Script: Export Unsealed Service Manager Management Packs

Customizations to Service Manager are stored in unsealed management packs. These should be backed up. These can be exported from Service Manager and stored in a safe location. The process to export unsealed management packs from the Service Manager console is manual and each have to be exported one by one. A better way to do this is to use a script to export all un-sealed management packs.

There are several scripts out there that can do this but most are for older versions of SCSM. I have recently updated one of these scripts. It was created by Microsoft MVP and one of the top Service Manager experts Anders Asp. Here is his blog with the original script: http://www.scsm.se/?p=227

I have updated the script to work with the latest SCSM PowerShell CMDlets and have tested it with SCSM 2012 R2 UR7.

The script is named: ExportUnsealedSCSMMPs.ps1

You can download the script locally on a Management Server

Edit the script and change “C:\Unsealed SCSM MPs\” to a directory on your server. Be sure to leave the “\” at the end.

Run the script from an elevated PowerShell window on a Management Server by typing

.\ExportUnsealedSCSMMPs.ps1

You should see the following output:

clip_image001

The unsealed MP’s will be loaded in a folder with the current date as seen in the following screenshot:

clip_image002

Note: Old folders will need to be manually cleaned up. You can also schedule this using Task Scheduler.

This script can be downloaded here:

https://gallery.technet.microsoft.com/Export-Unsealed-Service-43602dd4

Read More

Update: SCSM Discovery Report v1.3

I have made some more updates to the SCSM Discovery Report script. It is now version 1.3. The updates include:

First: Updated the SCSM Version Checker code to version 2. Microsoft MVP Steve Beaumont worked with Samuel Erskine to optimize the PowerShell in the SCSM version checker. This optimization is now a part of the SCSM Discovery Report script. This also detects up to UR7 now.

clip_image001.png

Second: Fixed Service Manager Management Group Name section not displaying the name.

clip_image002.png

Third: Updated the Display Data Warehouse Information section to use UR7’s Get-SCDWInfraLocation CMDlet.

clip_image003.png

The script can be downloaded here: https://gallery.technet.microsoft.com/Service-Manager-Discovery-a25c7d80

Read More

System Center 2012 R2 UR7 Highlights

Its been a while since I have posted a new blog. I have been busy working on multiple System Center projects and other behind the scene activities. Today update rollup 7 for System Center 2012 R2 was released and this is definitely worth a post. This UR includes DPM, SCSM, SPF, VMM, , SCORCH, Azure Pack, but not Operations Manager. UR7 for Operations Manager will be coming within a few weeks. More info here.  It is interesting that SCOM is not in this UR and we actually see SCORCH included. Here are some highlights from UR7:

For Orchestrator The Monitor SNMP Trap activity has an issue fixed and there is a fix for Stop Job and Stop Runbook. The SCORCH UR also includes some fixes for SMA.

For Service Manager we see a bunch of fixes. Some fixes I want to call out are MPSync Data Warehouse job stop responding and the Get-SCDWInfraLocations cmdlet introduced in update rollup 5 have been fixed. Great work from the Service Manager team. Keep it up.

Beyond just fixes we see new features in two of the System Center components VMM and DPM. As always its exciting to see new features added via UR’s.

In VMM we see support for Windows 10, the ability to provision and customize Debian 8 Linux as a Guest Operating System, support for VMWare vCenter 5.5, the ability to have Multiple External IP Addresses per Virtual Network, the ability to re-associate orphaned virtual machines to their service or VM role, and support for VMM DHCP Extension PXE/TFP Forwarding. There also is a ton of great fixes for issues in VMM. This is great work from the team and should make VMM more stable.

In DPM we see support for Windows 10 client protection, and a really cool feature being the ability to use alternate DPM servers to recover backups from Azure Backup vault. These means if you sent your backup data to Azure from one DPM server and it croaks you can connect a different DPM server to your Azure Backup subscription and recover data from Azure! I have a feeling we will continue to see greater collaboration between on premise backup/DR (DPM) and cloud backup/DR Azure Backup in the future.

