OMS and Cherwell ITSM Integration

Microsoft recently released public preview of OMS and ITSM integration. Here is the link for that announcement:

https://blogs.technet.microsoft.com/msoms/2017/05/11/it-service-management-connector-public-preview

Microsoft has built an ITSM connector in OMS. This new ITSM connector can connect to many ITSM solutions out there. The ITSM solutions it can connect to are:

  • System Center Service Manager (SCSM)
  • Cherwell
  • ServiceNow
  • Provance

This new ITSM connector is bi-directional meaning work items can flow from the ITSM solution into OMS and OMS can create work items in the ITSM solution such as incidents, alerts, and events. Hopefully in the future OMS could be used to populate a CMDB and even create application maps from OMS’s Service Map.

I wanted to give this a test run with a test Cherwell instance that I have. There is official documentation for the integrations. The documentation is good however after setting this up I did find that there could be a few more steps spelled out as well as screenshots with the Cherwell piece.

Needed settings from Cherwell:

Before you set the connection in OMS go and get the information you will need. So you will need a username and password of an account that has access to Cherwell, the Cherwell URL, and a Cherwell Client ID.

If you don’t know your Cherwell URL you can get this from the Cherwell client console. Launch Cherwell.

Before you login you can edit the connection to see the URL as shown in the screenshot. You will want to copy this to use in the OMS ITSM connector setup.

Note that you do not want to copy the entire URL. Only copy to the .com like https://test.demo.cherwell.com.

Next we need to generate the Client ID. The Client ID is basically a generated string called the client key used for connecting to Cherwell’s API. To get this client ID Launch the Cherwell Administrator console.

Login and click on Security and then Edit REST API client settings.

A window will pop up and you will need to click on the green plus to create a new one. Give it a name and copy out the Client Key.

Copy this as you will need it later.

Setup in OMS:

Next log into OMS and add the ITSM Connector preview. It is shown in the screenshot below.

After this has been added go to your OMS settings screen click on Connected Sources>ITSM Connector and then click on Add New Connection.

Select Cherwell for the connection type add in your Cherwell settings and save it. If everything worked your OMS is now connected to Cherwell.

Exploring the ITSM Connector:

Next let’s check things out in OMS. Before I did that I first went and created a new incident so I could see this flow over into OMS. So I created the following over in Cherwell:

After doing that I went back into OMS and kicked off a sync because I did not want to wait.

The connector picked up my new incident right away. You can see the dashboard ITSM tile has 2 incidents.

After clicking into this I am brought to the full ITSM dashboard. I then clicked on the Incident tile.

I was then brought to the incident dashboard and I could see the new incident I created.

I clicked on the new incident and it brought me to the OMS search with the details of the incident. Very cool!

I am excited to see cool stuff like this in OMS and integration with many ITSM tools. Look out for more blog posts in the future about ITSM Integration in OMS as well as in Azure Stack.

Read more

Backup Strategy should include Security

Planning for protection as a part of an IT Service Continuity plan often takes into consideration backup of applications and data as well as restore. But what about security?

When planning for protection of applications and data in your environment security should right up there in the forefront. “Backup Security” should be a key part of the plan.

Security in the context of backup can be thought of #1 as securing the backups, and #2 backups being used as an added measure for security breach mitigation. Let me break this down further.

In regards to securing backups you want to do things like encrypt backup data as it travels offsite, encrypting backup data at rest, being able to protect encrypted data, requiring security pins or further authentication of admins and more.

In regards to backup as an added measure for security backup becomes a direct part of Security planning in organizations. Sometimes when security measures fail backups are the only thing that can save you as a last resort. Backups are commonly becoming a way to recover from ransomware attacks as an alternative to paying the hackers. Here is a real world example.

Recently an unnamed hosting providers entire data center became hostage to a ransomware attack. This hacker got in due to a mistake of one of the system admins (more on how to protect at this level later) and basically had full domain admin rights to everything. Keep in mind majority of the servers in this scenario are for customers.

In this case the hosting provider had two choices. Option #1 go to the dark web via a tor network and pay a ton of money in bitcoin for the decryption key. Option #2 Restore everything from offsite backups and pray.

