Functionality For Multi Tenant Environment - Assuming SCOM 2102 RRS feed

  • General discussion

  • Forgive me but I am just starting to explore SCOM and it's use in a multi-tenant deployment.

    We currently providing monitoring and maintenance for many SMB clients using an RMM (Kaseya, Level Platforms, LabTech, etc...) and I consitently find myself examing and writing monitors for our RMM that are based on the SCOM management packs.  At the end of the day SCOM looks like a much more robust product than any of the mature RMM platforms out there.

    From what I have gathered it is possible to deploy "agents" on nodes that sit on client networks and then through the use of a gateway report health back to a centralized management server.

    I've got some questions about the functionality available when the agents are not local to the central management server.

    1.  Is the gateway role a requirement or can agents be installed directly on nodes without the need of a gateway?

    2.  If a gateway is not needed how does the central management server issue commands to the agents? (Our current RMM creates a command that sits in a queue until the node checks in the next time)

    3.  If a gateway is required how does the central managne tserver issue commands through the gateway to the agents? Similar to the above question but I am wondering if we must poke holes/NAT at our customers edge to force commands to the gateway or it it operates like our current RMM by checking in periodically and pulling down commands that are in the queue.

    4.  Can agents be installed on computers that do not belong to a domain?  Is there any functionality lost when doing this?

    5.  Could we connect directly to a node with RDP/Remote Assistance to offer our "Help Desk" services? - Our current RMM does this with VNC/RDP redirection.

    6.  How are different "tenants" or "clients" actually represented in the management center GUI?

    I'm sure I will have quite a few more questions as I trial this product but this should get be a good start.

    Saturday, October 29, 2011 6:58 PM

All replies

  • Hi Jonas,

    I have been working with a similar solution for some time now using SCOM 2007 R2, and I am pretty sure it will work similar in the 2012 env (on my list of things to do)

    You have a couple of ways you can deploy SCOM in a multi-tenancy setup which include Gateway Servers (for SMEs) and Connected Management Groups for Larger deployments. From reading your requirements, Gateway servers are pretty much the best solution.

    To answer your questions:

    1) You will need to install a gateway server for external networks that are in a different forest/security boundary. Security is controlled by SSL Certificates and the port 5723 has to be open between the Gateway Server and your Management Server.

    2) You will need to have a gateway server or dedicated management group onsite for any kind of monitoring.

    3) Remote commands are ran at the agent level. This will be passed down by the usuall policy transfer process. Any rules and alerts configured (with remediation tasks) will be passed down at this level.

    4) You can install the agents on workgroup computers. You then configure 'Run As' profiles which are assigned to your gateway servers.

    5) There isn't a direct RDP feature available over to a gateway. You would need to configure either NAT rules, or use something similar to LogMeIn.

    6) Clients will be shown as any other client within a SCOM enviroment. The agents are split up from administration/Agent Devices per Management Server. From experience, I create dedicated customer management packs, groups and views which are filtered by which Management Server. You can then drill down into each customers view. This will be the same with notifications.

    I am in the process of writing up a similar setup, so will post once done. But hopefully the overview above will be point you in the right direction :)



    Monday, November 14, 2011 1:20 PM
  • I feel that especially with 2007 R3, i have not fully tested 2012 compared to the likes of Kaseya SCOM lacks in device management for multi-tennancy/workground external machines it does have a future for Managed Service Providers but for me it lacks in the most key critical part that we as MSP's look for, if all our clients external road/roaming users were running direct access then the situation becomes easier with an onsite gateway but not all of our clients have this or would implement this.

    I hoping in the next release of the system center series the product will take a different approach to the management you can see it is going in that direction but is definatly not there. The integration to products like SCCM, SCSM (Helpdesk) and then into CRM would make this the best MSP tool on the market but also the most expensive even on SPLA agreements it would cost 20 times more per agent than Kaseya which is already one of the most expensive RMM tools. Windows intune is a very cut down version of system center but this has the capability for the machines to check in to a central hosted gateway without the need of opening ports and extra configuration and this has a central management panel, they should have built this into 2012 I beleive they will miss alot of sales due to the drawbacks.

    I am in the same boat as you we have a large Kaseya implementation and see how good SCOM is but and I would love ot use it for our clients but there is lack of roaming machine support, requirements to install an onsite gateway make the transition not possible. If i have missed anything in my tests please point these out as I am more than happy to re-evaluate.


    Friday, January 6, 2012 8:01 AM