To access update rollup 7 visit this link: https://support.microsoft.com/en-us/kb/3069110

Read More

4th time System Center MVP

This morning I received an email from Microsoft that I am awarded System Center Cloud and Datacenter Management MVP for the 4th year. Here is the email I received:

image

The System Center Cloud and Datacenter Management MVP’s are a great lively bunch of folks. It is an honor to still be a part of this group. I have made many friends at Microsoft, with other MVP’s and in the community during my time as an MVP. I look forward to making many more!

I am also looking forward to another year of fun MVP activities. A huge thanks goes out to everyone in the community and Microsoft.

Congrats to all the other new and renewed MVP’s! I hope to keep adding value to the System Center community!

MVP Profile: http://mvp.microsoft.com/en-us/mvp/Steve%20Buchanan-4039736

Read More

Operations Management Suite in SCSM Console

Today I was playing around with Service Manager and decided to add a view for Operations Management Suite in the Service Manager Console. I have placed it in a management pack for use in other Service Manager environments. I have uploaded the management pack to TechNet Gallery. Once you load the management pack an Operations Management Suite folder will show up within Work Items.

image

NOTE: The first time you open Operations Management Suite inside of Service Manager you will see compatibility mode warning just click on continue.

clip_image001

Here are some screenshots:

clip_image002

clip_image003

clip_image004

Download the management pack here:

https://gallery.technet.microsoft.com/Operations-Management-10f68429

Read More

Cant change SCOM agents Primary Management SVR in SCOM Console

Problem:

When in SCOM you go to change the primary management server on a SCOM agent but you cannot. It is grayed out.

clip_image001

More details about this issue referenced on the following links:

https://social.technet.microsoft.com/Forums/systemcenter/en-US/c5214222-0cc3-4da5-a40e-64cbeff91573/r2-cannot-change-primary-management-server?forum=operationsmanagergeneral

http://www.systemcentercentral.com/forums-archive/topic/moving-agents-from-one-gateway-server-to-another/

I built a quick script to help with this. It can be used in any SCOM environment. Details are as follows:

Script:

MoveAgentSCOMMgmtServer.ps1

Description:

This script can be used to move agents from one management server or gateway server to another.

There is a common issue “Cannot change SCOM agents Primary Management via the GUI (SCOM Console)”. This script can be used to help with this issue.

This script should be run in an administrative PowerShell console on a SCOM management server. You can run this script using: powershell.exe -executionpolicy unrestricted -command .\MoveAgentSCOMMgmtServer.ps1

How to run:

Step 1: Copy the MoveAgentSCOMMgmtServer.ps1 script to a SCOM management server.

Step 2: Open an elevated PowerShell and navigate to the script. For example: CD “C:\SCOM Scripts”

Step 3: Run powershell.exe -executionpolicy unrestricted -command .\MoveAgentSCOMMgmtServer.ps1

You will be prompted to enter the name of the management server you want the SCOM Agents set to. You need to enter in the servers full FQDN. This can be a management server or a gateway server.

clip_image002

Step 4: A window will pop up with a list of your SCOM Agents. Select the SCOM Agents you want to change the primary management server for. Click the OK button.

clip_image003

Step 5: Once the SCOM Agents are set you should see a similar output.

clip_image004

Download from TechNet Gallery:

https://gallery.technet.microsoft.com/Move-Agent-SCOM-Primary-9927d7a3

Read More

System Center Futures 2016 and Beyond

Last week I was able to attend the first ever Microsoft Ignite conference in Chicago. There was a lot of exciting news announced at this conference around the many Microsoft products and technologies. Everything was covered from SharePoint, Exchange, Unified Communications, Office, Windows server, Windows 10, all things Azure and more. This post is focused for any System Center professional that was unable to attend the MS Ignite 2015 conference but what’s to know what’s up with System Center. If you had any concern about System Center going away or just want to know about the future of System Center in general this post is for you.

