BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Microsoft System Center Operations Manager (SCOM) is a component in the Microsoft System Center suite of enterprise management software. SCOM deploys, configures, manages and monitors the operations, services, devices and applications of many systems within an enterprise through a single management console.
How SCOM works
Every enterprise relies on its underlying services and applications for everyday business and user productivity. SCOM is a monitoring and reporting tool that checks the status of various objects defined within the environment, such as server hardware, system services, operating systems (OSes), hypervisors and applications. Administrators set up and configure the objects. SCOM then checks the relative health -- such as packet loss and latency issues -- of each object and alerts administrators to potential problems. Additionally, SCOM offers possible root causes or corrective action to assist troubleshooting procedures.
SCOM uses traffic light color coding for object health states. Green is healthy, yellow is a warning and red is a critical issue. (Gray can denote an item is under maintenance or SCOM cannot connect to the object.) Administrators set a threshold for each object's health states to determine if SCOM should issue an alert. For example, the admin can set a disk drive as green/healthy with more than 70% capacity remaining, yellow/warning with 70% to 80% capacity filled and red/critical with more than 80% of storage capacity filled. The admin can adjust these levels when needed.
A basic SCOM installation includes several components. A management server handles the essential administration and connection to databases. The operational database provides an SQL database for current reporting. The data warehouse database holds SQL data collected over long-term reporting. A reporting server queries the databases and produces detailed reports delivered to administrators. The IT department can install these components on one server or across several servers for scalability.
SCOM management packs and agents
SCOM uses agents installed on each system to check performance and collect data retrieved by the management server. Application-specific management packs, which provide prefabricated rules for data collection and reporting to particular applications, augment these reports.
Management packs allow SCOM to manage and monitor applications outside of the tool's direct control. Since monitoring and management can be too complex to handle manually, the use of management packs automates and orchestrates the auditing process.
Microsoft provides a number of management packs from its TechNet site to monitor a wide assortment of OSes, applications, tools and services. For example, administrators can download Microsoft management packs for applications such as SQL Server 2016 and Microsoft Azure SQL Database.
Third parties also provide SCOM management packs. For example, the Veeam Management Pack for System Center monitors and assists with the management of Hyper-V, vSphere and the Veeam Backup & Replication product.
For certain computers that cannot have an agent installed for various reasons, SCOM allows agentless monitoring for these machines through a proxy agent that runs on another system.
Version history of SCOM
Microsoft Operations Manager
SCOM's roots came from a network management system named SeNTry ELM from a company named Serverware Group plc. Mission Critical Software acquired the rights to SeNTry ELM in 1998, adapted it and changed the name to OnePoint Operations Manager. Mission Critical Software merged with NetIQ and sold the rights to OnePoint Operations Manager in 2000.
Microsoft renamed the product to Microsoft Operations Manager (MOM) and released it in 2001.
MOM worked in concert with two other Microsoft programs: Systems Management Server (SMS) 2.0 and Application Center 2000. MOM simplified the management of servers and applications. It contained the same basic features as SCOM 2016, but with less scope due to the limited number of management packs.
MOM 2005 SP1: Microsoft released MOM 2005 Service Pack 1 in 2005 with several enhancements, including mutual authentication, agent proxy capabilities, a secure communications channel and secure credential storage. Microsoft introduced several new features, such as an action account, tasks and a reporting database that stored data and generated reports to the reporting console.
SCOM 2007: In 2007, Microsoft renamed MOM to System Center Operations Manager (SCOM). The company added the command shell to this update that connected to Windows PowerShell. This feature -- and the addition of about 80 cmdlets related to SCOM -- allowed administrators to develop scripts for task automation.
SCOM 2012: In 2012, Microsoft released System Center 2012 and introduced high availability, application performance monitoring, dashboards, network device monitoring and Java application monitoring to SCOM. Microsoft improved the installation process with a prerequisite checker in the installation wizard. Microsoft added integration packs to enable SCOM to interact with System Center Orchestrator 2012.
SCOM 2012 R2: Microsoft released System Center 2012 R2 in 2013, which included improved fabric monitoring for private clouds and integration with development tools for application troubleshooting. Additional changes included an improved monitoring agent and support for IPv6, integration with the System Center Advisor service and upgraded Unix and Linux monitoring.
SCOM 2016: Microsoft released System Center 2016 in October 2016 with more advanced cross-platform infrastructure and workload monitoring. Microsoft further integrated SCOM with the rest of System Center and extended its tool set to provide a more consistent monitoring system.
Additional changes in SCOM 2016
Microsoft adjusted SCOM 2016 to have less dependency on physical networking infrastructure. For example, administrators can deploy SCOM updates through rolling cluster upgrades to update multiple servers simultaneously without downtime.
Microsoft also tightened the connection between SCOM and its Azure-based Operations Management Suite tool to let SCOM move information to OMS for further analytical capabilities.
Microsoft upgraded its management packs so they can be fine-tuned using alert data. Management packs can now disable alert types so users can choose which alerts require their attention. Existing management packs will offer alerts for upgrades.
Microsoft released a management pack to monitor advanced features in Windows Server 2016, such as host guardian service to avoid downtime for shielded virtual machines (VMs).
SCOM 2016 limitations
Microsoft provides recommended limits to SCOM 2016 monitoring, such as 100,000 agentless computers per management group.
Agent-managed and Unix/Linux limitations depend on the number of open consoles. SCOM 2016 monitors up to 6,000 nodes with 50 open consoles or 15,000 nodes with 25 open consoles. SCOM 2016 monitors the performance of about 700 applications. SCOM 2016 monitors 3,000 computers with agents per management server.
There are a number of management and monitoring tools available to the enterprise, such as:
- Nagios is an open source server monitoring program similar to SCOM. Both programs have agent- and agentless-based monitoring with Windows and Linux support. Nagios rivals SCOM in quality, adaptability and customization. Nagios has an active user community that shares plug-ins for the platform. Nagios does not offer graphing of live programs unless an add-on is installed, has less complex live reports and lacks a web console.
- Zabbix is another open source monitoring platform that includes high capacity performance, automatic network discovery and support for multiple OSes. Zabbix supports agent-, agentless- and web-based monitoring with Simple Network Management Protocol (SNMP) and Intelligent Platform Management Interface (IPMI) agents. While versatile, Zabbix has a relatively steep learning curve and lacks in-depth documentation, which can hinder adoption.
- SolarWinds Server & Application Monitor supports Windows and Linux. It can monitor up to 12,000 applications, servers and databases. It also checks the status of Microsoft applications in Azure. Monitoring of some applications, such as SQL Server, can be lacking. Also, each monitored node requires a license, which can be a substantial cost for large deployments.
- PRTG supports Windows, Linux, Unix and macOS systems. PRTG offers similar features to SCOM by detecting health issues and issuing alerts. Unlike SCOM, setting priorities for notifications can be more difficult to manage.