Monday, February 19, 2018

Project Honolulu: No SCOM/OMS Replacement

For some time now there is a preview version of Microsoft Project Honolulu available. This is a new web based platform for locally or remotely managing Windows based systems. As such it also delivers a set of tools, providing a ‘one-stop-shop’ for the admins.

Best part of it all is that there is NO Azure connection required. Instead you only install it locally on a server (Windows Server version 1709 or Windows Server 2016) in ‘Gateway Mode’. It can also be installed on Windows 10 in ‘Desktop Mode’. Good to know as well: The web application created by Project Honolulu DOESN’T work with IE! Instead use Google Chrome or Edge.

Project Honolulu supports management of Windows Server version 1709, Windows Server 2016, Windows Server 2012 R2 and Windows Server 2012.

Even though there is a lot more to tell about Project Honolulu, I won’t do that. Why? Fellow MVPs Charbel Nemnom and Thomas Maurer  already posted some very good articles about it, so there is no need to repeat it here. Just read their postings when you want to know more about it. Kudo’s to the both of them.

Is Project Honolulu the new on-premise SCOM/OMS?
Therefore I wrote this posting, in order to ask that question. Because I got some feedback out of the field, like: ‘Why use SCOM/OMS if there is Project Honolulu on the horizon?’.

A valid question which needs a good answer.

First let me start with the statement made by Microsoft itself: ‘…It is complementary to System Center and Operations Management Suite, and is not intended to replace these products and services…’.

On the same webpage is also stated what Honolulu is aimed at: ‘…Honolulu is a locally deployed, browser-based, management tool set that enables on-premises administration of Windows Servers with no Azure or cloud dependency. Honolulu gives IT Admins full control over all aspects of their Server infrastructure, and is particularly useful for management on private networks that are not connected to the Internet…’.

IMHO, the real strength of Honolulu is that it enables fast and remote management of Windows Server 2016 Core installations. Until now many organizations refrain from installing core because of the additional administrative burden it creates. However, when Project Honolulu play out as intended, those additional administrative burdens may be a thing of the past.

Honolulu + SCOM/OMS
As you can see, Honolulu isn’t meant at all as a SCOM/OMS replacement. SCOM delivers the monitoring, OMS the analytics with ‘some’ workload specific monitoring (minus Set & Forget alerting!) whereas Honolulu enables the one-stop-shop for the management of the servers running the monitored workloads.

My own Honolulu experiences
I’ve played a bit with it. Not really tested it yet. None the less, it’s impressive how easy and fast it’s installed (in the matter of minutes). In production it will take a bit more time because a real certificate is the way to go, and perhaps some high availability as well. Still, the installation can be done within a few hours, which is quite an achievement for Microsoft Smile.

The web application is pretty fast. Good responses and many possibilities. I can imagine with this tool that it becomes the general management point for on-premise Windows servers.

Also the possibility to manage specialized workloads (see screenshot below), makes the platform even more powerful:

None the less, there are some features I would like to see

  1. Central repository
    One (the Honolulu admin) could add servers as required and everyone (with the right permissions) would see them as well;
  2. RBAC
    Within Honolulu additional permissions can be set, like what servers to manage and to what level, or better what tools are to be used for a specific kind of role;
  3. Categories
    Now one can only add an ‘endless’ list of servers. Why not categorize them per application/workload and so on? Enables a smarter RBAC as well when those categories are RBAC ‘sensitive’;
  4. Auditing
    Today, auditing is a hard requirement. So every action should be enabled for logging, based on  the company’s requirements;
  5. SCOM widget, Management Pack with additional tasks
    Why not publish the Honolulu web app in the SCOM Console? And while they’re at it, add some smart SCOM tasks to launch as well when a certain issue arises.

Just test drive Project Honolulu yourself and feel free to share your own experiences.

Friday, February 9, 2018

My SCOM 2012 R2 UR#14 To SCOM 1801 Upgrade Experiences In Ten Steps

Since Microsoft allows customers to upgrade from SCOM 2012 R2 UR#14 to SCOM 1801, I decided to test drive it. Therefore I rolled out a single Windows Server 2012 R2 VM with SQL Server 2012 SP3 installed and SCOM 2012 R2 UR#14.