During conference there were many sessions related to the various System Center components however there were a couple of critical sessions that covered the future of System Center. These are the Platform Vision & Strategy sessions. These are titled:

Windows Server & System Center Futures—Bring Azure to your Datacenter (Platform Vision & Strategy)

And

Platform Vision & Strategy (6 of 7): What’s New in System Center for Management

These sessions are important because they featured System Centers top guy Jeremy Winter and he talked about future direction of the management solutions. In this post I will sum up key information from each of these sessions.

NOTE: This post is my perspective on the Platform Vision & Strategy sessions from Ignite and do not represent the opinions of Microsoft.

Traditionally System Center has been a complete management stack for IT Operations. This is not going to change but will continue to get better. The stack consists of: Managing endpoints (PC’s/Mobile device/servers) – *SCCM/Intune* | Monitor – *SCOM* | Automation – *Orchestrator (SMA)* | Provision – *VMM* | Service Management – *SCSM* | Protection – *Data Protection Manager* | Self-service – *Azure Pack* also represented in the following screenshot from one of the session slides.

clip_image001[4]

So we are now in the year 2015 and have not had a new major version of the entire stack since 2012. However since the release of System Center 2012 we have seen a steady progression of enhancement to the stack. We have seen it move from SP1 to R2 and now updates and new features through update rollups.

These update rollups have been released on a faster cadence at a speed we have not seen from Microsoft before. In fact we have recently seen a round of new features in update rollup 6 and more announced at Ignite. Below is a list of key features that stuck out to me along with slides from one of the Platform Vision & Strategy sessions giving insight into where the System Center components are headed next.

SCCM: Support for Windows 10 and a plethora new MDM features.

clip_image002[4]

Automation: Graphica...

Read More

Streaming Enterprise Backup Ignite 2015 Session

My Enterprise Backup session with Microsoft PFE Islam Gomaa and System Center MVP Robert Hedblom from Microsoft Ignite is now on Channel 9. Here is what we covered in the session:

  • Offline seeding to Azure Backup
  • Monitoring and the new enhanced reporting
  • Custom reporting
  • Real-world deployment best practices

and

  • The all new Backup as a Service in Azure Pack powered by DPM

You can watch it here:


Read More

Early look DPM BaaS in Azure Pack

I am very excited about something new with Data Protection Manager (DPM) that I was able to announce during my Enterprise Backup session @ Microsoft Ignite (http://meme.ms/d5gpbrq). It is DPM Backup As A Service (BaaS). I wanted to blog about it with even more information about this new functionality in DPM.

Well what is DPM BaaS? In a nutshell it is Backup as a Service in Azure Pack powered by Data Protection Manager. This is a new resource provider built by the DPM team. It lights up the functionality for tenants to protect VM’s in Azure Pack. Here is a screenshot of what the new BaaS in Azure Pack looks like for a tenant:

clip_image001

DPM has always had a role in the Microsoft Private Cloud story. This role has been on the backend through backing up the Private Cloud fabric components that power Private Cloud (Windows Server, Hyper-V, System Center). The following image is the framework of Microsoft Private Cloud:

clip_image002

DPM has also been used for protection of front end tenant workloads such as websites, SQL databases and virtual machines. However protecting tenant workloads had no visibility or control by the tenants themselves. This story changes with the introduction of BaaS for Azure Pack giving the control for tenants to choose if they want to protect their virtual machines from their cloud!

NOTE: As of now BaaS for Azure Pack can only protect virtual machines in tenant clouds. If you would like to see BaaS extended to protect other areas of the Private Cloud such as SQL databases or websites feel free to reach out to me.

Now let’s pick apart this new DPM BaaS to gain a better understanding of it in the rest of this post.

