Tuesday, February 27, 2018

SCOM Reporting Done Right – Join Savision’s ‘SCOM Reporting Essentials’ Webinar

The 1st of March 4 PM CET Savision organizes an online session, all about SCOM Reporting. This webinar is hosted by ‘SCOM Bob’, fellow MVP Bob Cornelissen and Savision’s Support Manager, Chris Malay.

Many tips & tricks will be shared during this webinar, so you can take your SCOM Reporting skills to the next level. Topics to be covered are:

  • Overview of the most useful types of reports for different stakeholders
  • Tips and tricks to test your reports and make sure they work all the time
  • How to avoid empty reports and other common SCOM reporting issues
  • How to automate reports and receive them via email every month

On top of it all, Savision’s FREE(!) SLA Reports Management Pack will be demonstrated.

This MP allows you to create a complete SLA overview report of all your Service Level Objectives and to analyze why SLA expectations were not met by showing a list of the most common alerts that triggered the health state change of the Service Level Objective.

In another posting I’ll write about this MP in more detail.

Friday, February 23, 2018

Free Azure Training Resources

For some time already (here and here for instance) Microsoft offers free Azure training resources. Since a few days Microsoft has updated the content of some of those offers, whereas existing  resources are extended.

Here are the related links:

  1. Azure Training and Certification
    Develop Azure skills you need for your job and career. Explore free online learning resources, hands-on labs, in-depth training, or get your expertise recognized with great deals on Azure certification.

  2. Azure Essentials
    Watch, Learn, and Try. Jump start your Azure learning. With Azure Essentials, you can: Learn Azure technologies in under an hour, access free Pluralsight courses and Hands-on Demos, track your learning progress and master the skills you need for cloud roles.

  3. Hands on labs
    Acquire the cloud skills you need, at your own pace. Enjoy hands-on learning on your schedule with our free, Self-paced Labs, and keep your cloud knowledge fresh.

Even though I am not sure whether ‘only’ these trainings will deliver enough knowledge and experience in order to pass for an Azure exam, it sure is a good starting point. Later on you can follow additional trainings, whether based on the classic model (classroom), or modern variants, offered by many Microsoft Learning Partners.

None the less, there is no excuse anymore for not understanding Azure .

Thursday, February 22, 2018

Cross Post: SCOM 1801 Upgrade Pitfall With SCOM Reporting Instance

Got this one from the blog of Robert Bird, senior Premier Field Engineer for Microsoft UK. So all credits go to him.

When updating SCOM 2012 R2/2016 to SCOM 1801 you MUST install the SCOM Console (the UI, not the Web Console!!!) on the SSRS instance (the SCOM Reporting server) FIRST.

Otherwise the upgrade of the SCOM Reporting instance will fail. And installing the SCOM Console AFTERWARDS (when the first upgrade has failed) and rerunning the upgrade won’t do.

Go here for the original webposting.

Myth Busting: Windows Defender Sucks. !!!NOT!!!

Too many times I hear from people that they don’t want to use Windows Defender. Why? ‘…Because it’s bad and/or because it sucks…’ Duh! Time to bust that myth since the reality is quite different.

Before I take a deeper dive into it, let me show you this:
Source: https://www.av-test.org/en/antivirus/home-windows/manufacturer/microsoft/

Source: https://chart.av-comparatives.org/chart1.php

As you can see, Windows Defender (version 4.12 specifically) performs very well. Moreover when you consider it’s FREE! Microsoft offers it for NOTHING, zip, nada! And still it delivers and performs! Awesome! And now let me tell you the WHY behind it all.

01 – Darwin’s Law also applies to Windows…
As AV-Test states: There are over 600 million adversaries for Windows! Yes, that’s HUGE! This could work out two ways: Either Windows as a platform ceases to be because of the overwhelming odds against it, OR it adapts, evolves and because of it, becomes stronger.

Since Windows is still around, it seems that the latter has happened! Not without any bumps, quircks and glitches. But still, when looking at ‘the latest & greatest’, Windows 10 I mean, this is true.

By cutting out the weak code, rewriting whole parts of the Windows stack and rethinking about how ‘to do stuff’ Windows has evolved BIG time.

02 – Security is a hard requirement
Microsoft can’t afford it anymore to depend on other vendors for the security of their own ecosystem. This ecosystem begins with your Windows based device and expands into the cloud.

Microsoft has stated some years ago ‘…to be all in…’. And this isn’t marketing mumbo jumbo. Even more with the new mantra ‘mobile and cloud first’, security has become paramount. Whole Microsoft’s future is in the cloud, where your Windows device is just one of the many entrypoints to those cloud based services.

