It is not always easy to divide Low-level Design and High-Level Design. How to differentiate between high-level and low-level design depends on the entity that we refer to. When we need to design our cloud then high-level decision could be for example choice of the technology that makes our SQL Servers highly-available. But when we talk about our business or company (the entity) then SQL Servers are in Low-level Design category. This means that following division to High-level Design and Low-level Design are only within our entity.
High-level Design
Following design was chosen for our testing environment. As architect you need to choose own design according needs of your business. Use following design only as help to understand how to model your environment.
Architectural design questions you need to ask
Highly-available (HA) and scalable deployment
- As Architect you have to evaluate the risk. You need to ask: What happened when the service is not available? What is the probability that could happen? Is the service important for you business? In our case the service is monitoring and monitoring should to be fault-tolerant. It does not matter if you have small or large environment. You usually need at least two servers.
- In order to have HA environment the deployment process is much simpler for SCOM than for any other System Center product. Basically you just need to install multiple servers (no failover cluster) and add them into one Management Group.
- Answer: Yes
Multiple sites
- All SCOM Management Servers (core of your monitoring solution) have to be on one place.
- If you have multiple datacenters connected by fast and reliable connections (aggregate optical lines) then you need to install SCOM servers to multiple datacenters to create fault-tolerant monitoring in the case the whole datacenter is gone.
- If you have multiple sites connected for example trough VPN over internet or if you need to monitor customer infrastructure then you need install to these sites the SCOM Gateway Servers that will send the data to the main datacenter and that will be used to monitor resources on the given site.
- Answer: Management Server to main datacenter and Gateway Server to the branch office
Do you need Web Console server?
- Web Console in not requirement for the monitoring or management. The Web Console displays only My Workspace and the Monitoring workspace and it is possible to skip the installation when access from the web it is not needed.
- The best practice to access the Web Console from the Internet is to use network authentication with SSL (access over HTTPS). I suggest to use HTTPS even when you are not exposing the SCOM to the internet.
Environment
Management groups
Operations Manager Management Group
- Name: contosodefault
Virtual machines
- contscom0
- Microsoft System Center Operations Manager 2012 R2
- Features
- [x] Management Server
- [x] Web Console server
- Optional when it is required access to the Monitoring workspace in the internet browser.
- Features
- IIS
- .NET Framework 3.5
- Microsoft System CLR Types for SQL Server 2012
- Microsoft Report Viewer 2012 Runtime
- Microsoft System Center Operations Manager 2012 R2
- contscom1 (will be covered in the next articles)
- Microsoft System Center Operations Manager 2012 R2
- Features
- [x] Management Server
- Features
- Microsoft System Center Operations Manager 2012 R2
- contdb1c0 (SQL Server Failover Cluster with AlwaysOn Availability Groups) or
- contscomdb0 (highly-available VM with standalone SQL Server)
- Microsoft SQL Server 2012 SP1
- Features
- Required
- [x] Database Engine Services
- [x] Full-Text Search
- [x] Database Engine Services
- Optional
- [x] Reporting Services – Native
- Optional – Management Tools (I recommended to install them on management server only)
- [x] Management Tools – Basic
- [x] Management Tools – Complete
- [x] Management Tools – Basic
- Named instance (standalone VM with SQL Server): scom0
- Collation: SQL_Latin1_General_CP1_CI_AS
- Required
- Features
- Configurations
- Firewall
- Open
- 1433 (SQL Server)
- 5022 (AlwaysOn DB mirroring)
- Open
- Firewall
- Microsoft SQL Server 2012 SP1
- contscvmm0
- Microsoft System Center Virtual Machine Manager 2012 R2 (already installed)
- Microsoft System Center Operations Manager 2012 R2
- Features
- [x] Operations console
- Features
- Microsoft System CLR Types for SQL Server 2012 (required by Report Viewer)
- Microsoft Report Viewer 2012 Runtime (required by SCOM console)
- contscmng0 (our management terminal server)
- Microsoft System Center Operations Manager 2012 R2
- Features
- [x] Operations console
- Features
- Microsoft System CLR Types for SQL Server 2012 (required by Report Viewer)
- Microsoft Report Viewer 2012 Runtime (required by SCOM console)
- Microsoft System Center Operations Manager 2012 R2
Service accounts, user accounts and security groups
SCOM – Service accounts
- serscoma0
- Service account: SCOM Management Server Action account
- Member Of
- Domain Users
- serscomda0
- Service account: SCOM Configuration service and Data Access service
- Permission requirements: Local Administrators on all SCOM servers
- Member Of
- Domain Users
- serscomdr0
- Service account: SCOM Data Reader
- Member Of
- Domain Users
- serscomdw0
- Service account: SCOM Data Writer
- Member Of
- Domain Users
SCOM – Security groups
- scomadmins0
- Security group: SCOM Administrators
- Members
- You and other admins
- serscoma0 (SCOM Management Server Action account)
- serscomda0 (SCOM Configuration service and Data Access service)
Standalone VM with SQL Server
SQL DB Servers – Service accounts
- serscdb0
- Service account: Microsoft SQL Server
SQL DB Servers – Security groups
- scdbadmins0
- Security group: DB Administrators
- Members
- You and other DB admins