DPM BaaS in Azure Pack Architecture

So what do you need for this new BaaS? The following components make up BaaS:

clip_image003

You can deploy many DPM servers for scale as your Private Cloud grows. The rest of the components are standard with a Private Cloud so if you already have Azure Pack running you simply need to add DPM and the DPM BaaS Resource Provider.

As previously stated BaaS only protects virtual machines. A DPM agent needs to be installed to Hyper-V hosts. The BaaS in Azure Pack does not do this for you. The DPM agent will not be required inside VM’s. The agent will be installed on Hyper-V hosts only.

Admin Perspective

Now let’s take a look at what can and admin do with BaaS. NOTE: The BaaS is still under development so some of these features may change. If you have any feedback about the features and functionality you would like to see feel free to contact me. Let’s explore the BaaS admin perspective through a series of screenshots.

Here is a shot of the VM Backup within the Azure Pack admin site. Here is where you would register the resource provider with SPF, you could also add a DPM server, or create a server group. Note that you still need to deploy your DPM servers before you can add them to BaaS. BaaS will not deploy the DPM servers for you.

A server group allows you to logically group DPM servers and then add DPM servers to the group and you can set settings based on a group and then add this to a plan for a tenant. An admin of the Resource Provider will set the Protection Group policy settings that will be used for all subscriptions to a particular plan.

clip_image004

The next two screenshots show creating a new group.

clip_image005

clip_image006

This screenshot shows the registration of a DPM server. Notice you have the ability to add the DPM server to a group. Adding the DPM server to a group is optional.

clip_image007

The next three screenshots give you an idea of what settings you can set for a group. These settings will help you apply limits to the tenant that will be assigned this group via a plan. Notice that some of the settings will look familiar to what you see in DPM when setting up a Protection Group.

clip_image008

clip_image009

clip_image010

This final screenshot is of the Usage & Metering within for the Resource Provider. The cool thing about this is we do not have a dashboard like this in DPM. This monitoring can be scoped per VM or All Up of the BaaS Resource Provider. Here is what you can see as the part of this monitoring:

  • Retention Days
  • Number of Restore Points
  • Size used

clip_image011

Tenant Perspective

So we walked through what and administrator can do in the BaaS let’s look at the tenants perspective. Here is what a tenant can do with BaaS?

Ability to add a VM under protection. This essentially adds the VM to a DPM protection group on the backend. If a Protection Group does not exist for this tenant’s subscription yet one will be created.

Ability to back up a protected VM. This creates a Recovery Point in DPM on the backend. An admin of the BaaS resource provider has the option to allow this or not allow this to tenants.

Ability to restore a protected VM. This will restore a VM from a Recovery Point in DPM on the backend. Self-service restore of a deleted VM that is protected is out of scope as DPM doesn’t have VMM information (cloud, etc.) to correctly reassign it to a tenant. However an administrator with direct access to DPM could still go and restore the VM.

clip_image012

Ability to remove a VM’s protection. The protection group for the tenant subscription will be created when the first VM is protected and destroyed when the last VM is removed.

clip_image013

For more information:

My Microsoft Ignite session on this:

http://meme.ms/d5gpbrq

Download the DPM BaaS Resource Provider:

Coming Soon!!!

Read More

Deploy & Configure DPM Enhanced Reporting

A while back I posted about the enhanced reporting for DPM here: http://www.buchatech.com/2014/11/dpm-2012-r2-reporting-improvements/ I wanted to create another blog post on how to deploy and configure the new enhanced reporting for Data Protection Manager (DPM) 2012 R2 and as a follow up to my Enterprise Backup session @ Microsoft Ignite (http://meme.ms/d5gpbrq). Here is a diagram of the new DPM reporting framework:

clip_image001

This new reporting for DPM is a part of Operations Manager (SCOM). SCOM can monitor your DPM server/s so it only made sense to build this new reporting framework in SCOM. Data from your DPM server/s is brought over to SCOM through the monitoring and placed in SCOM’s data ware house database. This data is then accessed via a new set of DPM SQL views and served up to the reports.