As such, Azure and the entrypoints running Windows have to be safe!

03 – Security Centers, big data and machine learning
So Microsoft not only invests big time in new Azure regions (MEGA datacenters), but also in world wide coverage of security by rolling out security centers, collecting tons of data all about the latest threats. That data is crunched by their own Azure services (Machine Learning, Power BI and so on) in order to detect patterns and to predict the next probable attack vector.

This allows Microsoft to roll out definition files which contain the signatures/hashes of the latests threads. Because of it, Windows Defender grows in strenghth and usability.

04 – The circle
Because Windows Defender is FREE and many people use it on a daily basis, it has a huge install base. As such Windows Defender is the first line of defense against many virusses, worms, trojans and the lot. Much of this information is anonymized and send back to Microsoft’s security centers, allowing them to crunch that data as well.

Because of this information, the next generation of the Windows Defender antimalware client and related definition files becomes even better.

And no, don’t be afraid. Windows Defender won’t send out any other information without your explicit consent:

05 – Security begins by yourself!
But please know that security is also your OWN responsibility.You’re the starting point of it all. A good start is to run an up-to-date operating system. When it’s Windows based, go for Windows 10. Forget about the previous versions.

Endpoint Protection
This product/service is the enterprise equivalent of Windows Defender. There are two choices available, on-premise (SCEP, System Center Endpoint Protection) or the cloud based service, Microsoft Intune Endpoint Protection.

Both run the same engine and use the same definition files, providing the same level of protection as Windows Defender. On top it all, it delivers centralized management of the configuration, like the type of scans, exclusions, the responses when something is found and so on.

Gone are the days that Microsoft’s antivirus solution didn’t work properly. Instead it has grown up to a level where it competes with well known antivirus solutions from other vendors. Of course, per situation a certain solution works out better, like more advanced central management, remidiation and so on.

But still, Windows Defender delivers on what’s meant to do: protect your system(s) against all kind of threads, or as AV-Test states ‘adversaries’.

Next time I bump into someone stating Windows Defender ‘…isn’t good enough…’ I’ll send him/her the link to this posting first Smile

Monday, February 19, 2018

Project Honolulu: No SCOM/OMS Replacement

For some time now there is a preview version of Microsoft Project Honolulu available. This is a new web based platform for locally or remotely managing Windows based systems. As such it also delivers a set of tools, providing a ‘one-stop-shop’ for the admins.

Best part of it all is that there is NO Azure connection required. Instead you only install it locally on a server (Windows Server version 1709 or Windows Server 2016) in ‘Gateway Mode’. It can also be installed on Windows 10 in ‘Desktop Mode’. Good to know as well: The web application created by Project Honolulu DOESN’T work with IE! Instead use Google Chrome or Edge.

Project Honolulu supports management of Windows Server version 1709, Windows Server 2016, Windows Server 2012 R2 and Windows Server 2012.

Even though there is a lot more to tell about Project Honolulu, I won’t do that. Why? Fellow MVPs Charbel Nemnom and Thomas Maurer  already posted some very good articles about it, so there is no need to repeat it here. Just read their postings when you want to know more about it. Kudo’s to the both of them.

Is Project Honolulu the new on-premise SCOM/OMS?
Therefore I wrote this posting, in order to ask that question. Because I got some feedback out of the field, like: ‘Why use SCOM/OMS if there is Project Honolulu on the horizon?’.

A valid question which needs a good answer.

First let me start with the statement made by Microsoft itself: ‘…It is complementary to System Center and Operations Management Suite, and is not intended to replace these products and services…’.

On the same webpage is also stated what Honolulu is aimed at: ‘…Honolulu is a locally deployed, browser-based, management tool set that enables on-premises administration of Windows Servers with no Azure or cloud dependency. Honolulu gives IT Admins full control over all aspects of their Server infrastructure, and is particularly useful for management on private networks that are not connected to the Internet…’.

IMHO, the real strength of Honolulu is that it enables fast and remote management of Windows Server 2016 Core installations. Until now many organizations refrain from installing core because of the additional administrative burden it creates. However, when Project Honolulu play out as intended, those additional administrative burdens may be a thing of the past.

Honolulu + SCOM/OMS
As you can see, Honolulu isn’t meant at all as a SCOM/OMS replacement. SCOM delivers the monitoring, OMS the analytics with ‘some’ workload specific monitoring (minus Set & Forget alerting!) whereas Honolulu enables the one-stop-shop for the management of the servers running the monitored workloads.

