Auditing the Microsoft Private Cloud with ACS Autopilot - Part 2

  • Article

Deploy OM agents: Part 2 of 3 posts in a “mini-series” describing how to automatically audit private cloud enterprises.

Before one can enable ACS forwarders (manually or with the autopilot MP), the OM agent must first be deployed and the agents homed to the management group. Given the scenario described in part 1, CONTOSO leverages System Center 2012 – Configuration Manager for deploying software to Windows servers across its private cloud and diverse enterprise. This approach is especially effective when considering bandwidth and latency challenges across its WAN links. In contrast, the OM “console push” approach is dependent on SMB protocol which doesn’t work as well for this network topology scenario –where the objective is automation and a guiding principle is KISS. So we turn to leveraging a single, good-old-fashioned, software distribution package via CM 2012. The wrapper script also includes auto-remediation tasks to run once a day in order to help keep the OM agent baseline healthy.

Credits and Props

Before rolling with the show, I need to give credit to where credit is due… This battle-tested package wouldn’t be possible without the following two stellar Microsoft colleagues:

  • Chris Harrod – Took the idea, made it real, and ran with it.
  • Eric Hopson – Took over the responsibility to maintain the wrapper script and has scripted in new auto-remediation capabilities.

This OM agent package has been battle tested in a variety of large enterprise scenarios. For example, it is rumored that Xbox LIVE is running a derivative of this package to monitor their comprehensive infrastructure. Pretty cool!

Overview

This installation routine has been designed to be executed from within a CM 2012 (or CM 2007) package. The associated programs are advertised and assigned to target Windows servers and run every day since the script also includes auto-remediation routines. The installation supports a variety of enterprise scenarios:

  • Base OM 2012 release plus and Update Rollup (This installation routine provides OM 2012 RTM plus Update Rollup 2 as an example.)
  • Multiple management servers in a management group and load balancing the installs
  • Dual-homed agents
  • Migrating agents from one management group to another one

Preparation

To prepare the package, download and extract the attached zip file to create the following directory structure:

 

The following scripts should be staged in the root of the package directory:

  • INSTALL-SCOM2012Agent.vbs – Performs the installation and auto-remediation routines. It’s written in VBScript to address “lowest common denominator” situations where PowerShell is unfortunately not an option.
  • SetupOMAgent.cmd – Only required if deploying the agent package via Configuration Manager 2007 which is a 32-bit application. This additional wrapper script detects and bypasses Windows on Windows 64-bit (WOW64) file system redirection. (This script is not required for deployments via Configuration Manager 2012 since it is a 64-bit application.)

The following files should be staged in the subdirectories:

  • AD Helper Objects
    • Copy HELPEROBJECTS\AMD64\OOMADS.MSI from the OM 2012 installation source media into the x64 subdirectory.
    • Copy HELPEROBJECTS\I386\OOMADS.MSI from the OM 2012 installation source media into the x86 subdirectory.
  • OM 2012 agent
    • Copy all files in the AGENT\AMD64 directory on the OM 2012 installation source media into the x64 subdirectory.
    • Copy all files in the AGENT\I386 directory on the OM 2012 installation source media into the x86 subdirectory.
  • Update rollup
    • Download and extract Update Rollup 2 * and copy KB2731874-x64-Agent.msp into the x64 subdirectory.
    • Download and extract Update Rollup 2 * and copy KB2731874-x86-Agent.msp into the x86 subdirectory.
  • CleanMom utility
    • Download and install the System Center Operations Manager 2007 R2 Admin Resource Kit. (This utility is beneficial for uninstalling OM 2007 R2 agents which is a common scenario when upgrading/migrating from OM 2007 to OM 2012.)
    • Copy %ProgramFiles(x86)%\System Center\SystemCenter Operations Manager 2007 R2 Admin Reskit\Cleanmom\x64\CleanMom.exe to the x64 subdirectory.
    • Copy %ProgramFiles(x86)%\System Center\SystemCenter Operations Manager 2007 R2 Admin Reskit\Cleanmom\x86\CleanMom.exe to the x86 subdirectory.

*Note: If installing a newer update rollup, be sure to edit the INSTALL-SCOM2012Agent.vbs file and replace (CTRL+H) the x64 and x86 updates.

Verify/edit the following three variables for the agent versions that are listed in the Environment Specifics section of the INSTALL-SCOM2012Agent.vbs file:

  • strCurrentVersion – Indicates the desired end state for OM 2012 agent version –including Update Rollup.
  • strMinimumVersion – Indicates the value of the base OM 2012 agent version (such as RTM). If a target server is found to have this version, then only the Update Rollup is applied.
  • strOldVersion – Indicates highest version level of OM 2007 R2 (including cumulative update) that could be found in the target environment. If a target server is found to have this version, or an older version, then the agent is completely uninstalled (see note above).

Syntax

Understanding the configuration of the Operations Manager management group(s) in the enterprise is required to create the correct installation string with the following syntax:

INSTALL-SCOM2012Agent.vbs /MG:MG2 /MS:OMSVR-MS1,OMSVR-MS2,OMSVR-MS3,OMSVR-MS4 /LEGACY:MG1

  • MG – [Mandatory parameter] Name of the management group to which the agent is to be homed.
  • MS – [Mandatory parameter] Name(s) of management servers in the management group which the installation script will randomly select to home the agent.
  • LEGACY – [Optional parameter] Name(s) of the management group(s) to which the agent is to not be homed.

If the SetupOMAgent.cmd script will also be used for CM 2007 scenarios, then use the derived command-line from above and fill in the appropriate information in place of the asterisks:

%CWD%%ScriptName% /MG:**************** /MS:**************** /LEGACY:**************** >> %LogFile

Repeat this step on the remaining three lines in the script that have this pattern. Close and save the script.

Deployment

Make the following deployment configurations in Configuration Manager 2007/2012:

  • Package – Create a package in Configuration Manager with entire directory structure and files previously created.
  • Program – Create a program for the appropriate version of Configuration Manager:
    • CM 2012: INSTALL-SCOM2012Agent.vbs /MG:MG2 /MS:OMSVR-MS1,OMSVR-MS2,OMSVR-MS3,OMSVR-MS4 /LEGACY:MG1
    • CM 2007: SetupOMAgent.cmd
  • Advertisement – Mandatory/assigned with a schedule of once per day.
  • Collection – Target servers that match the scope of the Operations Manager 2012 management group in the target environment. Be sure to only use dynamic collection membership rules.

After testing the OM agent package against use cases that represent the target environment, proceed to pilot and then fully deploy the agent. Monitor and remediate the distribution to ensure full coverage.

You are now 1 step closer to enabling ACS autopilot in Part 3

OM2012AgentInstallPkg-v2.9.zip