So this posting is all about upgrading that SCOM 2012 R2 UR#14 instance to SCOM 1801.

Before I start, please know:

  1. I am NOT responsible for the success/failure of your upgrades in any kind of way;
  2. This upgrade is based on a SINGLE VM only. In production environments your SCOM Management Group is spread among multiple servers. As such, the upgrade in real life might be a bit more challenging.
  3. Sure, the upgrade of your environment can be done, but like always: PREPARE and follow all Microsoft’s advice on this topic. There are pre-upgrade tasks to do and post upgrade tasks. Do them or loose your SCOM environment.
  4. When you want me to be responsible for the upgrade of your SCOM environments: HIRE ME! Smile

Before you start ANY upgrade, always READ, READ and READ. Same goes for the upgrade from SCOM 2012 R2 to SCOM 1801.
Image result for rtfm

Gladly Microsoft has provided a lot of good and solid information about upgrading to SCOM 1801, to be found here.

Prepare yourself by:

  • Reading everything at least ONCE without touching anything of your current SCOM environments;
  • Ascertain that you understand every step of the upgrade process. When you don’t, find it out;
  • Know about the Pre-upgrade tasks and the Post-upgrade tasks. And FOLLOW them! There is no successful upgrade possible without following these tasks;
  • Also, ascertain that your current SCOM environment meets all the requirements of SCOM 1801. I am talking about the underlying OS, the SQL server edition AND the current Update Rollup (UR) level of your current SCOM environment (SCOM 2012 R2: Apply UR#14, SCOM 2016: Apply UR#4);
  • Make valid BACKUPS of your current SCOM Management Group, that way there is way back when the upgrade goes bad on you;
  • Take your time for it. Allocate enough time for the upgrade. Don’t do in the last hours of dull afternoon for instance;
  • Follow your company’s RFC procedures (cover your ass!).

When you adhere to all of the above, there is a change the upgrade will go well Smile.

My SCOM 2012 R2 UR#14 Management Group
As stated before, it’s a single VM, with an AD DC for forest OM1801.local. The FQDN of the VM is om1801.local. It runs SQL Server 2012 SP3 ENU, x64 Standard edition.

It runs SCOM 2012 R2 UR#14:

There are no SCOM Agents rolled-out and only the Windows Server OS MP is imported. No additional configuration has been done.

The VM itself runs Windows Server 2012 R2 with the latest (security) updates applied.

As stated by the SCOM 1801 requirements, this environment (SCOM, Server OS, SQL version) is one on one upgradable to SCOM 1801:

As you can see, I must download and install Microsoft Report Viewer 2015 Runtime before I run the upgrade, otherwise the upgrade won’t be successful. And YES, the prereq for that component has to be installed before, Microsoft CLR Types for SQL Server 2014.

.NET Framework is okay as well (SCOM Console & SCOM Web Console):

And last but not least, SQL is okay as well:

01. The upgrade – Pre-upgrade Tasks
First I go through the list of pre-upgrade tasks and perform every required step. Also I install the SCOM 1801 Console prereqs (Microsoft Report Viewer 2015 Runtime and Microsoft CLR Types for SQL Server 2014)

When not sure, just perform the step as described. Better to be safe then sorry…

02. The upgrade – The upgrade itself
Since I run a single server SCOM environment, I use this procedure.

Normally in production and so on, you’ll run a SCOM environment built upon multiple SCOM servers, aka a distributed SCOM Management Group. In that case, you follow this procedure.

Before I start the upgrade, one final health check of the SCOM 2012 R2 UR#14 MG:
Yes, all is okay. Let’s start!