My own Honolulu experiences
I’ve played a bit with it. Not really tested it yet. None the less, it’s impressive how easy and fast it’s installed (in the matter of minutes). In production it will take a bit more time because a real certificate is the way to go, and perhaps some high availability as well. Still, the installation can be done within a few hours, which is quite an achievement for Microsoft Smile.

The web application is pretty fast. Good responses and many possibilities. I can imagine with this tool that it becomes the general management point for on-premise Windows servers.

Also the possibility to manage specialized workloads (see screenshot below), makes the platform even more powerful:

None the less, there are some features I would like to see

  1. Central repository
    One (the Honolulu admin) could add servers as required and everyone (with the right permissions) would see them as well;
  2. RBAC
    Within Honolulu additional permissions can be set, like what servers to manage and to what level, or better what tools are to be used for a specific kind of role;
  3. Categories
    Now one can only add an ‘endless’ list of servers. Why not categorize them per application/workload and so on? Enables a smarter RBAC as well when those categories are RBAC ‘sensitive’;
  4. Auditing
    Today, auditing is a hard requirement. So every action should be enabled for logging, based on  the company’s requirements;
  5. SCOM widget, Management Pack with additional tasks
    Why not publish the Honolulu web app in the SCOM Console? And while they’re at it, add some smart SCOM tasks to launch as well when a certain issue arises.

Just test drive Project Honolulu yourself and feel free to share your own experiences.

Friday, February 9, 2018

My SCOM 2012 R2 UR#14 To SCOM 1801 Upgrade Experiences In Ten Steps

Since Microsoft allows customers to upgrade from SCOM 2012 R2 UR#14 to SCOM 1801, I decided to test drive it. Therefore I rolled out a single Windows Server 2012 R2 VM with SQL Server 2012 SP3 installed and SCOM 2012 R2 UR#14.

So this posting is all about upgrading that SCOM 2012 R2 UR#14 instance to SCOM 1801.

Before I start, please know:

  1. I am NOT responsible for the success/failure of your upgrades in any kind of way;
  2. This upgrade is based on a SINGLE VM only. In production environments your SCOM Management Group is spread among multiple servers. As such, the upgrade in real life might be a bit more challenging.
  3. Sure, the upgrade of your environment can be done, but like always: PREPARE and follow all Microsoft’s advice on this topic. There are pre-upgrade tasks to do and post upgrade tasks. Do them or loose your SCOM environment.
  4. When you want me to be responsible for the upgrade of your SCOM environments: HIRE ME! Smile

Before you start ANY upgrade, always READ, READ and READ. Same goes for the upgrade from SCOM 2012 R2 to SCOM 1801.
Image result for rtfm

Gladly Microsoft has provided a lot of good and solid information about upgrading to SCOM 1801, to be found here.

Prepare yourself by:

  • Reading everything at least ONCE without touching anything of your current SCOM environments;
  • Ascertain that you understand every step of the upgrade process. When you don’t, find it out;
  • Know about the Pre-upgrade tasks and the Post-upgrade tasks. And FOLLOW them! There is no successful upgrade possible without following these tasks;
  • Also, ascertain that your current SCOM environment meets all the requirements of SCOM 1801. I am talking about the underlying OS, the SQL server edition AND the current Update Rollup (UR) level of your current SCOM environment (SCOM 2012 R2: Apply UR#14, SCOM 2016: Apply UR#4);
  • Make valid BACKUPS of your current SCOM Management Group, that way there is way back when the upgrade goes bad on you;
  • Take your time for it. Allocate enough time for the upgrade. Don’t do in the last hours of dull afternoon for instance;
  • Follow your company’s RFC procedures (cover your ass!).

When you adhere to all of the above, there is a change the upgrade will go well Smile.

My SCOM 2012 R2 UR#14 Management Group
As stated before, it’s a single VM, with an AD DC for forest OM1801.local. The FQDN of the VM is om1801.local. It runs SQL Server 2012 SP3 ENU, x64 Standard edition.

It runs SCOM 2012 R2 UR#14:

There are no SCOM Agents rolled-out and only the Windows Server OS MP is imported. No additional configuration has been done.

The VM itself runs Windows Server 2012 R2 with the latest (security) updates applied.

As stated by the SCOM 1801 requirements, this environment (SCOM, Server OS, SQL version) is one on one upgradable to SCOM 1801:

As you can see, I must download and install Microsoft Report Viewer 2015 Runtime before I run the upgrade, otherwise the upgrade won’t be successful. And YES, the prereq for that component has to be installed before, Microsoft CLR Types for SQL Server 2014.

