It is not always easy to divide Low-level Design and High-Level Design. How to differentiate between high-level and low-level design depends on the entity that we refer to. When we need to design our cloud then high-level decision could be for example choice of the technology that makes our SQL Servers highly-available. But when we talk about our business or company (the entity) then SQL Servers are in Low-level Design category. This means that following division to High-level Design and Low-level Design are only within our entity.

High-level Design

Following design was chosen for our testing environment. As architect you need to choose own design according needs of your business. Use following design only as help to understand how to model your environment.

Architectural design questions you need to ask

Highly-available (HA) and scalable deployment

  • As Architect you have to evaluate the risk. You need to ask: What happened when the service is not available? What is the probability that could happen? Is the service important for you business? In our case the service is monitoring and monitoring should to be fault-tolerant. It does not matter if you have small or large environment. You usually need at least two servers.
  • In order to have HA environment the deployment process is much simpler for SCOM than for any other System Center product. Basically you just need to install multiple servers (no failover cluster) and add them into one Management Group.
  • Answer: Yes

Multiple sites

  • All SCOM Management Servers (core of your monitoring solution) have to be on one place.
  • If you have multiple datacenters connected by fast and reliable connections (aggregate optical lines) then you need to install SCOM servers to multiple datacenters to create fault-tolerant monitoring in the case the whole datacenter is gone.
  • If you have multiple sites connected for example trough VPN over internet or if you need to monitor customer infrastructure then you need install to these sites the SCOM Gateway Servers that will send the data to the main datacenter and that will be used to monitor resources on the given site.
  • Answer: Management Server to main datacenter and Gateway Server to the branch office

Do you need Web Console server?

  • Web Console in not requirement for the monitoring or management. The Web Console displays only My Workspace and the Monitoring workspace and it is possible to skip the installation when access from the web it is not needed.
  • The best practice to access the Web Console from the Internet is to use network authentication with SSL (access over HTTPS). I suggest to use HTTPS even when you are not exposing the SCOM to the internet.

Environment

Management groups

Operations Manager Management Group

  • Name: contosodefault

Virtual machines

  • contscom0
    • Microsoft System Center Operations Manager 2012 R2
      • Features
        • [x] Management Server
        • [x] Web Console server
          • Optional when it is required access to the Monitoring workspace in the internet browser.
    • IIS
    • .NET Framework 3.5
    • Microsoft System CLR Types for SQL Server 2012
    • Microsoft Report Viewer 2012 Runtime
  • contscom1 (will be covered in the next articles)
    • Microsoft System Center Operations Manager 2012 R2
      • Features
        • [x] Management Server
  • contdb1c0 (SQL Server Failover Cluster with AlwaysOn Availability Groups) or
  • contscomdb0 (highly-available VM with standalone SQL Server)
    • Microsoft SQL Server 2012 SP1
      • Features
        • Required
          • [x] Database Engine Services
            • [x] Full-Text Search
        • Optional
          • [x] Reporting Services - Native
        • Optional - Management Tools (I recommended to install them on management server only)
          • [x] Management Tools - Basic
            • [x] Management Tools - Complete
        • Named instance (standalone VM with SQL Server): scom0
        • Collation: SQL_Latin1_General_CP1_CI_AS
    • Configurations
      • Firewall
        • Open
          • 1433 (SQL Server)
          • 5022 (AlwaysOn DB mirroring)
  • contscvmm0
    • Microsoft System Center Virtual Machine Manager 2012 R2 (already installed)
    • Microsoft System Center Operations Manager 2012 R2
      • Features
        • [x] Operations console
    • Microsoft System CLR Types for SQL Server 2012 (required by Report Viewer)
    • Microsoft Report Viewer 2012 Runtime (required by SCOM console)
  • contscmng0 (our management terminal server)
    • Microsoft System Center Operations Manager 2012 R2
      • Features
        • [x] Operations console
    • Microsoft System CLR Types for SQL Server 2012 (required by Report Viewer)
    • Microsoft Report Viewer 2012 Runtime (required by SCOM console)

Service accounts, user accounts and security groups

SCOM - Service accounts

  • serscoma0
    • Service account: SCOM Management Server Action account
    • Member Of
      • Domain Users
  • serscomda0
    • Service account: SCOM Configuration service and Data Access service
    • Permission requirements: Local Administrators on all SCOM servers
    • Member Of
      • Domain Users
  • serscomdr0
    • Service account: SCOM Data Reader
    • Member Of
      • Domain Users
  • serscomdw0
    • Service account: SCOM Data Writer
    • Member Of
      • Domain Users

SCOM - Security groups

  • scomadmins0
    • Security group: SCOM Administrators
    • Members
      • You and other admins
      • serscoma0 (SCOM Management Server Action account)
      • serscomda0 (SCOM Configuration service and Data Access service)

Standalone VM with SQL Server

SQL DB Servers - Service accounts
  • serscdb0
    • Service account: Microsoft SQL Server
SQL DB Servers - Security groups
  • scdbadmins0
    • Security group: DB Administrators
    • Members
      • You and other DB admins
« Previous Next »

Part of the series

  1. Building Microsoft System Center Cloud - Outline