none
SCOM 2012 R2 - multi domains multi management groups Design

    Question

  • Hi all,

    This is my env:

    • single AD forest
    • multiple domains ( no child domains, all domains at the same level, all domains are trusted);
    • each physical office has its own AD-domain and its own AD-site; all VPN interconnected and trusted domains
    • one central main office (200 servers) ; and other 5 smaller branches (each has 50 servers)
    • each branch office has an IT operator

    I would like to deploy SCOM 2012 R2 to monitor the above env.

    My proposed setup is the following:

    • no need to use SCOM gateways since as per MS guides gateway purpose is used for untrusted network/domain; which is not the case with my env.
    • in each office deploy a SCOM management group (management server, database server, reporting server,..)
    • For central monitoring and consolidation of alerts/actions; JUST connect all these SCOM management groups into the main office SCOM setup/console

    Please advise if this is a best practice design; or should I use only ONE scom management group in central office and then deploy gateways in each branch office knowing that each office has its own trusted-domain and its IT operator.

    Friday, November 15, 2013 6:59 AM

Answers

  • Pedro,

    I understand those considerations. I was thinking from an administrative stand point of creating security groups around those servers, and then scoping those to a view based on the regions. Have a link at the blog below. It mentions the network bandwidth utilization for the Operations Manager 2007 roles. I do not think these have changed much (if at all) for Operations Manager 2012.

    However, if you want to keep these physically separated for political reasons (internal preferences in management), then you option is a good option.

    http://blogs.technet.com/b/momteam/archive/2007/10/22/network-bandwidth-utilization-for-the-various-opsmgr-2007-roles.aspx

    Kind Regards,

    Tom


    Kind Regards, Tom Ziegler | http://www.sccmguy.com | Twitter @Tom_Ziegler

    Monday, November 18, 2013 3:39 PM

All replies

  • Some initial thoughts:

    Why would you deploy a management group for each of the 5 branch offices? Seems like overkill to me. You are talking about less than 500 servers total correct? Depending on the servers (Windows, Unix, Linux) you can easily have 1 MS. Do you need HA? then that takes in other considerations.

    See the following links as these will help point you in the right direction for planning your Operations Manager environment.

    Infrastructure Planning and Design Guides for System Center

    http://technet.microsoft.com/en-us/solutionaccelerators/ee395430.aspx

    Operations Manager 2012 Sizing Helper

    http://blogs.technet.com/b/momteam/archive/2012/04/02/operations-manager-2012-sizing-helper-tool.aspx

    Planning the System Center 2012 - Operations Manager Deployment

    http://technet.microsoft.com/en-us/library/hh473583.aspx

    Kind Regards,

    Tom


    Kind Regards, Tom Ziegler | http://www.sccmguy.com | Twitter @Tom_Ziegler



    • Edited by Tom Ziegler Friday, November 15, 2013 11:12 AM
    Friday, November 15, 2013 10:50 AM
  • hi Tom, you are right, one management group is more than enough in my case since the total number of agent-monitored servers is around 800. the reasons why i am considering to deploy for each physical location a separate management group are : 1- physical/geographical location of my sites;and the slow vpn links connecting the central site with all site offices 2- security segregation; where i need each Site office IT admin to access/monitor his own servers only
    Monday, November 18, 2013 1:18 PM
  • Pedro,

    I understand those considerations. I was thinking from an administrative stand point of creating security groups around those servers, and then scoping those to a view based on the regions. Have a link at the blog below. It mentions the network bandwidth utilization for the Operations Manager 2007 roles. I do not think these have changed much (if at all) for Operations Manager 2012.

    However, if you want to keep these physically separated for political reasons (internal preferences in management), then you option is a good option.

    http://blogs.technet.com/b/momteam/archive/2007/10/22/network-bandwidth-utilization-for-the-various-opsmgr-2007-roles.aspx

    Kind Regards,

    Tom


    Kind Regards, Tom Ziegler | http://www.sccmguy.com | Twitter @Tom_Ziegler

    Monday, November 18, 2013 3:39 PM
  • Pedro,

    In addition to the above, checkout the minimum  network connectivity speeds section of the following link:

    http://technet.microsoft.com/en-us/library/jj656654.aspx#BKMK_NetworkConnectivity

    Kind Regards,

    Tom


    Kind Regards, Tom Ziegler | http://www.sccmguy.com | Twitter @Tom_Ziegler

    Monday, November 18, 2013 4:12 PM
  • hello Tom,

    thanks for the above. I will have a look at them and then decide which way to go.

    I would like to make sure that if I used gateway servers in the site/remote offices and deployed agents to each remote office, all records will still be saved to the SQL DBs i have in my central office where my Management Server(s) reside, right ?

    if this is true, suppose the Internet/VPN link went down, so i will receive reachability alerts for all agent-monitored servers in that site ?

    Wednesday, November 20, 2013 7:27 AM