Following is a breakdown of what you need to get the new reporting framework put in place and configured.

What do you need?

  • Need SCOM 2012 R2 deployed w/ DW working.
  • DPM management packs must be imported to SCOM and central console must be deployed.
  • DPM 2012 R2 and Central console must be on UR5.
  • Must configure SLA’s on your DPM servers using Set-DPMProtectionGroupSLA CMDLet to get SLA data in reports. More on this later.
  • The FileServices MP is a pre-req of the DedupReporter MP.

You must be careful about how you install/upgrade the DPM central console and management packs on SCOM as you can run into problems if you do not pay attention. I have had to re-deploy a SCOM server once in a lab to get this to work. Here is the order I follow and have had the best success with:

How to deploy the reporting?

1st: Import RTM 4.2.1126 MP’s in SCOM (You may already have these loaded. They are DPM 2012 R2 RTM MP’s and are named:

         - Microsoft.SystemCenter.DataProtectionManager.2012.Discovery.MP

         - Microsoft.SystemCenter.DataProtectionManager.2012.Library.MP

clip_image002

2nd: Install Central console (This is DPM 2012 R2 RTM)

- You will find this on the DPM media

3rd: Apply UR5 to your DPM server/s.

For a list of DPM version build numbers and download links visit:

         - http://social.technet.microsoft.com/wiki/contents/articles/4058.list-of-build-numbers-for-system-center-data-protection-manager-dpm.aspx

          - UR5 is version 4.2.1292.0. UR5 with the latest hotfix is version 4.2.1297.0.

4th: Apply UR5 to Central console.

NOTE: When updating the DPM Central Console be sure to run the correct .exe.

See the following screenshot that highlights the correct one for the Central Console.

clip_image004

5th: On your SCOM server import the new DPM management packs version 4.2.1276 MP’s. These will automatically upgraded the RTM DPM 4.2.1126 MPs.

         - The System Center Management Packs for Data Protection Manager 2012 R2 Reporting, DedupReporter, Discovery and Monitoring can be downloaded from here: https://www.microsoft.com/en-us/download/details.aspx?id=45525.

           NOTE: With the new DPM MP’s there are two additional MP’s that were not part of the DPM RTM MP’s. There is the    Microsoft.SystemCenter.DataProtectionManager.2012.Reporting.mp which is required for the new reporting and there is the Microsoft.SystemCenter.DataProtectionManager.DedupReporter.mp that is optional if you want to get reporting around de-duplication on your DPM servers.Here is a screenshot of importing the new DPM MP’s and the File Services MP:

clip_image005

After you import the new DPM MP’s you should have the following management packs loaded in your SCOM:

clip_image006clip_image007

In SCOM if you navigate to the Reporting workspace you will have System Center 2012 R2 Data Protection Manager Reporting. Here you will find the DPM Executive Summary Report.

clip_image008

The following screenshot is what the DPM Executive Summary Report looks like.

clip_image009

6th (Optional): Configure SLA’s on your DPM server/s using Set-DPMProtectionGroupSLA CMDLet to get SLA data in reports. This has to be done on each DPM server per each protection group that you want to receive SLA reporting on. The steps to do this are:

Launch the DPM Management Shell. Run Get-ProtectionGroup -DPMServerName YOURDPMSERVERNAMEHERE to get a list of Protection Groups.

clip_image010

Run Get-DPMProtectionGroup | where {$_.Name –ieq ‘Exchange Mailbox Databases’} | Set-DPMProtectionGroupSLA –SLAInHours 24 to set the SLA on a protection group.

That is it. Now you have set an SLA for your protection group. The SLA is defined in hours. DPM will check the SLA once a day and an event is written to the DPM backup event in the event log.

That’s all for the setup and configuration. Stay tuned for a post on how to build out custom reporting in the enhanced reporting framework in the near future.

Read More