Thursday, March 4, 2010

CEIP, ODR and the lot. What are they and why should I use them? Part III: AEM explained, its origin

Postings in the same series:
Part  I: ODR explained
Part II: CEIP explained 
Part IV: AEM explained, how to configure it

In the second last posting of this series I will talk about AEM, or better Agentless Exception Monitoring and its history.

First of all, lets answer the question: ‘What is AEM?’ This is how Microsoft (SCOM R2 Help file) describes it: ‘AEM enables you to monitor operating systems for crashes and applications for errors and crashes.

The word ‘Agentless’ plays an important role here. It means that the AEM process works without the need to install a SCOM (R2) Agent on a client. So no need to roll out SCOM (R2) Agents organization wide in order to use AEM. The needed settings are applied by the usage of a GPO.

But AEM is not a totally new product nor concept. It is around for many years now, but it started a bit different. So first a little bit about how AEM came to be. In the last posting of this series I will describe how to set it up.

Back to the old days: Dr. Watson, Watson, CER and SER 
Most of us will certainly remember the days when Windows NT Server was mainstream and future editions were just rumors. In those days Microsoft included a simple debugger in Windows NT, known as Dr. Watson, the side-kick of Sherlock Holmes. Whenever a program didn’t respond, the user could start this program which would create a snapshot of the computer state and dump it into a file.

The same program was also to be found on W95, 98 and ME computers.

When Windows 2000 Server was released, it contained an updated version of this program. The name was also revamped which became just Watson. Somewhere along the way the program had lost its privileged status… Besides creating crash dumps of  user applications going sour, it also created crash dumps when an infamous BSOD (blue screen) occurred.

First versions of Watson put the dump files on the local hard drive. So every system became an island of crash dumps on itself. Very hard for centralized management. Of course one could send this file to the internal IT department or to Microsoft but it was a manual process. When products like Office XP/2003, Visio 2002 and Visual Studio .NET came to be, these programs included a more advanced version of Watson, aka the Error Reporting Client. When the user gave his/her permissions, the crash information was automatically forwarded to Microsoft.

Somewhere around the year 2000, (2002/2003), CER (Corporate Error Reporting) came to be. With it Watson crash information became centrally available for administrators as well. The first version of CER was part of the Office XP Resource Kit and solely targeted at Office XP.

With version 1.1 it became Windows XP aware. It still needed the Office XP Resource Kit though. Later versions of CER were stand-alone versions and much like AEM today. CER 2.0 for instance, contained a file share where all errors were centrally collected, a Console – so the administrators could see what kind of errors came in and sync it with Microsoft –, a GPO template in order to deploy the CER settings and also a method which enabled Microsoft to report the solutions (in url format) back to the administrators.

But does that mean that Watson is gone on Vista and W7? No way. It is still present on Vista and W7 systems. But now the name is WER (Windows Error Reporting).

So… CER is the predecessor of AEM. AEM contains all of CER and more. AEM integrates with WER, thus enabling a centralized overview of the application and client crashes, combined with possible resolutions.

Is it free? 
As I have been told, it is not free anymore. One needs to purchase SCOM (R2) for it or licenses for MDOP.

Phew! There is much more to it, but I run a blog on SCOM and not on Watson/CER/SER. It is possible that I have made some mistakes here, so feel free to correct me.

The last posting in this series will be about how to set up AEM.


Tom Martin said...

Hello Marnix,

Thanks for the article series. One question, if we have scom agents installed on all our Windows 7 machines and we have the Windows client management pack install is there anything AEM can give us that the management pack is not capable of reporting on?


Marnix Wolf said...

Hi Tom.

Thanks for visiting my blog. The big difference between AEM and client specific monitoring is that AEM generates more generic information whereas client monitoring shows more an indepth view of the monitored systems which goes beyond app/OS failures.

Also - as far as I know - the Client MP does not report specifically on application problems which AEM does.

So the client MP gives a more indepth view of the client itself where not all app crashes are covered and AEM delivers a insight about how the apps and OS's are doing, organization wide.

So when an app goes sour it is much more likely that AEM will catch it, then the client MP will.

Hope this answer helps.