Windows Server 2008 R2 Unleashed (166 page)
Read Windows Server 2008 R2 Unleashed Online
Authors: Noel Morimoto
Integrating System Center Operations Manager 2007 R2 with
Windows Server 2008 R2
1. Launch the Operations Manager 2007 R2 console.
2. Select the Reporting space.
3. Select the Microsoft Generic Report Library node.
4. Right-click the Alert Logging Latency report and select Open.
5. In the From field, select Advanced.
6. Change the Offset to minus and the number of days to 7. Click the green check
mark (OK) to save the selections. The From field will show “Today -7 day(s)”.
7. Change both the From and the To times to 12:00 AM.
8. Click the Add Group button.
9. In the Group Name field, enter agent and click the Search button.
10. Select the Agent Managed Computer Group, the Agentless Managed Computer Group,
and the Microsoft.SystemCenter.AgentWatchersGroup and click the Add button.
11. Click OK to save the selections.
12. Click Run and confirm that the report looks good.
13. Select File, Schedule.
14. In the Description, enter Alert Logging Latency Report.
15. In the Delivery Method field, select Email.
ptg
16. In the To field, enter the SMTP address of the recipient.
17. In the Subject field, replace @ReportName with Alert Logging Latency Report.
18. Click Next.
19. Change the schedule to Weekly and ensure that only Mon is checked.
20. Change the time to be the time that the report should be generated on a daily basis,
for example 6:00 a.m. Click Next.
21. Because the report was generated and all the parameters were selected initially, no
parameters need to be changed. This method ensures that the email report will
match expectations.
22. Click Finish to save the scheduled report.
The Alert Logging Latency report will now generate on a weekly basis and be emailed to
the recipients. The report has two pages with lots of statistical analysis of the alert latency.
It is one of the more complicated reports in the OpsMgr library of reports.
Finally, the SQL Database Space report is based on the databases. This report does not have
any objects selected by default, so the Operations Manager database objects will need to
be selected. To schedule the SQL Database Space report, run the following steps:
1. Launch the Operations Manager 2007 R2 console.
2. Select the Reporting space.
3. Select the SQL Server 2008 (Monitoring) node.
4. Right-click the SQL Database Space report and select Open.
Using Operations Manager 2007 R2
845
5. In the From field, select Advanced.
6. Change the Offset to minus and the number of days to 7. Click the green check
mark (OK) to save the selections. The From field will show “Today -7 day(s)”.
7. Change both the From and the To times to 12:00 AM.
8. Click the Add Object button.
NOTE
When the Add Object window appears, note that there is a caution triangle with the text
23
“Filter Options Have Been Applied.” The objects returned will only be those that match
the report criteria, in the case of SQL database objects. This is new to Operations
Manager 2007 R2. Before this, all object classes would be returned and it was difficult
to ensure that the correct objects were included in the report. Many times, reports
would be returned without any data at all due to the incorrect objects being selected.
This is a huge improvement in OpsMgr 2007 R2.
9. In the Object Name field, enter Operations and click the Search button.
10. Select all the OperationsManager databases and click the Add button.
ptg
11. Click OK to save the selections.
12. Click Run and confirm that the report looks good.
13. Select File, Schedule.
14. In the Description, enter Operations Manager Database Space Report.
15. In the Delivery Method field, select Email.
16. In the To field, enter the SMTP address of the recipient.
17. In the Subject field, replace @ReportName with Operations Manager Database
Space Report.
18. Click Next.
19. Change the schedule to Weekly and ensure that only Mon is checked.
20. Change the time to be the time that the report should be generated on a daily basis,
for example 6:00 a.m. Click Next.
21. Because the report was generated and all the parameters were selected initially, no
parameters need to be changed. This method ensures that the email report will
match expectations.
22. Click Finish to save the scheduled report.
The SQL Database Space report will be delivered every week on Monday at 6:00 a.m.
These three reports help ensure that the Operations Manager 2007 R2 infrastructure is
healthy and performing well.
846
CHAPTER 23
Integrating System Center Operations Manager 2007 R2 with
Windows Server 2008 R2
System Center Operations Manager 2007 is key to managing Windows Server 2008 R2. It
can also be used in Windows 2003/2008 or mixed environments to provide for automated
monitoring of all vital operating system, application, and network functionality. This type
of functionality is instrumental in reducing downtime and getting the most out of a
Windows Server 2008 R2 investment. In a nutshell, OpsMgr is an effective way to gain
proactive, rather than reactive, control over the entire environment.
The following are best practices from this chapter:
. Deploy System Center Operations Manager 2007 R2 for monitoring Windows
Server 2008 R2.
. Install the Windows Operating System, Active Directory, DNS, IIS, and Windows
Server 2008 R2 management packs into OpsMgr to monitor network systems and
applications that Windows Server 2008 R2 depends on.
ptg
. Deploy Operations Manager components on Windows 64-bit and SQL 64-bit for
optimal performance.
. Create override management packs for each application management pack, such as
the Windows Server 2008 R2 management pack. Don’t use the Default
Management Pack.
. Take future expansion and relevance of hardware into account when sizing servers
for OpsMgr deployment.
. Keep the installation of OpsMgr on a separate server or set of separate dedicated
member servers that do not run any other separate applications.
