Hello and Happy New Year!
Today's topic is regarding the setup of the SharePoint 2010 Foundation management pack in support of multi-farm monitoring with Operations Manager. This is a common topic that many people have questions about and some of the blog posts regarding it are not entirely accurate. My hope here is to help demystify the confusion surrounding this and help you understand the steps necessary to set it up correctly. Here I'll summarize those steps before we jump right in:
- Create a domain user account that will have the elevated privileges required in each farm (recommended security practice)
- Create a Run As account for each farm
- Create custom groups containing the Windows Computer objects for all the servers in the respective farm
- Configure the SharePointMP.Config xml file to discover one of the farms (this avoids manually overriding the many discovery rules in the SharePoint 2010 Foundation MP) per the Deployment Guide
- Execute the task - Configure SharePoint Management Pack to configure discovery and monitoring
- Update the SharePoint Discovery/Monitoring Account Run As profile to associate the Run As accounts for each farm with the custom groups
By default when you want to monitor a single farm with Operations Manager, the SharePoint 2010 Foundation MP Deployment Guide (starting on Page 15) directs you to create a Windows domain user account that has been granted the following privileges in order for the workflows defined in the MP to complete successfully:
- SharePoint Farm Administrator
- SQL DB Owner for SharePoint SPAdminContent and Configuration databases
- Local Administrator on the SharePoint and respective SQL Servers
You will want to do this for each farm, defining a unique Windows domain user account and granting it the necessary privileges as stated. Once you complete this step for each farm, you can then create the Run As account(s) in Operations Manager and configure distribution of that account to the specific servers respectively.
Next you will want to create custom groups for each farm and add all of the servers in the farm to the group. These groups will be referenced when you configure the SharePoint Discovery/Monitoring Account Run As profile, later in the process. Identify an appropriate naming standard for the groups display name so you can easily relate the group with the farm. So if you have Farm A, add the Windows computer object for the SQL and SharePoint servers in that farm to the group (using a dynamic or explicit membership criteria).
Now we need to modify the SharePointMP.Config file to update the Machine Name tag with the Windows Computers supporting one of the SharePoint farms. We are only adding the computer objects for one farm in order to obviate the need to manually override the 17 discovery rules in the SharePoint Foundation MP (which is enabling the discovery rule - Discovery For SharePoint Foundation Installed Machine to true, setting the Interval Seconds and SyncTime parameter, and for the other 16 discovery rules setting the SyncTIme parameter. Those overrides are stored in the writeable MP - Microsoft.SharePoint.Foundation.2010.Override). Otherwise, you simply override the applicable discovery rules, associate the Run As accounts with the Run As profile and target groups, and wait for discovery to occur. Back to setting up the config file.... One approach is:
<Association Account="SharePoint 2010 Farm-A Action Account" Type="Agent">
<Machine Name="SVRSQL01" />
<Machine Name="SVRSRPWFE01" />
<Machine Name="SVRSRPWFE02" />
Next go ahead and copy the .Config file to the RMS, run the task (remember to override the Working Directory parameter), and verify the task completed successfully. Let the discovery process run to ensure it is successful in discovering and moinitoring the servers in the farm before proceeding with modifying the SharePoint Discovery/Monitoring Account Run As profile. Now go ahead and modify the properties of the SharePoint DIscovery/Monitoring Account Run As profile, and here we want to associate the respective Run As account defined for each farm to the custom group representing that farm that we created earlier.
Step 1: Remove the existing associations first, which are the individual systems specified in the .Config file with the Run As account.
Step 2: Click on the Add button.
Step 3: In the Add Run As Account properties box, select the Run As account for the one farm from the list. Next change the option - "This Run As Account will be used to manage the following objects:" by selecting the radio button "A selected class, group, or object:" and click the Select... button. When the context-sensitive menu appears, select Group from the list.
Step 4: In the Group Search box, select the appropriate group you created earlier. Press the OK button to save your selection and return to the Add Run As Account properties box.
Step 5: Press the OK button to save your changes.
Repeat steps 2 - 5 for the additional farms. Again associating the specific Run As account that has assigned privileges in that farm with the custom group that hosts the Windows Computer objects of that farm.
Once discovery runs again at its defined interval, check the SharePoint 2010 Products\Servers health state view to verify the servers in the additional farms were discovered successfully and are being proactively monitored by the SharePoint Foundation and SharePoint Server MPs.
I have successfully utilized this approach with my current customer, monitoring three different farms with about thirty plus servers supporting those three farms.
Good luck and I hope this helps! Any questions or issues, feel free to ping me.