locked
SCOM 2012 Global Architecture, One management group or multiple? RRS feed

  • Question

  • Hi Folks,

    I work for a global firm, we have multiple data caters in different regions. America, UK, Australia, China etc etc. We are looking to roll out SCOM 2012 for monitoring all systems. Our environment

    1,000 Windows servers

    All servers on the same Active Directory domain

    10 Mbps links between data centers.

    My question is around whether to use multiple management groups or one?   I’ve seen recommendations for both. For example

    In the Infrastructure Planning and Design guide for SCOM 2012 it is stated:

    “A centralized management model with large remote locations works best with a management group in each region and a local management group (which provides a consolidated view of alerts and status) in the parent location. In this case, the centralized management group connects through the software development kit (SDK) and functions as an additional console on each of the connected management groups.”

    However moderators in this forum have stated

    Each management group has its own set of SQL Servers and Management Servers \ Gateways. It also adds considerably to administrative overhead. I'd try to avoid multiple management groups where possible.

    ” It will get expensive in terms of hardware and software with multiple management groups and you will duplicate a lot of work with regards to overrides

    “If you go with multiple Management Groups then you would need to add on a fair number of SQL licenses plus additional hardware.  Presumably if I have multiple management groups will that mean I will have to create rules for each Management Group- correct. Same with overrides. It could add a lot of administrative overhead. 

    It would seem easier to just deploy one management group with the management servers in one datacenter but I’m concerned with performance. I’ve heard stories about SCOM deployments architected in this way not performing well because of network latency. i.e admins from all regions besides the region local to the SCOM deployment not wanting to use SCOM because application performance is too slow.

    What would the SCOM experts recommend for this scenario?


    MH

    Sunday, February 22, 2015 10:56 PM

Answers

  • Hi MH,

    You can have one management group with gateways in remote locations where you have more than 10 agents, that will reduce your network traffic and operational work. As you have one domain, there are no worries about certificates' problems as well.

    Minimum network connectivity speed between management server and Gateway server is 64Kbps:

    https://technet.microsoft.com/en-ca/library/dn249696.aspx

    Some helpful links to look at:

    https://technet.microsoft.com/en-ca/library/hh212823.aspx?f=255&MSPPError=-2147217396

    http://blogs.technet.com/b/momteam/archive/2008/02/19/10-reasons-to-use-a-gateway-server.aspx

    https://social.technet.microsoft.com/Forums/systemcenter/en-US/bfaa1961-2f0f-4ce3-b8b8-0883d7eb1e61/design-scom-multiple-ad-sites?forum=operationsmanagergeneral


    Natalya

    ### If my post helped you, please take a moment to Vote as Helpful and\or Mark as an Answer

    • Edited by Natalya Vank Monday, February 23, 2015 12:49 PM
    • Marked as answer by Yan Li_ Tuesday, March 3, 2015 9:11 AM
    Monday, February 23, 2015 12:52 AM
  • 1) My question is around whether to use multiple management groups or one?
    Factors to consider in determine the number of Management group
     • Scaling
     • Agents separated from their management server by WAN-speed network links
     • Political, administrative or security requirements within the organization requiring separate management groups.
     • A view of AD DS topology required across multiple forests.
     • A dedicated management group required for auditing purposes.
     • Disaster recovery functionality required.
     • Consolidated views of connected management groups required in Operations Manager.
     • Operations Manager integration with the VMM console.
     With refer to your situation
     a) 1,000 Windows servers
     b) All servers on the same Active Directory domain
     c) 10 Mbps links between data centers.
    It is suggest that one Management group is required.

    2) It would seem easier to just deploy one management group with the management servers in one datacenter but I’m concerned with performance
    It is recommend that you should deploy Gateway server in region office which has more than 10 agents.
    • Gateway server reduce network bandwidth utilization. Agents located across WAN links consume network bandwidth, potentially affecting service delivery to and from the remote location. A gateway server can consolidate the traffic.
    Roger

    • Marked as answer by Yan Li_ Tuesday, March 3, 2015 9:11 AM
    Tuesday, February 24, 2015 7:13 AM

All replies

  • Hi MH,

    You can have one management group with gateways in remote locations where you have more than 10 agents, that will reduce your network traffic and operational work. As you have one domain, there are no worries about certificates' problems as well.

    Minimum network connectivity speed between management server and Gateway server is 64Kbps:

    https://technet.microsoft.com/en-ca/library/dn249696.aspx

    Some helpful links to look at:

    https://technet.microsoft.com/en-ca/library/hh212823.aspx?f=255&MSPPError=-2147217396

    http://blogs.technet.com/b/momteam/archive/2008/02/19/10-reasons-to-use-a-gateway-server.aspx

    https://social.technet.microsoft.com/Forums/systemcenter/en-US/bfaa1961-2f0f-4ce3-b8b8-0883d7eb1e61/design-scom-multiple-ad-sites?forum=operationsmanagergeneral


    Natalya

    ### If my post helped you, please take a moment to Vote as Helpful and\or Mark as an Answer

    • Edited by Natalya Vank Monday, February 23, 2015 12:49 PM
    • Marked as answer by Yan Li_ Tuesday, March 3, 2015 9:11 AM
    Monday, February 23, 2015 12:52 AM
  • 1) My question is around whether to use multiple management groups or one?
    Factors to consider in determine the number of Management group
     • Scaling
     • Agents separated from their management server by WAN-speed network links
     • Political, administrative or security requirements within the organization requiring separate management groups.
     • A view of AD DS topology required across multiple forests.
     • A dedicated management group required for auditing purposes.
     • Disaster recovery functionality required.
     • Consolidated views of connected management groups required in Operations Manager.
     • Operations Manager integration with the VMM console.
     With refer to your situation
     a) 1,000 Windows servers
     b) All servers on the same Active Directory domain
     c) 10 Mbps links between data centers.
    It is suggest that one Management group is required.

    2) It would seem easier to just deploy one management group with the management servers in one datacenter but I’m concerned with performance
    It is recommend that you should deploy Gateway server in region office which has more than 10 agents.
    • Gateway server reduce network bandwidth utilization. Agents located across WAN links consume network bandwidth, potentially affecting service delivery to and from the remote location. A gateway server can consolidate the traffic.
    Roger

    • Marked as answer by Yan Li_ Tuesday, March 3, 2015 9:11 AM
    Tuesday, February 24, 2015 7:13 AM