. Use SQL Server Reporting Services to produce custom reports using OpsMgr’s report-
ing feature.
. Start with a single management group and add on additional management groups
only if they are absolutely necessary.
. Use a dedicated service account for OpsMgr.
. Allocate adequate space for the databases depending on the length of time needed to
store events and the number of managed systems.
. Monitor the size of the OpsMgr database to ensure that it does not increase beyond
the bounds of acceptable size.
. Leverage the reporting database to store and report on data over a long period.
Best Practices
847
. Modify the grooming interval to aggressively address environmental requirements.
. When tuning, err on the side of fewer alerts. If nothing will be done about an alert,
make sure it doesn’t send a notification email.
. When tuning, use the Most Common Alerts report to see which alerts are the most
valuable targets for tuning.
. Configure OpsMgr to monitor itself.
23
ptg
This page intentionally left blank
ptg
IN THIS CHAPTER
Server-to-Client Remote
. VPN in Windows Server
2008 R2
Access and DirectAccess
. Authentication Options to an
RRAS System
. VPN Protocols
. DirectAccess in Windows
Server 2008 R2
As the Internet grows year after year, so does the need to
. Choosing Between Traditional
work productively away from the office. Companies are
VPN Technologies and
always looking for alternative cost-effective methods of
DirectAccess
connecting their remote and mobile users without sacrific-
. Traditional VPN Scenario
ing performance or security. Although Windows Server
2008 offered Routing and Remote Access Service (RRAS) in
. DirectAccess Scenario
the form of virtual private network (VPN) or dial-up
. Connection Manager
services, Windows Server 2008 R2 adds DirectAccess as an
alternative method of remote connectivity.
ptg
As the Internet has evolved and become ubiquitous, the
vast majority of users have high-speed Internet connections
at home, while on the road at hotels, and even while
sipping a latte in a coffee shop. The Internet to which they
are connecting is full of hackers, worms, and viruses, from
which the connections need to be protected. These users
use remote access in the form of tunnels (shown in Figure
24.1) that connect from their workstation in the coffee
shop through the dangerous Internet to the corporate
resources. This chapter discusses the traditional VPN
components of server-to-client remote and mobile access.
This chapter also discusses the new DirectAccess, which
makes this process even simpler for the remote worker,
allowing application-level access without requiring a tradi-
tional VPN.
A huge problem is ensuring that the resources that are
connecting to the internal network are healthy and will not
infect internal resources. When the remote and mobile
clients are connected to the internal network, they have
direct network connectivity to internal resources, such as
the database server, file servers, and directory server.
This can present a huge risk if not managed and mitigated
850
CHAPTER 24
Server-to-Client Remote Access and DirectAccess
properly. Windows Server 2003 offered some features, but they were difficult to use.
Windows Server 2008 provided a vastly improved access control mechanism for validating
and controlling access to sensitive network resources via the Network Policy Server (NPS).
Network Policy Server introduced key features to detect unhealthy systems, control what
internal resources they can access, and even remediate the problems on the remote clients.
Windows Server 2008 R2 extends NPS functionality with templates for NPS configuration,
SQL logging for RADIUS, and support for non-English languages.
Web
Virus
Hacker
Corporate
Internet
Network
Tunnel
Database
Mobile
Mail
Worm
User
Protected Tunnel
Through the
Dangerous
Internet
FIGURE 24.1
Connecting securely over the Internet.
ptg
DirectAccess, a new feature introduced in Windows Server 2008 R2, seamlessly connects
users to the corporate network anywhere they have Internet access. DirectAccess loads as
the system boots, extending access into the “office.” Remote systems are treated just as if
they are on the local network and can be managed in a similar manner with the added
quarantine and remediation functionality of the NPS system.
This chapter focuses on client-to-server connectivity in Windows Server 2008 R2, rather
than server-to-server security or site-to-site connectivity. Please refer to Chapter 14,
“Transport-Level Security,” for a detailed discussion on the server-to-server and site-to-site
connectivity features of Windows Server 2008 R2.
A virtual private network (VPN) is the extension of a private network that encompasses
links across shared or public networks like the Internet. A VPN allows data to be sent
between two computers across the Internet in a manner that emulates a point-to-point
private link. With a virtual private network, illustrated in Figure 24.2, a private link is
created between the client and the VPN server by encrypting the data for confidentiality;
data packets that are intercepted while traveling through the Internet are unreadable
without the proper encryption keys.
VPN technology provides corporations with a scalable and low-cost solution for remote
access to corporate resources, such as database, file, and directory servers. VPN connec-
tions allow remote users to securely connect to their corporate networks across the
VPN in Windows Server 2008 R2
851
Internet
Telecommuter
24
VPN
Server
Mobile Worker
Internal Network
Database
File
Directory
Server
Server
Server
FIGURE 24.2
Virtual private networking across the Internet.
ptg
Internet. Remote users would access resources as if they were physically connected to the
corporate local area network (LAN).
NOTE
Later in the chapter, a new technology introduced with Windows Server 2008 R2
called DirectAccess is discussed. Microsoft has positioned DirectAccess as being dif-
ferent from a traditional VPN. This positioning is based mainly on the automated
nature of DirectAccess, rather than on technical or architectural differences.
DirectAccess is technically a VPN, but we’ll focus on key differences from traditional
VPNs later in this chapter.
