In our last post, we went through the Installation and Configuration of a Linux Virtual Machine. In this part, we will configure System Center Operations Manager (SCOM) to be prepared to monitor UNIX / Linux systems. To accomplish this, we will need to setup a Resource Pool, import the appropriate Management Packs, Configure Name Resolution, and Configure/Assign RunAs Accounts. Let’s get started.
Create A Resource Pool
Log on to the Operations console with an account that is a member of the Operations Manager Administrators role.
Click Administration.
In the navigation pane, click Resource Pools.
In the Tasks pane, click Create Resource Pool.
In the Create Resource Pool wizard, on the General Properties page, enter a name and, optionally, a description for the resource pool, and then click Next.
On the Pool Membership page, click Add.
In the Member Selection window, enter text to filter the search results if desired, and then click Search. If you click Search without entering anything in the filter field, all available management servers will be displayed.
In Available items, select the servers that you want in the resource pool, click Add, and then click OK.
Click Next.
On the Summary page, review the settings and then click Create.
When the wizard completes, click Close.
Import UNIX and Linux Management Packs
The UNIX and Linux Operating Systems Management Packs enable discovering, monitoring, and managing UNIX and Linux computers with System Center Operations Manager. They provide both proactive and reactive monitoring of the UNIX and Linux operating systems.
In the SCOM Console, navigate to the Administration workspace.
Right-click on the Management Pack item in the navigation pane, and choose ‘Import Management Packs’. This will cause the Import Management Packs wizard to launch.
In the Import Management Pack wizard, click the Add button. You will be presented with 2 options, ‘Add From Catalog’ and ‘Add From Disk’. The ‘Add From Catalog’ option will enable you to search the catalog directly, however, most Production systems don’t have an Internet connection, which this option requires.
Therefore, we will demonstrate and choose the ‘Add From Disk’ option. When you select this option, you will immediately receive the following prompt. Since, in Production, your server probably will not have Internet access, we will choose ‘No’.
Now, you will see the File Explorer dialog. From here you need to navigate to the location of the Management Pack files. You can find the UNIX and Linux Management Packs on the SCOM Source Media.
In my lab example, I have the SCOM ISO mounted to my DVD Drive as D:, so the location of my Management Packs is: D:ManagementPacks
NOTE: As of this writing, there is an update available (version 7.5.1025.0) to the existing Management Packs from the source meida, which can be found here: http://www.microsoft.com/en-ca/download/details.aspx?id=29696.
The specific .MP files that you want to import will depend on what version of UNIX or Linux you want to monitor. To start, you will want to import the “Microsofot.Linux.Library.mp”. You will also want to find the appropriate Library and Version MP files for the edition of Linux you are monitoring.
In my lab example, since I am monitoring SUSE, I will also be importing the “Microsoft.Linux.SUSE.Library.mp” and “Microsoft.Linux.SUSE.11.mpb” files.
Once the Management Packs are displayed in the import list, click Install.
After the Management Packs have been imported, click Close.
NOTE: You may have to restart the following Services on the Management Server:
- System Center Data Access Service
- System Center Management Configuration
Configure Name Resolution
The SCOM Management Servers needs to be able to communicate with the Linux server. This means it needs to be able to resolve the FQDN of the Linux system, and the Linux system needs to be able to resolve the SCOM Management Server(s) FQDN.
To simplify this process in my lab, we’re going to modify the HOSTS file. On the Management Server(s), navigate to C:WindowsSystem32DriversETC and edit the HOSTS file. Note that there is no file extension on this file. The easiest way to edit the file is in Notepad.
When you have the HOSTS file open in Notepad, we need to add an entry for the Linux system so that the SCOM Management Server(s) can resolve it. Once you have added the entry, save the file.
Now from the SCOM Management Server(s), ensure that you can successfully PING the name of the Linux server.
Also from the Linux server, ensure that you can successfully PING the name of the SCOM Management Server(s).
Configure Run As Accounts and Profiles for UNIX and Linux
You must create Run As accounts for agent maintenance operations, and for health and performance monitoring. These Run As accounts must then be associated with the Run As profiles defined in the UNIX and Linux management packs, so they can access the agents on UNIX and Linux computers.
We need to create 3 accounts:
- UNIX/Linux Action Account
- UNIX/Linux Privileged Account
- UNIX/Linux Agent Maintenance Account
UNIX/Linux Action Account
In the Operations console, click Administration.
In Run As Configuration, click UNIX/Linux Accounts.
In the Tasks pane, click Create Run As Account.
On the Account Type page, choose the Monitoring Account option, then click Next.
On the General Properties page, provide a name and description for the account, then click Next. The description is optional.
On the Account Credentials page, provide account credentials that can be used for the Run As account type that you selected, then click Next.
NOTE: This account does not necessarily need to exist on the Linux system yet, and you can create it later if need be.
On the Distribution Security page, select the More Secure or Less Secure option, then click Create.
Once the wizard is complete, click Close.
UNIX/Linux Privileged Account
In the Operations console, click Administration.
In Run As Configuration, click UNIX/Linux Accounts.
In the Tasks pane, click Create Run As Account.
On the Account Type page, choose the Monitoring Account option, then click Next.
On the General Properties page, provide a name and description for the account, then click Next. The description is optional.
On the Account Credentials page, provide account credentials that can be used for the Run As account type that you selected, then click Next. Ensure that the elevation option is set to “Elevate the account using sudo for privileged access“.
NOTE: This account does not necessarily need to exist on the Linux system yet, and you can create it later if need be.
On the Distribution Security page, select the More Secure or Less Secure option, then click Create.
Once the wizard is complete, click Close.
UNIX/Linux Agent Maintenance Account
In the Operations console, click Administration.
In Run As Configuration, click UNIX/Linux Accounts.
In the Tasks pane, click Create Run As Account.
On the Account Type page, choose the Agent Maintenance Account option, then click Next.
On the General Properties page, provide a name and description for the account, then click Next. The description is optional.
On the Account Credentials page, select the “User name and password” option, and provide account credentials that can be used for the Run As account, then click Next. Ensure that the privileged access option is set to “This account does not have privileged access“.
NOTE: This account does not necessarily need to exist on the Linux system yet, and you can create it later if need be.
On the Elevation page, select the Use ‘sudo’ elevation option, then click Next.
On the Distribution Security page, select the More Secure option, then click Create.
Once the wizard is complete, click Close.
Configuring Run As Profiles for UNIX and Linux
Now that you have created the Run As accounts, you must add each Run As account to the applicable profile.
In the Operations console, click Administration.
In Run As Configuration, click Profiles.
In the list of profiles, right click and then select Properties on one of the following profiles:
- UNIX/Linux Action Account
- UNIX/Linux Privileged Account
- UNIX/Linux Agent Maintenance Account
In the Run As Profile wizard, click Next until you get to the Run As Accounts page.
On the Run As Accounts page, click Add to add a the Run As account that you created. Select the “All targeted objects” option, then click OK.
Click Save.
On the Completion screen, you may see a warning message about the More Secure accounts (if you chose this option when creating the accounts).
If you click on the Linux Action Account link, the Run As Account Properties dialog will appear. Click the Add button.
On the Computer Search screen, search for the Resource Pool, and add the Linux Resource Pool that we previously created, then click OK.
Back on the Run As Account Properties screen, click OK.
Back on the Completion screen, the Warning icon will now have changed to a green checkmark. Click Close.
Repeat these steps for each of the UNIX/Linux Run As Profiles.
Wow! That was a lot of work, but SCOM is now ready to monitor Linux. In the next part of this series, we will install the SCOM Agent on the Linux server.