I really enjoy a good Microsoft conference, especially the ones that showcase the newest technologies and ways other organizations use them. I attended Microsoft’s tech summit recently where they showcased some of the awesome new features available on their Azure and Office365 Cloud offering.
One of the offerings that grabbed my attention was the Operation management suite and advanced analytics. Microsoft’s tagline being “Simplified IT management for any enterprise”, this suite allows you to gain control over any hybrid cloud, such as Microsoft Azure or Amazon Web Services (AWS), Windows Server or Linux, VMware or OpenStack.
Microsoft OMS delivers:
- Simplicity: A single portal for all your management tasks. No infrastructure to maintain.
- Time to value: Onboard fast. No content to create. Connects to your on-premises
- Easy to integrate: Add new servers, or connect to your existing management tools within minutes.
- Hybrid and open: Manage workloads across Windows and Linux, hybrid and public clouds, Azure and AWS.
- Optimized for System Centre: Complements your System Centre investment to unleash new management scenarios.
OMS automation capabilities enable you to automate all those frequent, time-consuming, and error-prone cloud management tasks with precision and scale. Further, with its simple and reliable cloud integrated backup and recovery solutions, OMS can protect important applications and workloads, no matter where they reside.
I’m a big fan of Paessler’s PRTG Network Monitor so I was intrigued to see how OMS compared.
First thing first you have setup a trial account and create a workspace. Once all the boring trial creation process has been done completed you’re greeted with this welcome screen.
To make use of the services you have to go settings icon and download the application for the required OS (Windows or Linux) and install the small application on the server, around 30MB. Installation is straight forward to install you just have to provide the Workspace ID and Primary Key.
After about the 5 minutes or so, the server checks into the OMS portal and OMS starts collecting data, to get anything of use though you have to go the solution gallery, some of the keys ones I looked at were:
- Malware assessment: OMS Malware Assessment Solution helps you to Identify servers that are infected or at a risk of infection by malware
- Change Tracking: The Configuration Change Tracking Solution helps you easily identify software and Windows services changes occur in your environment.
- Security Audit: Security and Audit Solution helps you to perform forensic analysis, security breach pattern investigation, and enables audit scenarios. When auditing, you can review a specific time interval to perform an audit for a selected user and\or device.
- System Update Assessment: OMS system update assessment Solution helps to identify missing updates across all your servers whether they are running in your data centre or in a public cloud. A system that are missing security updates can become targets of intrusions in your network and data.
- Automation: Helps you to automate the creation, deployment, Monitoring and maintenance – great to be able to also deploy scripts and run books across your server estate.
After adding a few solutions and letting OMS gather data my dashboard now looks similar to this 🙂
Service map is another solution that I saw at the Microsoft event that ties into OMS. This feature requires you to install small exe, once installed it allows you to view your servers as you think of them – as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, and ports across any TCP-connected architecture with no configuration required other than installation of an agent.
After a few minutes of the application being installed, it shows you all the services and endpoint connected to that server, as seen below.
All this information can be created into a one-stop dashboard, the dashboards provide an amazing amount of data, this information can be searched, allowing you to make quick decisions. The Security and Audit Intelligence Pack helps audit your server data. You can run different queries from the search box allowing you which allows you to really cut down on the data you have. All the tiles that you add can be clicked allowing you to delve deeper and see more detailed information. Search queries can be created, as long as you know what you are searching for, to find out who has installed or removed any software during a specific time period. Perfect for detecting where Malware may have come from.
The OMS Suite also comes with a smartphone App which gives you the ability to access your management environment from anywhere.
If you haven’t used SCOM or Elastic/Graylog the search query syntax can take a while to get used to, just make sure you read through the resources link as this will provide a much better understanding of use cases, and examples on how to use the application.