Tuesday 12 April 2016

OMS and Solution Data Flow

Since the beginning Operations Management Suite (OMS) and System Center Operations Manager (SCOM) have been able to work in conjunction, by that I mean you could have SCOM and it's agents reporting data up via the management group into OMS for analytics.

In fact, way back at the very start before it was OMS, that was the only method, but I digress.

We also have direct connected agents for those environments where SCOM isn't present, but OMS can still add great value giving the flexibility for customers who don't want/require the overhead of managing SCOM.

In the early days, if you were doing a Hybrid SCOM/OMS deployment, all was fine, just allow your designated SCOM Management Servers to access the OMS service on the Internet and watch the data flow.

However, as some of the new solutions started to emerge, the data volumes and frequencies meant that going via the SCOM Management Servers wasn't always practical, so certain solutions bypassed the management servers and attempted to upload their data directly to the OMS service.

Not all environments allow direct internet access so thankfully we got the ability to specify a proxy server for the agent, and recently we saw Microsoft introduce the concept of the OMS Log Analytics Forwarder.

So how do you know or decide when/where to use the OMS Forwarder, Proxy or just let the SCOM Management Group (MG) handle things?

Well, there is a nice table on the following TechNet documentation article that halfway down shows you the various solutions, whether they can upload via a SCOM MG or require direct upload (which can be done via proxy/forwarder).

https://technet.microsoft.com/en-us/library/mt674635.aspx

Because I found the layout of the table a little "meh" and as I'm  much more of a visual person, I decided to try and map the data out in Visio, more for my quick reference than anything.

N.B. I've only focused on the Windows based agents here, Linux is basically direct agent based only.

OMS Solution Data Flow
Basically, everything agent based bar Alerts, Capacity and Configuration Assessment can be done via direct OMS agent and therefore either direct to OMS, via proxy or via a forwarder.

A gateway is great for areas of your network which may not have internet connectivity (air gapped etc) or maybe you just want to streamline your connections to one device and out rather than multiple servers hitting your proxy server.

The other thing to note is the AD Replication and Wire Data solutions, along with IIS, Windows Security and Windows Firewall log collection don't go anywhere near a SCOM environment. So even if you are using your SCOM environment in a hybrid deployment with OMS, take note that you still need to handle the data upload for these solutions as you would if they were direct attached agents.

I've also included an embedded Excel version of the table that allows you to quickly filter the data to see what the requirements are.