers for a dedicated (and highly available) network-device management resource pool.
- Smaller organizations (i.e., those with a few dozen network devices) can deploy the Operations Manager Network Monitoring feature on a single server, without any complications.
Your Operations Manager management group is limited to a maximum number of unique discovery rules, equal to the number of management and gateway servers in the management group. In other words, each management server or gateway server can be assigned exactly zero or one discovery rules. A discovery rule can run on the server once per day at a given time or manually only. Figure 3 illustrates how a discovery process is performed by a selected Operations Manager server and then monitored by a specified resource group.
Figure 3: Discovery and monitoring processes
Best practice is to consolidate all discoveries into as few rules (and servers) as possible, and to allow the automatic daily discovery process to run, optionally with the recursive discovery type selected. The intelligent process that enables both monitoring on server-connected interfaces and correct diagramming in the Network Vicinity Dashboard requires existing computers and devices to activate monitoring on discovered interfaces. Firing that discovery process daily keeps the dashboards accurate and useful, even as the server and device topology changes.
Introducing the Network Dashboard Views
In addition to all the familiar Operations Manager view folders, such as alerts views and performance views, Operations Manager Network Monitoring introduces four new network dashboard views to convey data: the Network Summary, Network Node, Network Interface, and Network Vicinity dashboards.
Network Summary. The Network Summary Dashboard is the only new dashboard view that is exposed in the View folder hierarchy (in the navigation pane of the Operations Manager console). Therefore, this dashboard is often the first place you'll look for a high-level overview of the health of your monitored network devices. The other network dashboards are invoked from the Network Summary Dashboard or from the task pane of any selected Windows computer or network device.
Figure 4 shows the components in the Network Summary Dashboard. These tools help you to identify the network devices and interfaces that are slowest, are busiest, or have the most errors. Use the Network Summary Dashboard to select nodes and interfaces for further analysis, then right-click the selected object or use the task pane to pivot to the Network Node Dashboard or Network Interface Dashboard.
Figure 4: Network Summary Dashboard
Network Node. A node is any device that connects to a network. Switches and routers are among the most common kinds of nodes. The Network Node Dashboard provides details about the health of a particular device. The upper portion of the dashboard consists of the Network Vicinity view for that node, as well as "speedometer" gauges for node availability today, yesterday, in the past week, and in the past month. (Periods that were not monitored are counted as available in the availability statistics so that newly discovered devices don't appear to have had outages in the gauges.)
The lower portion of the dashboard includes a list of all monitored interfaces on the node. From this view, you can manually override Operations Manager's automatic selection of which interfaces to monitor. Also, by right-clicking specific interfaces, you can pivot to performance or reporting views that drill down into the near- or long-term history of an interface. In Figure 5, the Interface Packet Analysis report for port 4 on switch 1 during the previous week appears in a second window.
Figure 5: Interface Packet Analysis report
Network Interface. An interface, such as a port, is a physical entity with which network connections are made. By default, Operations Manager monitors only ports that are connected to other monitored Windows computers or devices. The interface dashboard is the most detailed view of a particular interface. You can use this dashboard to zero in on a specific counter for problem investigation and capacity planning.
Figure 6 shows key counters for the previous 24 hours on a particular interface. In this case, we're looking at port 1 on switch 4, the interface that was listed in the Interface with Most Receive Errors (Previous 24 hours) section at the bottom of the Network Summary Dashboard in Figure 4. In this scenario, you get more details about the interface. Specifically, you can now answer the question, "How significant are the errors on this interface?" The Send/Receive Error and Discards Percentages chart in the lower right of the figure shows just one low spike, so the answer to that question is "Probably not very serious."
Figure 6: Network Interface Dashboard
Network Vicinity. Perhaps the most compelling view in the new Operations Manager Network Monitoring feature is the Network Vicinity Dashboard. This view diagrams a node, as well as all Window agent computers and other nodes that connect to that node. You can toggle up to five hops, and you can decide whether to view connected computers. Selecting a particular connection in the diagram allows you to identify which physical switch or router ports are involved; these appear in the Instance Details area of the dashboard, as Figure 7 shows.
Figure 7: Network Vicinity Dashboard
There are some limitations in the first release of the Network Vicinity Dashboard. For one, it only works with Windows computers (not Linux computers). Second, it doesn't take into account Microsoft Hyper-V host/guest relationships. And third, it doesn't show network interface teams as teamed. Another constraint is that only members of the Operations Manager Administrators group can open the dashboards, so there is no model for extending dashboard access to users who have limited-scope roles in Operations Manager.
The Network Vicinity Dashboard, like all the network dashboards that I describe in this article, works in both the full System Center 2012 Operations Manager console and the Operations Manager web console. (Figure 7 is a screenshot of the web console.) All the rich alert notification channels in Operations Manager, such as email and SMS text messaging, are available, as is scheduled publishing (or emailing) of network utilization reports, using standard Operations Manager reporting services. You can author a granular Operations Manager distributed application that includes individual network-device elements, to realistically model your most crucial services.
Closing the Gap
System Center 2012 Operations Manager adds significant new features that will be useful to many customers. Microsoft closes a gap that has existed in the Operations Manager product and makes the System Center 2012 suite more appealing. Although not a complete replacement for conventional network-monitoring tools in all environments, these features are probably sufficient, even excellent, for most small-to-midsized environments. Large organizations can instrument key datacenter devices for valuable insight into application versus physical network layer correlations that are difficult or costly to achieve with other solutions.
Learning Path
For information about rewriting legacy network device management packs:
"Migrating Operations Manager 2007 R2 Network Monitoring"
For a list of certified network devices with Operations Manager 2012 extended monitoring capabilities:
"System Center Operations Manager 2012: Network Devices with Extended Monitoring Capability"
