Tuesday, August 25, 2009

Sealed MPs vs. Unsealed MPs

Many times I do get questions out of the field about sealed MPs vs. unsealed MPs, like:
  1. Why are there sealed MPs anyway?
    It has to do with protecting intellectual property as well with assuring that the MP isn’t wrecked so it becomes a tidal wave in the monitored environment instead of the monitoring solution what it is intended to be. For instance, the native Exchange 2007 MP contains much knowledge of the Exchange team. They don’t want to put it out on the streets like that. Besides, when certain discoveries, rules or monitors are changed in the wrong way, this MP can cause real havoc in an Exchange environment. Think about all these synthetic transactions gone loose. You don’t want that. Therefore, a MP like that is sealed in order to keep it sharp and tidy. Only a certain set of discoveries, rules and monitors are allowed to be changed so the integrity of this MP is guaranteed.

  2. When I create an override I have to put into an unsealed MP. Why not use the MP where this override is meant for?
    All MPs delivered by Microsoft (and third party vendors as well for that matter) are sealed. And sealed also means locked. So nothing new gets in. However, even Microsoft can not foresee how one’s environment is exactly configured. Software isn’t like those T-Fords where one could get every color as long it was black. So Microsoft has to develop MPs which are based on average and leave room for adjustments so it can be shaped to the environment where it is being used. These adjustments are called Overrides and have to be put into a MP as well. Since a sealed MP is locked, an unsealed MP has to be used. 

  3. Why create a new unsealed MP while there is one already there, the Default MP?
    Here I say: RTFM (Read The Friendly Manual). Every guide of a MP contains a section explaining why NOT to use the default MP. Many OpsMgr specialists have written articles about it, so I won’t repeat it here. Just check out these postings from Kevin Holman and Graham Davies for instance.  

  4. How do I use unsealed MPs?
    Besides as the location to store overrides for unsealed MPs, it can also be used as a totally new MP built to monitor and/or report on objects for which other MPs aren’t available or too costly. (But designing, building, testing and putting a total new MP into production is a costly process as well, besides errors are easily made but can cause real damage like wrong scripts and so on. So be sure to know what you are doing)

  5. Is there a way to seal an unsealed MP and if so, why should I do so?
    Yes, one can seal a unsealed MP. However, sealing an unsealed MP only containing overrides is not to be advised. Sealing is only used for MPs which really monitor and/or report on certain objects/services. There are multiple sources on the internet to be found telling exactly how to go about it. Check out these postings from Microsoft TechNet and MVP David Allen. Reasons to do so will be the same as stated in Answer 1: protecting the intellectual property and assuring the integrity of the MP.

  6. What does the error ‘Unsealed Management Packs cannot be added as references. Please specify a valid Sealed management pack reference’ mean?
    An unsealed MP cannot be referenced by any other MP. Example: When one creates a new folder in the Monitoring Pane and this new folder must contain a custom made group which is put into an unsealed MP as well, both items (Folder and Group) must reside in the same unsealed MP. Otherwise this error will pop-up:
    Another way to solve it is to seal the MP containing the group. However, when sealing that MP, the group will only accept new members when this group is dynamically populated.

  7. Where is my created group gone? (It is not showed in the list of available groups when targeting an override for a self-made monitor/rule.)
    Hmm. Take a look at answer 6. Suppose one creates a group and put it into unsealed MP ‘Group’. Now an override has to made for a self-made monitor/rule contained within another unsealed MP and is targeted at a group. This override will be stored automatically into the same unsealed MP where that rule/monitor resides. When the group resides in another unsealed MP, the list showing the available groups will not show the group which is created earlier simply because ‘…an unsealed MP cannot be referenced by any other MP…’. So the only two possible solutions are putting that group in to the same MP as where the monitor/rule resides, or to seal the MP containing the group.

No comments: