When the IT department evolved from "technology implementer" to "business enabler" and became a critical asset to the organization, it also became important for the IT organization to deliver stable IT services. Terms like "best practices" and "common practices" were born, and all serious IT departments and technology vendors wanted to make sure they delivered services with optimal settings for performance, availability, and security. As IT services became more and more complex, involving multiple servers across multiple service tiers, the need arose for a centralized approach for monitoring service configuration and configuration drift. Both IT departments and technology vendors started to look for tools that could monitor configuration (and configuration drift) versus best practices, and identify configuration settings that were most likely to impact performance and availability.
This was the beginning of configuration management. Different vendors and partners created tools, and sometimes large IT departments created their own tools based on their own IT policies. These tools came with differing levels of quality and cost. Some of these tools were very easy to use, but did not provide deep insight, while some provided deep insight, but were very difficult to configure and use. It was also difficult to merge the results from many assessment tools into a consolidated view. If the business-critical service used multiple technical services, "how can we merge the results from many assessments into a single pane-of-glass to get the real overview?", was the million-dollar question.
With OMS, Microsoft provides assessment-as-a-service. Assessment solutions use the same agent as the log analytics and insights component of OMS, are easy to configure and make it easy to get an overview of assessment results. Another benefit with "as a service" is that it is always up-to-date. If Microsoft invents a new common practice or updates their best practices recommendations, it is added to the OMS assessment directly, and your environment will be evaluated with the updated recommendations automatically.
In this chapter, we will look at three assessments: SQL Server, Active Directory, and System Center Operations Manager (SCOM). Active Directory and SQL Server are two technical services that support many business-critical services and a very large number of organizations around the world. SCOM is a key service that many organizations leverage to provide real-time in-depth monitoring of IT environments. Ensuring these services are configured to Microsoft best practices for security, performance, and availability, without the need for manual inventory of system settings is a valuable service to IT organizations around the world.
All the assessments collect and evaluate their technology within the following focus areas:
Every recommendation made in an assessment solution is given a weighting value that identifies the relative importance. Weightings are aggregate values based on three key factors:
The lower the effort the higher the weight
Figure 1 shows a part of the AD assessment dashboard. Shown in the Figure are a recommendation and its weight. High priority is red and low priority is blue.
As you can see, the data is already analyzed for us. When using log collection with OMS, you must analyze all the events yourself. With the assessment solutions, solution logic in OMS analyzes the data and the relationship between the data and presents an overview. Based on the information in the overview, you can drill into the data, first into the recommendation category, then into alerts and finally, into the raw data.
FIGURE 1. WEIGHTING RECOMMENDATIONS
Let us look at how the weighting process works. For the Availability and Business continuity category shown in Figure 2, there are total of 29 checks (3 high priority, 1 low priority, and 25 passed checks). To start, we can say that each check in this category is worth 100%/29 checks = 3.44% per check. This is true for the diagram shown in top of Figure 1, the circle diagram.
If we look into each recommendation and weight, we realize that formula does not work there. The weight of a recommendation is based on a value determined by the author of the solution at authoring time. The weight of a recommendation is decided based on the three key factors listed earlier, also shown in figures 2, 3 and 4: impact, probability, and effort.
FIGURE 2. RECOMMENDATIONS IN THE SQL ASSESSMENT SOLUTION
FIGURE 3. RECOMMENDATIONS IN THE SQL ASSESSMENT SOLUTION
FIGURE 4. RECOMMENDATIONS IN THE ACTIVE DIRECTORY ASSESSMENT SOLUTION
Each level of impact, probability and effort can be translated to a numeric value. These values are used to decide weight of a recommendation.
While the weight is determined at authoring time, Microsoft may still update solution recommendations over time based on evolving best practices and lessons from the field.
Enabling an Assessment solution is done in the same way as all other OMS solutions. Navigate to the Solutions Gallery and click the Add button to add the solution. Figure 5 shows the AD Assessment solution in the Solutions Gallery.
FIGURE 5. AD ASSESSMENT DASHBOARD
If you navigate directly to the Assessment dashboard immediately after adding the solution, you will see that there is no data shown, as in Figures 6 and 7. That is normal, as the solution has not yet collected all the data necessary for assessment.
FIGURE 6. NO DATA COLLECTED BY THE ASSESSMENT YET
FIGURE 7. NO DATA COLLECTED BY THE ASSESSMENT YET
When data is collected, you will see the Assessment dashboard populated with information, as shown in Figure 8. You can see the different focus areas and if there are any recommendations for them. In Figure 8, you can see that there is one recommendation. If you click that focus area, you can drill down and see more details about the recommendation.
FIGURE 8. A FEW TILES FROM THE DEFAULT AD ASSESSMENT DASHBOARD
FIGURE 9. RECOMMENDATION FOR ACTIVE DIRECTORY
In the recommendation, you can see details (shown in Figure 9) about the recommendations in general, suggested action, prioritization guidance, affected object(s) and links to a site where to read more about this topic. You can also click on the link, under the affected object, and drill down to the raw data collected, shown in Figure 10.
FIGURE 10. DETAILED EVENT DATA
In some scenarios, the default recommendations are not suitable for your environment and you need to ignore them. You can do this by creating a text file on each server where you want to ignore a recommendation.
If you would like to ignore a recommendation, you first need the recommendation ID. To get the recommendation ID you can run one of the following search queries shown below, with results shown in Figure 11.