This hosting provider went for option #2 and thank goodness it worked. In this case if it weren’t for a solid offsite backup solution this hosting provider would have been up a creek without a paddle.

It is becoming more common that ransomeware will actually target backups because these are a high target and hackers understand this is a last resort for companies to save themselves. If the backups are deleted there is no other choice but to pay the ransom. This raises the security level of the backups. Administrative actions on backups need an extra layer of security.

Microsoft Business Continuity products help with not only protection but also security. These products consist of System Centers Data Protection Manager (DPM) and Operations Management Suites Azure Backup (AB) and Azure Site Recovery (ASR). In this post I am only going to touch on DPM and AB.

Some exciting things have been happening with Azure Backup and Data Protection Manager to ensure security is front and center as a part of your enterprise backup solution. Microsoft’s goal with the backup security is to provide prevention, alerting, and recovery.

More about this including a video can be found here:
https://azure.microsoft.com/en-us/blog/azure-backup-security-feature

Just yesterday DPM update rollup 12 for 2012 and update rollup 2 for 2016 was announced. Along with UR2 comes some enhanced security features for DPM. These will be called out later in this blog post. Microsoft has rolled out some great security features to both across hybrid clouds. I will go ahead and break these down.

– Azure Backup –

Encrypted backup data at rest
Described in DPM section.

Security PIN
With Azure Backup you can require a security pin for sensitive operations such as removing protection, deleting data, or changing other settings in Azure Backup itself such as changing a Passphrase.

Azure Backup also has some other security measures in place like a minimum retention range to ensure a certain amount of backup data is always available and notifications upon critical operations to subscription admins or others as specified.

NOTE: These security features are now also available in DPM with the UR’s (UR 12 for 2012 and UR2 for 2016) announced yesterday. When an administrator changes the passphrase, or delete backup data, you need to enter the PIN if you have Enhanced Security Enabled. Also, there is a minimum retention range of 14 days for cloud protected data that is deleted.

MFA
MFA is Multi-Factor Authentication. Microsoft has MFA available as a part of Azure Active Directory. Within Azure Backup you can configure it to require MFA of admins when performing critical operations. By enabling MFA you would then ensure via authentication from a second device usually physical to the user that they are who they say they are.

NOTE: When you enable security settings they cannot be disabled.

Ransomware attacks
Described in DPM section.

– Data Protection Manager –

Backup data encrypted during offsite transfer
When data is sent from DPM to Azure Backup it is encrypted before it even leaves your four walls. Data is encrypted on the on-premises server/client/SCDPM machine using AES256 and the data is sent over a secure HTTPS link.

Encrypted backup data at rest
Once backup data is on Azure it is encrypted at rest. Microsoft does not decrypt the backup data at any point. The customer is the only one with the encryption key that can decrypt the backup data. If this key is lost not even Microsoft can decrypt your backup data. This is very secure.

Protection and recovery of encrypted computers
The release of Hyper-V on Windows Server 2016 included a new feature known as Shielded virtual machines (VM’s). This feature essentially utilizes Virtual Trusted Platform Module (vTPM) technology and BitLocker to encrypt a VM to encrypt virtual machines at the virtual layer. This means if a VM is physically copied off a Hyper-V host whoever has the VM will not be able to get to the data on the virtual hard drive.

With the release of DPM 2016 it supports protecting Shielded VM’s. DPM can protect Shielded VM’s regardless if they are VHD or VHDX. This is great news because as a secure organization you should want to encrypt your virtual machines and DPM can protect them. This gives you an added layer of security on top of having backups.

Ransomware attacks
In today’s world ransomware attacks are a common thing. These type of attacks are targeted at small, medium, and large enterprise businesses. No company is too small or too big to be put in the crosshairs of ransomware attacks. A well-known attack is Cryptolocker.

As mentioned before in this blog post backups are an alternative to paying the ransom of a ransomware attack. They key here is to ensure you have a solid offsite backup in place such as Azure Backup. Having that offsite backup will ensure you can get your data back even if the ransomware attack get ahold of your onsite backup data.