.NET Framework is okay as well (SCOM Console & SCOM Web Console):

And last but not least, SQL is okay as well:

01. The upgrade – Pre-upgrade Tasks
First I go through the list of pre-upgrade tasks and perform every required step. Also I install the SCOM 1801 Console prereqs (Microsoft Report Viewer 2015 Runtime and Microsoft CLR Types for SQL Server 2014)

When not sure, just perform the step as described. Better to be safe then sorry…

02. The upgrade – The upgrade itself
Since I run a single server SCOM environment, I use this procedure.

Normally in production and so on, you’ll run a SCOM environment built upon multiple SCOM servers, aka a distributed SCOM Management Group. In that case, you follow this procedure.

Before I start the upgrade, one final health check of the SCOM 2012 R2 UR#14 MG:
Yes, all is okay. Let’s start!

  1. I execute SCOM_1801_EN.exe. It unpacks all installation files to a folder of your choice;
  2. Then I execute (with elevated permissions) Setup.exe, located in previous chosen folder. Please run this with an account which has SQL SA, SCOM Admin and local admin permissions.
  3. Select the option Download the latest updates to the setup program when the server is connected to the internet. This will update the setup program. Click Install.
  4. After the setup program is updated it will be automatically restarted. Soon the installer will detect the presence of the SCOM MG, SCOM 2012 R2 UR#14 in this case. As a result it will automatically flip over to the upgrade screen:
    > Next;
  5. Accept the EULA > Next > select the installation location > Next > configure the SCOM account (Data Access) > Next. Soon the Ready to Upgrade screen will be shown:
    Check and double check! When all is okay, click Upgrade.
  6. The upgrade will run now for some time.
    Don’t panic when the Management Server has a yellow triangle with a exclamation mark in it. It tells SCOM 1801 is in eval mode > Close.
  7. Now it’s time to run the post-upgrade tasks. When done, time to test it!
  8. Start the SCOM Console and check the properties:
  9. A new feature is the GUI driven license activation. Click Activate and enter the Product Key > Continue:
    Accept the EULA > Accept:
    The product is successfully activated.
    It’s better to restart the whole server though. Now SCOM 1801 is in retail mode:
  10. Time to start the revamped SCOM FULLY(!) HTML 5 based Web Console:

Back in the days before SCOM 1801 came to be, only N-1 upgrade scenarios were supported. Meaning, N being the ‘latest and greatest’, in this case SCOM 1801 and N-1 being the previous version, SCOM 2016. However, SCOM 1801 now also supports an upgrade from SCOM 2012 R2 UR#14, being N-2.

One could say Microsoft is really friendly and takes care of it’s customers. Being true as it may, IMHO there is something else at play here.

As I already stated before, SCOM 2016 RTM didn’t feel to me as a real upgrade, more like a service pack for SCOM 2012 R2 with boiler plate replacement included. As a result, SCOM 1801 supports the upgrade from SCOM 2012 R2.

Which is quite nice. Because many times I really didn’t see the reason to upgrade to SCOM 2016 besides the obvious support statement since SCOM 2012 R2 Mainstream Support End Date is set on the 11th of July 2017.

However, with SCOM 1801, the new release cadence (I strongly advise to go for SAC: Semi-Annual Channel Release), SCOM is (temporarily) revived. And the upgrade path is acceptable.

Also SCOM 1801 brings new stuff to bear, like better performance and (finally!!!) the so long awaited and anticipated HTML 5 Web Console. No more SilverLight!!!

Still, when looking at the future and SCOM, I still think these two don’t go well together anymore, as I already stated here (read the section at the end of the posting with the header Verdict of SCOM).

None the less, SCOM 1801 looks like a REAL upgrade to me, so when you’re running SCOM 2012 R2, it’s time to apply UR#14, update your licenses and upgrade to SCOM 1801 with SAC.

SCOM 1801 Is RTM!!!

Finally OM/SCOM 1801 is RTM!!!

Go here for the documentation, here for the download (eval) and here for Microsoft’s blog posting about this new release.

What’s new?

  • Improved HTML5 dashboard experience
  • Enhanced SDK performance
  • Service Map integration
  • Updates and recommendations for third-party Management Packs
  • Linux Logfile monitoring enhancements
  • Linux Kerberos support
  • GUI support for entering SCOM License key
  • System Center Visual Studio Authoring Extension (VSAE) support for Visual Studio 2017

System Center 1801 is Microsoft’s first Semi-Annual Channel release. This way Microsoft is capable of delivering new capabilities at a faster cadence.