  1. I execute SCOM_1801_EN.exe. It unpacks all installation files to a folder of your choice;
  2. Then I execute (with elevated permissions) Setup.exe, located in previous chosen folder. Please run this with an account which has SQL SA, SCOM Admin and local admin permissions.
  3. Select the option Download the latest updates to the setup program when the server is connected to the internet. This will update the setup program. Click Install.
  4. After the setup program is updated it will be automatically restarted. Soon the installer will detect the presence of the SCOM MG, SCOM 2012 R2 UR#14 in this case. As a result it will automatically flip over to the upgrade screen:
    > Next;
  5. Accept the EULA > Next > select the installation location > Next > configure the SCOM account (Data Access) > Next. Soon the Ready to Upgrade screen will be shown:
    Check and double check! When all is okay, click Upgrade.
  6. The upgrade will run now for some time.
    Don’t panic when the Management Server has a yellow triangle with a exclamation mark in it. It tells SCOM 1801 is in eval mode > Close.
  7. Now it’s time to run the post-upgrade tasks. When done, time to test it!
  8. Start the SCOM Console and check the properties:
  9. A new feature is the GUI driven license activation. Click Activate and enter the Product Key > Continue:
    Accept the EULA > Accept:
    The product is successfully activated.
    It’s better to restart the whole server though. Now SCOM 1801 is in retail mode:
  10. Time to start the revamped SCOM FULLY(!) HTML 5 based Web Console:

Back in the days before SCOM 1801 came to be, only N-1 upgrade scenarios were supported. Meaning, N being the ‘latest and greatest’, in this case SCOM 1801 and N-1 being the previous version, SCOM 2016. However, SCOM 1801 now also supports an upgrade from SCOM 2012 R2 UR#14, being N-2.

One could say Microsoft is really friendly and takes care of it’s customers. Being true as it may, IMHO there is something else at play here.

As I already stated before, SCOM 2016 RTM didn’t feel to me as a real upgrade, more like a service pack for SCOM 2012 R2 with boiler plate replacement included. As a result, SCOM 1801 supports the upgrade from SCOM 2012 R2.

Which is quite nice. Because many times I really didn’t see the reason to upgrade to SCOM 2016 besides the obvious support statement since SCOM 2012 R2 Mainstream Support End Date is set on the 11th of July 2017.

However, with SCOM 1801, the new release cadence (I strongly advise to go for SAC: Semi-Annual Channel Release), SCOM is (temporarily) revived. And the upgrade path is acceptable.

Also SCOM 1801 brings new stuff to bear, like better performance and (finally!!!) the so long awaited and anticipated HTML 5 Web Console. No more SilverLight!!!

Still, when looking at the future and SCOM, I still think these two don’t go well together anymore, as I already stated here (read the section at the end of the posting with the header Verdict of SCOM).

None the less, SCOM 1801 looks like a REAL upgrade to me, so when you’re running SCOM 2012 R2, it’s time to apply UR#14, update your licenses and upgrade to SCOM 1801 with SAC.

SCOM 1801 Is RTM!!!

Finally OM/SCOM 1801 is RTM!!!

Go here for the documentation, here for the download (eval) and here for Microsoft’s blog posting about this new release.

What’s new?

  • Improved HTML5 dashboard experience
  • Enhanced SDK performance
  • Service Map integration
  • Updates and recommendations for third-party Management Packs
  • Linux Logfile monitoring enhancements
  • Linux Kerberos support
  • GUI support for entering SCOM License key
  • System Center Visual Studio Authoring Extension (VSAE) support for Visual Studio 2017

System Center 1801 is Microsoft’s first Semi-Annual Channel release. This way Microsoft is capable of delivering new capabilities at a faster cadence.

As a result, the attached support policy required a refresh. This has resulted in two different approaches:

  1. SAC: Semi-Annual Channel Release
    A: 18 months support policy for each new build;
    B: Consistent new updates
    C: All new features will be put into the SAC builds

  2. LTSC: Long Term Servicing Channel
    A: 5 years of Mainstream Support, followed by 5 additional years of extended support
    B: Release cadence at a much lower cadency
    C: Updates will be pushed out as Update Rollups, BUT NO FEATURES ADDED(!), fixes mostly.

As you can see, this is a significant change which makes System Center more dynamic.

