OMS Improvements

OMS Improvements

So, as most of you are probably aware, Microsoft Ignite 2016 was held in Atlanta last week.

As is often the case there were several announcements, some expected (Like Server 2016 being available in mid Oct) and some completely out of the blue from the point of view of those of us without insider knowledge (I need to shout MSFT people drinks more often to get the gossip).

One that came as a pleasant surprise to me was the changes to OMS, The Microsoft Operations Management Suite, the “cloud” platform that is slowly looking like SSRS and SCOM had made a baby on SCCM’s couch, so we don’t know who the parents really are.

Anyway, this is the latest and greatest monitoring platform for Azure and it seems like every other week we’re getting new and exciting features added to GA or coming soon.

Now I say this came as a surprise, because I wouldn’t have spent the greater part of a day researching System Center licensing models for Cloud if I had known this was coming. So, what is this change?

A new Licensing Model, hold the applause, I know it doesn’t sound very exciting, however the new licensing model, instead of being based on data retention and size (although that still comes into the equation) It is based on the feature sets or offering you wish to adopt. You will notice that you can no longer change to the old standard or premium OMS plans, but you can  stay on them if you switched before the update. Once you move; you will have to choose from a combination of the solution options below or their individual components. Although, the solutions don’t directly map to these pricing options, I’ll follow that up with someone at Microsoft later this week.

Insight and Analytics: The heart of OMS, Log Analytics, everything you need to be able to use this tool at its most basic functional level, giving you fantasic, quick, queryable logs on nearly everything, as well as custom logging, including the New Data Collector API, check out the amazing Tao Yang’s post on it here. Also, coming soon this will include, Network Monitor & Wire data, I’ll give you 2.5 guesses on what these do. They are great for testing connectivity between specific points of your network or cloud solutions, so you will know, before anyone else does, that there is something wrong with that link to the CIO’s home office, and won’t that make you look great?! Other than that, and probably more importantly, you would utilise this for monitoring links that never sleep (or play golf). Soon to come is also (the one I’m waiting for), Application Dependency Monitor, working heavily in monitoring roles in the past I’ve seen a lot of vendors offer this dependency monitoring ability; with a massive amount of work and tuning required to get anything valuable out of it, and as soon as you take a holiday for a few weeks, it’s so out of date and full of noise you will question it’s worth. I’m taking the optimistic view on this one, being that OMS has offered a lot in a short amount of time and I know some of the best MVPs in the field have been working with MSFT to deliver quality, it should be a great addition.

Automation and Control: Do you get a little exciting shiver every time you read those words too? This includes the new Change tracking solution, which is great for audit and ITIL compliance, as well as those times when you get the old line “I didn’t change anything it, just stopped working”, now instead of spending hours trawling through logs to prove what you already know, you get an “Executive View” and easy to read reporting on exactly what changed and who did it. Cowboys be damned! Also, you will get the tasty new Update Management solution, if you were already using this solution, next time you go to visit it, you will be given the option to upgrade (not the licensing just the solution). This now give you the ability to schedule updates via the OMS agent. I know from experience that enforcing via group policy was always hit and miss, and using deadlines was often too brutal so you had to find a nice balance in between (My 1600 line custom WSUS script) if you didn’t use SCCM which to be honest can be very daunting to the unfamiliar and only slightly less so for seasoned veterans. One of the great features is; you can can schedule updates for the second Tuesday of every month, if you are so brave, instead of the old day of week shcedule we used to have. This solution will utilise WSUS for the source of information and as such allows you to maintain approval controls. It can even detect your computer groups and use these to set schedules against. I’ve already put it in place in my labs and I’ll give more info on that later. Now we just need something to keep Java and Adobe up to date too.

Security and Compliance: Now, where as we got the nice shiver from the last two words, these two often leave us with the opposite feeling, but it is a necessary evil and becoming more so with every advancement in technology (necessary not evil). This option; gives us the Anti-malware Assessment Solution, (a subject I will cover in an automation topic soon) for monitoring and reporting on the compliance of our MS based Anti-malware. There is currently no support for third-party AV solutions, so if you aren’t using SCEP or the anti-malware IaaS extension; this may not be for you. However; I do use this solution in my lab and have set it up for clients as a two-pronged approach to combating the infectious nature of online threats. One prong being the MS solution on all the Windows servers and the other prong being a different, third-party solution on the end points (e.g. Trend Micro or Kaspersky). This means anything touching a server will usually have had to get through two products undetected to infect you (seeing as good admins don’t work directly on servers desktops anymore). You also get Security and Audit, now if anyone has used this before, you will know that it will increase your data consumption in OMS massively, there has been an outcry from the community to introduce some sort of overrides that can be pushed to the clients to stop all of the useless security events being uploaded, and from talks I’ve had with some of the MSFT people, they are looking into it. Besides that fact this will make your security team love OMS, (or hate it depending on how they view storage account encryption) this will correlate all your security events as well as give you a fantastic view of threat intelligence, which can let you know if any unsavoury IP out in the wild is touching your network. If anything; this solution will make it look like you are making an effort to appease your friends wearing foil hats sitting in the security operations team.

Protection and Recovery: Now, there is an old saying, “If you don’t back it up, you don’t care if you lose it” and I can tell you one thing, your servers don’t lose sleep over it, only you will. So with that in mind, this option gives us Backup for the backup of all of your IaaS, now I haven’t used this one, because I went to ARM as soon as I could and took everything I knew with me, and I have never looked back, unfortunately this one still uses ASM much like Azure Directory Services, I’m sure they will move to ARM very soon, so for now I use Recovery Services Vaults but lack the integrated monitoring that I desire, so I have had to customise. This also includes Azure Site Recovery, site recovery gives you the ability to create copies of your on premises VMs and physical servers in Azure for the purposes of Disaster recovery, and here I was having a whole other building in another city. This in fact, is great for a tertiary copy, especially when everything seems to be active/active across your data centres and the days of traditional DR have been replaced with two buildings load balancing your business operations instead, so now you get some return on the physical real estate. This leaves you with a question, where is my cold standby and what happens if something kills both active instances? Well that’s where Azure Site recovery can come in and give you a “Copy in the Cloud”. From all accounts with those that have used this, it is a fair bit of work to get going; but fantastic in once it’s done, and MSFT support is always willing to help.

So after that long-winded run-down of the new “solutions” you have probably forgotten that I got very excited, and I mentioned wasting my time researching about System Centre licensing for cloud, and I don’t blame you, I can waffle on a bit. Well, the bit I loved most is that now you can bundle these into a per VM cost that includes the System Centre suite licenses. Yes, that’s great because now we can use SCOM or SCCM for our IaaS VMs without having to worry about how many cores or what processors sit underneath them, or if they need to be data centre licenses etc. It’s made simple, so that we can get on with operating and have a clearer idea of the cost.

Now it’s not totally clear on how that is billed, e.g per minute or how you would treat a POC VM that only lived for 40 days and 40 nights. I’ll get in touch with MSFT reps this week and find out a bit more on that detail. From past experience though, if you add the cost of the System Centre Suite and an Enterprise monitoring solution with all those pretty reports already made for you, as well as a functional patch management solution, you’re actually getting good bang for your buck here.

So now that I’ve gone over the new licensing model a bit and the solution options, I guess I had better get to work actually getting some technical content on this site. I’ll delve a bit further into the update scheduling solution in the coming weeks, but I just wanted to get this out there in case any of you were in the same boat, and still unsure on how to license OMS.

See you around.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s