locked
Monitor clients on DMZ with Gateway Server RRS feed

  • Question

  • We have a domain and DMZ (in the DMZ no domain).

    In a domain, installed SCOM 2012 R2. In the DMZ server gateway installed, imported the necessary certificates (just like in the instructions). Now I need to configure monitoring servers in the DMZ.

    What do I need to do?

    My steps:

    1) install agents

    2) In the setting agent is indicated as north of management - server gateway.

    3) install the certificate Root.

    4) makes a request for a certificate on the client, then import the certificate previously created for the gateway server

    5) MomCertImport.exe on clients

    Thaks


    C уважением к Вам, Я

    Friday, April 24, 2015 12:15 PM

Answers

  • At first , you may refer to the Stefan Stranger blog for monitoring DMZ workgroup machine
    http://blogs.technet.com/b/stefan_stranger/archive/2012/04/17/monitoring-non-domain-members-with-om-2012.aspx
    Moreover, you can deploy SCOM agent to workgroup machine using a gateway server and it minimize the number of ports between DMZ machines and internal machines.
    Roger
    • Proposed as answer by Yan Li_ Wednesday, April 29, 2015 12:49 AM
    • Marked as answer by Yan Li_ Wednesday, May 6, 2015 3:03 AM
    Monday, April 27, 2015 3:13 AM
  • Hi There,

    If the DMZ agents are in domain and if the gateway is deployed in the same domain, Then you can use the discovery wizard and push the setup.

    If they are in a workgroup, Then you will need to a manual agent installation pointing to the MS or Gateway and by also importing the Certificates for trusted communication (For MS or for Gateway domain). 


    Gautam.75801

    Wednesday, April 29, 2015 8:22 AM
  • 1.Download the Trusted Root (CA) certificate.
    2.Import the Trusted Root (CA) certificate
    3.Create a setup information file to use with the CertReq command-line utility.
    4.Create a request file.
    5.Submit a request to the CA using the request file.
    6.Approve the pending certificate request.
    7.Retrieve the certificate from the CA.
    8.Import the certificate into the certificate store.
    9.Import the certificate into Operations Manager using MOMCertImport.
    10. Install agent on Workgroup machine and report to gateway server

    Roger

    Wednesday, April 29, 2015 8:56 AM
  • Hi There,

    Refer the below links which will guide you graphically on how to achieve this.

    http://blogs.technet.com/b/csstwplatform/archive/2012/05/28/how-to-deploying-scom-agents-to-the-workgroup-clients.aspx

    http://himmetyildiz.blogspot.in/2013/11/installing-scom-2012-agent-on-non.html

    Please let us know if you need more info on this.


    Gautam.75801

    Wednesday, April 29, 2015 10:03 AM

All replies

  • Hi There,

    Basically a gateway is not required if the DMZ servers are in a Workgroup or in the same domain. If they are in a different non trusted domain then you can use a gateway.

    You can refer the below:

    https://social.technet.microsoft.com/Forums/systemcenter/en-US/ce74deac-90ce-4714-ab1e-7853cfa8ca6b/scom-agents-in-dmz-via-gateway-server?forum=operationsmanagerdeployment


    Gautam.75801

    Saturday, April 25, 2015 6:58 PM
  • At first , you may refer to the Stefan Stranger blog for monitoring DMZ workgroup machine
    http://blogs.technet.com/b/stefan_stranger/archive/2012/04/17/monitoring-non-domain-members-with-om-2012.aspx
    Moreover, you can deploy SCOM agent to workgroup machine using a gateway server and it minimize the number of ports between DMZ machines and internal machines.
    Roger
    • Proposed as answer by Yan Li_ Wednesday, April 29, 2015 12:49 AM
    • Marked as answer by Yan Li_ Wednesday, May 6, 2015 3:03 AM
    Monday, April 27, 2015 3:13 AM
  • I use Gateway.

    How i must configure agents?


    C уважением к Вам, Я

    Wednesday, April 29, 2015 7:48 AM
  • Hi There,

    If the DMZ agents are in domain and if the gateway is deployed in the same domain, Then you can use the discovery wizard and push the setup.

    If they are in a workgroup, Then you will need to a manual agent installation pointing to the MS or Gateway and by also importing the Certificates for trusted communication (For MS or for Gateway domain). 


    Gautam.75801

    Wednesday, April 29, 2015 8:22 AM
  • Thanks!

    Which certificates i must import? And where?


    C уважением к Вам, Я

    Wednesday, April 29, 2015 8:56 AM
  • 1.Download the Trusted Root (CA) certificate.
    2.Import the Trusted Root (CA) certificate
    3.Create a setup information file to use with the CertReq command-line utility.
    4.Create a request file.
    5.Submit a request to the CA using the request file.
    6.Approve the pending certificate request.
    7.Retrieve the certificate from the CA.
    8.Import the certificate into the certificate store.
    9.Import the certificate into Operations Manager using MOMCertImport.
    10. Install agent on Workgroup machine and report to gateway server

    Roger

    Wednesday, April 29, 2015 8:56 AM
  • Hi There,

    Refer the below links which will guide you graphically on how to achieve this.

    http://blogs.technet.com/b/csstwplatform/archive/2012/05/28/how-to-deploying-scom-agents-to-the-workgroup-clients.aspx

    http://himmetyildiz.blogspot.in/2013/11/installing-scom-2012-agent-on-non.html

    Please let us know if you need more info on this.


    Gautam.75801

    Wednesday, April 29, 2015 10:03 AM