Can I upgrade from SCOM 2012 R2 to SCOM 1801?
Before System Center 1801 became GA, Microsoft only supported N-1 upgrade paths. Where N is the ‘latest & greatest’, which is SCOM 1801. N-1 in this case is SCOM 2016.

BUT things have changed here as well since this official Microsoft webpage states:

So YES you can upgrade from SCOM 2012 R2 (with the latest UR applied!) to SCOM 1801!

Monday, February 5, 2018

Free Visio Stencil & Icon Sets: Made by The Community & Microsoft

For anyone working with Visio/PowerPoint and with Microsoft related technologies, there are two awesome Visio stencil & icon sets out there which are a MUST have.

  1. Community, made by Sandro Pereira (Microsoft Azure MVP)
    Read here more about this awesome (Azure and MUCH MORE!!!!) stencils pack. The same posting contains the link to Microsoft TechNet Gallery where you can download this pack for FREE(!).

  2. Microsoft Azure, Cloud and Enterprise Symbol / Icon Set
    The one made by Microsoft itself. Also FREE(!) and a MUST have. Available from Microsoft’s Download Center.

New MVA Course: Hybrid Cloud Workload Protection with Azure Security Center

Microsoft Virtual Academy (MVA) has made a new course available, titled: Hybrid Cloud Workload Protection with Azure Security Center.

This course offers an overview of Azure Security Center, including requirements, planning, onboarding, and troubleshooting.

Course overview:

  1. Getting Started with Azure Security Center
    Learn about the current threat landscape and how Azure Security Center can enhance your security posture.
  2. Workload Protection
    Learn how to onboard Azure Security Center and how to implement security policies and recommendations.
  3. Detecting and Responding to Threats
    Join us as we explore the detection capabilities and security alerts available with Azure Security Center.
  4. Incident Response
    Learn more about incident response in the hybrid cloud.
  5. Final Considerations
    Review additional resources and next steps to take.

I strongly advise this course for anyone working with Azure.

Thursday, February 1, 2018

Where Is SCOM 1801 (or SCOM 1711 RTM)?

Okay. It’s just the 1st of February, so we still have some time ‘left’. None the less, I hoped that SCOM 1801 (or SCOM 1711 RTM), successor of SCOM 2016, would become General Available in January 2018.

Already in 2017 a preview of SCOM 1711 was released, with these HUGE improvements (taken directly from this website):

  • Improved HTML console experience
    The Web console has been redesigned and is now a fully HTML-based console and no longer has a dependency on Silverlight. The monitoring tree and dashboards support the HTLM5 markup language.

  • Enhanced SDK Client performance
    We have introduced performance improvements in the Operations console that typically prevent the console from responding while a new management pack is being imported or deleted, or a configuration change to an MP is saved.

  • Updates and recommendations for third-party Management Packs
    In System Center 2016 we released the MP Updates and Recommendations feature which has been expanded now to include discovery and downloads of third-party management pack updates, based on feedback from customers.

  • Linux Kerberos support
    Operations Manager can now support Kerberos authentication wherever the WS-Management protocol is used by the management server to communicate with UNIX and Linux computers, providing greater security by no longer needing to enable basic authentication for Windows Remote Management (WinRM).

  • Service Map integration
    Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. It automatically builds a common reference map of dependencies across your servers, processes, and third-party services. Integration between Service Map and System Center Operations Manager allows you to automatically create distributed application diagrams in Operations Manager that are based on the dynamic dependency maps in Service Map.

All in all, impressive improvements. And therefore I seriously hoped to see SCOM 1801 or 1711 RTM to be released in January 2018. I do hope now that February 2018 will be the month where we’ll meet the successor of SCOM 2016.

The ‘signs’ are positive, because Microsoft’s website, all about SCOM, already contains a menu option for SCOM 1801, even though (for now?) it links to the SCOM 1711 pages:

As soon as SCOM 1801 comes out, I’ll post it on my blog. Also I’ll explore the upgrade paths and so on.

To be continued (soon I hope)….