Type=ADAssessmentRecommendation | select Recommendation, RecommendationId
Type=SQLAssessmentRecommendation | select Recommendation, RecommendationId
Type=SCOMAssessmentRecommendation | select Recommendation, RecommendationId
Each of these queries will show all recommendations and recommendation ID for their respective Assessment solution. Make a note of the recommendation ID, in this example 6502cfeb-db79-4698-81de-cb80c78a771d.
FIGURE 11. LIST RECOMMENDATIONS AND RECOMMENDATION ID
Create a file named IgnoreRecommendations.txt on the server where you want to ignore this recommendation. Place the file in the agent installation folder, for example, 'C:\Program Files\Microsoft Monitoring Agent\Agent'. In the file, paste a recommendation ID on each line and save the file, as shown in Figure 12.
If the server where you want to ignore a recommendation is a SCOM management server, you should place the file in 'C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server'.
FIGURE 12. THE IGNORERECOMMENDATIONS.TXT FILE
After next assessment run, which runs every 7 days by default, the recommendation will be marked as ignored and not appear in the assessment dashboard. You can also verify that the recommendation is ignored by running the following search query (example for AD Assessment)
If you want to enable the recommendation again you can remove the recommendation ID from the file, or remove the file.
Today there is no way to review details about all "collection rules" from the portal. You can either look in XML files on the OMS agent disk or if you have connected SCOM with OMS, you can see all the rules in the SCOM console. You can get general information about what each assessment is looking at by running the following query
Type=ADAssessmentRecommendation RecommendationPeriod=2016-12 IsRollup=true | select RecommendationId, FocusArea, ActionArea, Recommendation, Description | sort FocusArea,ActionArea, Recommendation
This query will list recommendations for the AD assessment, but you can replace ADAssessmentRecommendation with, for example, SQLAssessmentRecommendation to retrieve the same data for the SQL Server assessment.
Note: Microsoft is working on a solution to enable users to review all collection rules in the portal for directly connected agents.
Before you enable the Active Directory (AD) assessment solution, you should deploy agents on your domain controllers. The AD Assessment solution requires the .NET Framework 4.0 to be installed on each agent machine. No additional configuration is needed.
The AD Assessment solution runs a process called AdvisorAssessment.exe. This file is added to all servers with agents as soon as the solution is enabled in the workspace. The AD Assessment solution collects data every 7 days, and it takes around an hour to perform collection. The data collected is collected via WMI, registry and performance counters. It is not possible to control which time or day(s) the assessment run. If you uninstall the agent on a server that was discovered in the assessment the server will be removed from the assessment 3 weeks later.
Note: The Active Directory (AD) Assessment supports only Active Directory Domain Server (ADDS), not Azure AD (AAD).
Before you enable the SQL Assessment solution, you should deploy agents on all SQL servers that you would like to assess. The SQL Assessment works with SQL Server Standard, Developer, and Enterprise editions. The SQL Assessment solution requires .NET Framework 4 to be installed on each agent machine.
Note: If you use SQL Assessment solution together with SCOM, you need to configure an Operations Manager run-as account. For more information and guideline please see Microsoft Docs, https://docs.microsoft.com/sv-se/azure/log-analytics/log-analytics-sql-assessment
The SQL Assessment solution also runs a process called AdvisorAssessment.exe. This file is added to all servers with agents as soon as the solution is enabled in the workspace. The SQL Assessment solution collects data every 7 days, it takes around an hour to collect data. The data collected is WMI, registry data, SQL dynamic management view (DMV) and performance counters. It is not possible to control which time or day(s) the assessment run. As with the AD Assessment, if you uninstall the agent on a server that was discovered in the assessment, the server will be removed from the assessment in 3 weeks. Figure 13 shows the recommendation categories and details displayed in the default SQL assessment dashboard.
FIGURE 13. DEFAULT FOCUS AREAS IN THE DEFAULT SQL ASSESSMENT DASHBOARD
After you have enabled the SCOM Assessment in your workspace there is some additional configuration required. All steps are listed when you navigate to the assessment dashboard for the solution, shown in Figure 15. To configure the solution, perform the following steps:
FIGURE 14. CONFIGURATION OF THE SCOM ASSESSMENT
FIGURE 15. SCOM ASSESSMENT HAS COLLECTED DATA
Like the other assessment solutions, the SCOM Assessment solution uses a process called AdvisorAssessment.exe, that runs under the HealthService process on the management where the assessment rule is enabled. This file is added to all servers with agents as soon as the solution is enabled in the workspace. The SCOM Assessment solution collects data every 7 days (10080 minutes) by default. You can override this setting to a minimum of once a day (1440 minutes). It takes around an hour to collect data. The data collected is WMI data, registry data, event log data, and SCOM data through Windows PowerShell, SQL queries, and File information collector.
Note: The official documentation for SCOM Assessment solution says only SCOM 2012 SP1 and SCOM 2012 R2 are supported, but the authors have tested the solution on SCOM 2016, and it seems to work.
In this chapter, we looked at the AD Assessment, the SQL Assessment, and the SCOM Assessment solutions. All three review the current configuration and setup of its targeted technology. Each assessment provides recommendations on the product and focus areas it targets, as determined by Microsoft product team experts.
Incorrectly configured technologies can lead to unnecessary downtime and poor performance, both of which can affect business critical services. With these assessment solutions, you can identify potential configuration issues before they cause problems, and optimize your services. The chapter also walked through how to ignore recommendations to eliminate unwanted data in assessment results, find recommendation weight, as well as how to drill into each recommendation for more details.