I even go as far as to recommend sticking to the 3-2-1 rule (3 copies of backup data 2 offsite and 1 onsite). This way if something happens to one of your offsite copies of data you have another one. It may seem overkill to have 2 offsite copies but you would be surprised how often offsite backup data is accidently destroyed.

So there you have it. Security is a critical part of any backup solution. It is clear that Microsoft realizes this based on the security enhancements they have made to both Azure Backup and Data Protection Manager 2016. Their goal is to ensure both backup solutions are enterprise ready. I have been working with DPM for years and Azure Backup as soon as it came out. I know the team behind these products have a lot of new features and functionality planned for the future of these products and I am looking forward to it.

Read more

Monitor Azure Stack Fabric with OMS

I wanted to monitor my Azure Stack environment with OMS. This would include only the Azure Stack fabric servers and the host. I did not want to manually install the OMS agent on all of these servers especially since the Azure Stack fabric is a set of known servers. So I decided to put together a quick PowerShell script to handle the install of the OMS agents including the workspace ID and key. Here are details for the script:

<#

.SYNOPSIS
This script can be used to install OMS agents on all of the Azure Stack Fabric servers. This has been tested with TP2.

.DESCRIPTION
This script can be used to install OMS agents on all of the Azure Stack Fabric servers. This has been tested with TP2. This script can be run from PowerShell ISE or a PowerShell console. It is recommended to run this from an elevated window. This script should be run from the Azure Stack host. Ensure you are logged onto the Azure Stack host as azurestack\azurestackadmin. This script allows you to input your OMS workspace ID and key. The Azure Stack Fabric servers that this script will attempt to install on is:

“MAS-Con01”,

“MAS-WAS01”,

“MAS-Xrp01”,

“MAS-SUS01”,

“MAS-ACS01”,

“MAS-CA01”,

“MAS-ADFS01”,

“MAS-ASql01”,

“MAS-Gwy01”,

“MAS-SLB01”,

“MAS-NC01”,

“MAS-BGPNAT01”

Fabric servers can be added or removed from the array list if desired. The script will look for the OMS agent (MMASetup-AMD64.exe) in C:\OMS\ on the Azure Stack host. Ensure you create an OMS folder on your Azure Stack host and download the OMS agent to it. This script also copies the OMS agent to C:\Windows\Temp on each Fabric server. Ensure there is enough free space on the C drive on all of your fabric servers.

.PARAMETER OMSWorkSpaceID
This is Guid ID for your OMS workspace, it can be found in the OMS portal at: https://mms.microsoft.com >> Overview >> Settings >> Connected Sources >> Windows Servers

.PARAMETER OMSKey
This is the OMS API key for your OMS workspace. You can use the primary or secondary key. These keys can be found in the OMS portal at:
https://mms.microsoft.com >> Overview >> Settings >> Connected Sources >> Windows Servers

.INPUTS
None

.OUTPUTS
None

.NOTES
Script Name: AzureStackFabrickOMSAgentInstall.ps1
Version: 1.0
Author: Cloud and Data Center Management MVP – Steve Buchanan
Website: www.buchatech.com
Creation Date: 1-1-2017
Purpose/Change: Install OMS agents on Azure Stack Fabric servers.
Updates: None

.EXAMPLE
.\AzureStackFabricOMSAgentInstall.ps1 -OMSWorkSpaceID “20d4dd92-53cf-41ff-99b0-7acb6c84beedsr” -OMSKey “aazedscsjwh52834u510350423tjjwgogh9w34thg2ui==”
#>

The script can be downloaded here:
https://gallery.technet.microsoft.com/Azure-Stack-Fabric-OMS-3dac666c

To kick off the script run from PowerShell ISE or a PowerShell console. If you run from ISE you will be prompted for the workspace ID and the key. If you run from a PowerShell console run this syntax to kick it off:

.\AzureStackFabricOMSAgentInstall.ps1 -OMSWorkSpaceID “YOURWORKSPACEID” -OMSKey “YOUROMSKEY”

The script will kick off, building an array of the Azure Stack VM’s, looping through each of them to copy over the OMS agent, and then install the OMS agent setting the OMS workspace ID and key.