As a result, the attached support policy required a refresh. This has resulted in two different approaches:

  1. SAC: Semi-Annual Channel Release
    A: 18 months support policy for each new build;
    B: Consistent new updates
    C: All new features will be put into the SAC builds

  2. LTSC: Long Term Servicing Channel
    A: 5 years of Mainstream Support, followed by 5 additional years of extended support
    B: Release cadence at a much lower cadency
    C: Updates will be pushed out as Update Rollups, BUT NO FEATURES ADDED(!), fixes mostly.

As you can see, this is a significant change which makes System Center more dynamic.

Can I upgrade from SCOM 2012 R2 to SCOM 1801?
Before System Center 1801 became GA, Microsoft only supported N-1 upgrade paths. Where N is the ‘latest & greatest’, which is SCOM 1801. N-1 in this case is SCOM 2016.

BUT things have changed here as well since this official Microsoft webpage states:

So YES you can upgrade from SCOM 2012 R2 (with the latest UR applied!) to SCOM 1801!

Monday, February 5, 2018

Free Visio Stencil & Icon Sets: Made by The Community & Microsoft

For anyone working with Visio/PowerPoint and with Microsoft related technologies, there are two awesome Visio stencil & icon sets out there which are a MUST have.

  1. Community, made by Sandro Pereira (Microsoft Azure MVP)
    Read here more about this awesome (Azure and MUCH MORE!!!!) stencils pack. The same posting contains the link to Microsoft TechNet Gallery where you can download this pack for FREE(!).

  2. Microsoft Azure, Cloud and Enterprise Symbol / Icon Set
    The one made by Microsoft itself. Also FREE(!) and a MUST have. Available from Microsoft’s Download Center.

New MVA Course: Hybrid Cloud Workload Protection with Azure Security Center

Microsoft Virtual Academy (MVA) has made a new course available, titled: Hybrid Cloud Workload Protection with Azure Security Center.

This course offers an overview of Azure Security Center, including requirements, planning, onboarding, and troubleshooting.

Course overview:

  1. Getting Started with Azure Security Center
    Learn about the current threat landscape and how Azure Security Center can enhance your security posture.
  2. Workload Protection
    Learn how to onboard Azure Security Center and how to implement security policies and recommendations.
  3. Detecting and Responding to Threats
    Join us as we explore the detection capabilities and security alerts available with Azure Security Center.
  4. Incident Response
    Learn more about incident response in the hybrid cloud.
  5. Final Considerations
    Review additional resources and next steps to take.

I strongly advise this course for anyone working with Azure.

Thursday, February 1, 2018

Where Is SCOM 1801 (or SCOM 1711 RTM)?

Okay. It’s just the 1st of February, so we still have some time ‘left’. None the less, I hoped that SCOM 1801 (or SCOM 1711 RTM), successor of SCOM 2016, would become General Available in January 2018.

Already in 2017 a preview of SCOM 1711 was released, with these HUGE improvements (taken directly from this website):

  • Improved HTML console experience
    The Web console has been redesigned and is now a fully HTML-based console and no longer has a dependency on Silverlight. The monitoring tree and dashboards support the HTLM5 markup language.

  • Enhanced SDK Client performance
    We have introduced performance improvements in the Operations console that typically prevent the console from responding while a new management pack is being imported or deleted, or a configuration change to an MP is saved.

  • Updates and recommendations for third-party Management Packs
    In System Center 2016 we released the MP Updates and Recommendations feature which has been expanded now to include discovery and downloads of third-party management pack updates, based on feedback from customers.

  • Linux Kerberos support
    Operations Manager can now support Kerberos authentication wherever the WS-Management protocol is used by the management server to communicate with UNIX and Linux computers, providing greater security by no longer needing to enable basic authentication for Windows Remote Management (WinRM).

  • Service Map integration
    Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. It automatically builds a common reference map of dependencies across your servers, processes, and third-party services. Integration between Service Map and System Center Operations Manager allows you to automatically create distributed application diagrams in Operations Manager that are based on the dynamic dependency maps in Service Map.

All in all, impressive improvements. And therefore I seriously hoped to see SCOM 1801 or 1711 RTM to be released in January 2018. I do hope now that February 2018 will be the month where we’ll meet the successor of SCOM 2016.

The ‘signs’ are positive, because Microsoft’s website, all about SCOM, already contains a menu option for SCOM 1801, even though (for now?) it links to the SCOM 1711 pages:

As soon as SCOM 1801 comes out, I’ll post it on my blog. Also I’ll explore the upgrade paths and so on.

To be continued (soon I hope)….