The script will detect if an OMS agent is already installed and will skip that server as shown in the following screenshot.

Otherwise the script will install the OMS agent as shown in the following screenshot.

The following screenshot shows the script running in a PowerShell console vs ISE.

You will be prompted when running the script for credentials. Use Azurestack\azurestackadmin as shown in the following screenshot.

After the OMS agent is installed you should be able to log onto any of the Azure Stack VM’s and see the OMS agent in control panel as shown in the following screenshots.


You can also log onto OMS and see your Azure Stack servers listed under connected computers.

Azure Stack fabric servers wire data:

My Azure Stack host in OMS Service Map:

Happy Stacking and OMS’ing!

Read more

OMS: Service Map overview

Recently the Operations Management Suite (OMS) team at Microsoft announced the private preview of Service Map in OMS formally known as Application Dependency Map. Service Map has been a long awaited feature in OMS. Service Map is a feature that is a part of OMS that discovers and maps Windows & Linux app and system dependencies. Service Map displays these dependencies in application maps within OMS. Service Map did not start with OMS. It actually started as a standalone product named Fact Finder and later was integrated with SCOM. The integration of FactFinder with SCOM allowed Bluestripe to automatically create Distributed Applications in SCOM. Well Microsoft acquired BlueStripe and the rest is history.

In this post I will set out to explore and break down Service Map, how it is installed, info about the agent, how it works, key points about it, how the data flows and more. NOTE: Click on any of the images in this post to display larger in a new window. Also this post is my first effort in taking one of my PowerPoint’s and converting into a post! The following graphic describes some of the benefits of having application maps including in your monitoring solutions along with information about FactFinder:

oms-servicemap-overview-1

Now let’s take a look at what Service Map does and how it looks.

oms-servicemap-overview-2

Now let’s take a look at one of the Service Maps aka Application Maps in OMS. Notice on the left hand side the breakdown of the interface. In Service Map there is a focus machine in the center. There are front end and back end connections into that focus machine. These are the dependencies flowing in and out of the focus machine giving the mappings. Notice on the left-hand side you can control the time controls and select either a Windows or Linux machine from the list. Finally, on the left-hand side are the details of the current selection. The current selection can be a machine or process.

oms-servicemap-overview-3

Also notice that SM integrates with Change Tracking, Alerts, Performance, Security, and updates. What this means is that when you have a focus machine selected you can click on the corresponding solution on the right hand. When you click on the solution i.e. updates or security the update or security dashboard widget will be shown and you can drill down from there for further detail.

oms-servicemap-overview-4

oms-servicemap-overview-5

A common question that comes up when discussion Service Map is how does it work. The following graphic displays the process from the solution add to the actual mapping within OMS.

oms-servicemap-overview-6

Other key information about Service Map is detailed in the following graphics.

oms-servicemap-overview-7

The next graphic looks at deploying the SM agent and locations for logs. The process is as simple as downloading and installing the agent from OMS.

Here is some more critical information you need to know about the SM agent.

oms-servicemap-overview-9

This next graphic details how Service Map dependency data flows into OMS.

oms-servicemap-overview-10

At this current time Service Map supported Operating Systems at this time are:

Windows Linux
  • Windows 10
  • Windows 8.1
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2 SP1
  • Oracle Enterprise Linux 5.8-5.11, 6.0-6.7, 7.0-7.1
  • Red Hat Enterprise Linux 5.8-5.11, 6.0-6.7, 7.0-7.2
  • CentOS Linux (Centos Plus kernel is not supported)
  • SUSE Linux Enterprise Server 10SP4, 11-11SP4

Service Map’s computer and process inventory data is available for search in OMS Log Analytics. This is very cool as the log analytics and searching capability in OMS is powerful and most important very FAST. Having application components, service dependencies, and supporting infrastructure configuration data at your fingertips through the log analytics gives you a powerful troubleshooting and forensics tool. I am sure over time the query capabilities will be expanded to include even more.

 oms-servicemap-overview-11  oms-servicemap-overview-12
Type=ServiceMapComputer_CL Type=ServiceMapProcess_CL

A few Service Map Log Analytic query examples:

List the physical memory capacity of all managed computers:

Type=ServiceMapComputer_CL | select TotalPhysicalMemory_d, ComputerName_s | Dedup ComputerName_s

List computer name, DNS, IP, and OS version:

Type=ServiceMapComputer_CL | select ComputerName_s, OperatingSystemVersion_s, DnsNames_s, IPv4s_s | dedup ComputerName_s

List Process Map by process name:

Type=ServiceMapProcess_CL (ProductName_s=TeamViewer)

Thanks for reading and I hope you enjoyed this post on OM’s Service Map. Now go out and add the public preview right away.

Read more

2 Sessions at MMS 2015

I am late posting this but better late than not at all. Next week I will be presenting at MMS 2015 on November 9th and 11th. In this post I will break down what each session is about. This is the second year of the community powered MMS event. The Midwest Management Summit is a 3-day conference purposely capped to just 500 attendees so that nobody gets lost in the crowd. Almost 60 Microsoft MVP’s will be presenting on System Center, cloud, PowerShell topics and more.

Areas the speakers will be presenting on are Operations Management Suite (OMS), Enterprise Mobility Suite (EMS), Operations Manager, Configuration Manager, Orchestrator, Service Management Automation, Azure Automation, Service Manager, Data Protection Manager, Azure Backup, Azure Pack, Azure Stack, Hyper-V, Nano server, PowerShell, Desired State Configuration and more. I am lucky to be co-presenting with two awesome System Center experts Natascia Heil @NatasciaHeil and Chiyo Odika @mrchiyo. The first session I will be presenting is:

-Real world automation with Service Manager and Azure Automation-

Here is what to expect from this session:

Automation is not only requesting and building virtual machines through Service Manager and Orchestrator. Automation can do much more and Service Manager can be combined with Microsoft’s other automation tools such as SMA, Azure Automation, and DSC. This session will teach you how to identify areas of automation in your company. It will cover automation fits in the ITIL story. It will also show some real life automation examples utilizing Microsoft newest automation tool (Azure Automation) and Service Manager.

We have two demo’s planned for this session. The first demo will show how to use Service Manager and Azure Automation. The second demo will show automating patch management using SCCM, Orchestrator, and Service Manager’s change management.

clip_image001

Link to this session:

http://mms2015.sched.org/event/bc3ffcd6aaaaef9a5e765493a0e6527f?iframe=no#.VjsTBeJcxps

The second session I will be presenting is:

-OMS Strategies and Notes from the Field-

Here is what to expect from this session:

OMS is a comprehensive web-based cloud IT Management solution with monitoring, automation and other features and solutions that will provide you with greater control and new capabilities across your hybrid cloud.

In this session, you will learn about strategies for getting the most out of OMS, best-practices, and learn from our extensive experiences in the field, deploying, configuring, and troubleshooting OMS.

clip_image002

Link to this session:

http://mms2015.sched.org/event/a4fb2e8bd31e7cab0de55695f9ec48a1#.VjsTCOJcxps

For more information on MMS 2015 and a full list of speakers and sessions visit:

http://mmsmoa.com/

Read more

Unpacking The Operations Management Suite Android App

A while back there was a suggestion on Azure Operational Insights (Before renamed to Operations Management Suite) User Voice for an Android APP. You can see that here: http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6686744-android-mobile-app . This would allow us to access our OMS data from our Android mobile device! It is no secret I am an Android user so I was excited for this. On the User Voice thread Microsoft commented that we could expect an app in the fall of 2015. Well on October 15th one of my colleagues Rob Plank tweeted that there the OMS Android app was available in the Android market (https://twitter.com/rob_plank/status/654706738222907392). They kept their word and now we have an Android App for OMS! In this post we are going to take a tour of the new OMS Android App.

On your phone you can search Google Play for Microsoft OMS or click this link Operations Management Suite to find the app. Go ahead and install it.

clip_image001

Once installed you will find it with your other apps.

clip_image002

You can also place a shortcut to it on one of your main screens.

clip_image003

The first time you launch it you will need to either sign in or sign up.

clip_image004

Here is a screenshot of the sign in screen.

clip_image005

After you are logged in you need to select your workspace. You can see that I have 3 workspaces. Yes only a true geek would have multiple workspaces in OMS. LOL

clip_image006

After selecting your workspace you will have a similar look and feel to the web based version of OMS. You will also notice 3 main areas Dashboard, Overview, and Search. The first one you will land on is Dashboard. To access the other 3 main areas just scroll to the right. NOTE: I did not see a way to add solutions to OMS from the mobile app. You will need to do this from the web application itself.

The Dashboard view is equal to My Dashboard in the full OMS web application. So whatever you added to your My Dashboard is what you will see here.

 

Android OMS App Full OMS Web Application
clip_image007 clip_image008
clip_image009

Now if we go the Overview area this is the same view as we have on the full OMS web application. Overview has the solutions that you have added to your OMS. To see them all just scroll down.

Android OMS App Full OMS Web Application
clip_image010 clip_image011

You will notice the Searches view also matches what is in “Log Search” in the full OMS web application.

clip_image012

Read more

Operations Management Suite in SCSM Console

Today I was playing around with Service Manager and decided to add a view for Operations Management Suite in the Service Manager Console. I have placed it in a management pack for use in other Service Manager environments. I have uploaded the management pack to TechNet Gallery. Once you load the management pack an Operations Management Suite folder will show up within Work Items.

image

NOTE: The first time you open Operations Management Suite inside of Service Manager you will see compatibility mode warning just click on continue.

clip_image001

Here are some screenshots:

clip_image002

clip_image003

clip_image004

Download the management pack here:

https://gallery.technet.microsoft.com/Operations-Management-10f68429

Read more

System Center Futures 2016 and Beyond

UPDATE 9-4-2015:

***There is an upcoming FREE event covering the Future of System Center. This will be held on Sep 25, 2015 at the Microsoft MTC in Minnesota (http://www.microsoft.com/en-us/mtc/locations/minneapolis.aspx). This is a must attend event for any company running System Center. For more info on this event visit: http://bit.ly/1JIHS48***

Last week I was able to attend the first ever Microsoft Ignite conference in Chicago. There was a lot of exciting news announced at this conference around the many Microsoft products and technologies. Everything was covered from SharePoint, Exchange, Unified Communications, Office, Windows server, Windows 10, all things Azure and more. This post is focused for any System Center professional that was unable to attend the MS Ignite 2015 conference but what’s to know what’s up with System Center. If you had any concern about System Center going away or just want to know about the future of System Center in general this post is for you.

During conference there were many sessions related to the various System Center components however there were a couple of critical sessions that covered the future of System Center. These are the Platform Vision & Strategy sessions. These are titled:

Windows Server & System Center Futures—Bring Azure to your Datacenter (Platform Vision & Strategy)

And

Platform Vision & Strategy (6 of 7): What’s New in System Center for Management

These sessions are important because they featured System Centers top guy Jeremy Winter and he talked about future direction of the management solutions. In this post I will sum up key information from each of these sessions.

NOTE: This post is my perspective on the Platform Vision & Strategy sessions from Ignite and do not represent the opinions of Microsoft.

Traditionally System Center has been a complete management stack for IT Operations. This is not going to change but will continue to get better. The stack consists of: Managing endpoints (PC’s/Mobile device/servers) – *SCCM/Intune* | Monitor – *SCOM* | Automation – *Orchestrator (SMA)* | Provision – *VMM* | Service Management – *SCSM* | Protection – *Data Protection Manager* | Self-service – *Azure Pack* also represented in the following screenshot from one of the session slides.

clip_image001[4]

So we are now in the year 2015 and have not had a new major version of the entire stack since 2012. However since the release of System Center 2012 we have seen a steady progression of enhancement to the stack. We have seen it move from SP1 to R2 and now updates and new features through update rollups.

These update rollups have been released on a faster cadence at a speed we have not seen from Microsoft before. In fact we have recently seen a round of new features in update rollup 6 and more announced at Ignite. Below is a list of key features that stuck out to me along with slides from one of the Platform Vision & Strategy sessions giving insight into where the System Center components are headed next.

Read more