Managing Connected Management Groups in Operations Manager 2007
Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1
Connected management groups enable the consolidation of alerts and the running of tasks from multiple management groups. Tasks can be initiated from a local management group to run on managed objects of a connected management group. This scenario is used to scale up the number of managed computers or objects you can monitor beyond the capabilities of a single management group.
The management group in which the data is consolidated is called the local management group, and those that contribute their data to the local management group are called the connected management groups. They relate to each other in a hierarchical fashion, with connected groups reporting up to local groups. The connected groups are in a peer-to-peer relationship with each other. Each connected group has no visibility or interaction with the other connected groups; the visibility is strictly from the local management group to the connected management group.
Communications between the connected and local management groups occur between the root management servers over TCP port 5724.
To Connect Operations Manager Management Groups
Use the following procedure to connect two management groups.
To connect Operations Manager management groups
Log on to the computer with a user account that is a member of the Operations Manager Administrator role for the Operations Manager 2007 management group.
In the Operations console, click the Administration button.
In the Administration pane, expand Administration, right-click Connected Management Groups, and then click Add Management Group.
Type the name for the connected management group in the Management Group name text box.
In the Root Management Server text box, type the name of the root management server in the connected management group.
You must define the root management server by its fully qualified domain name (FQDN).
Select one of the following radio buttons:
In either case, the account you use must be a member of the Operations Manager 2007 Administrators role for the connected management group.
Select Use SDK service account if the SDK Service account is the same account in both management groups.
Select Other user account if different credentials were used for the SDK service account in each management group, and then enter the credentials for the SDK service account used in the connected management group.
To Configure User Roles for Connected Management Groups
If you are attempting to view one or more connected management groups, the credentials you provide must be those of a member of a user role in each of the connected management groups. The scope defined for this user role defines the scope of alerts that can be viewed.
The Show Connected Alerts button will not be displayed to a user if the user is a member of a user role that is scoped for All Groups.
For example, consider an environment where two management groups are needed to monitor a large number of computers running Microsoft SQL Server. Both management groups have been connected. Tom has the responsibility of monitoring computers that are running SQL Server. The Operations Manager administrator wants Tom to be able to view alerts from both management groups in a single view. The Operations Manager administrators in both connected management groups assign Tom's account to a SQL Server Operator user role. When Tom clicks Show Connected Alerts, only SQL Server-related alerts from both management groups are displayed.
On the local management group, Tom needs to be a member of a user role whose group scope includes the connected management groups. Connected management groups are listed as object groups in the Group Scope tab in the User Role Properties dialog box. Only connected management groups that are selected can be viewed. For more information about user roles, see the Operations Manager 2007 Security Guide (http://go.microsoft.com/fwlink/?LinkId=64017).
To View Alerts from Connected Management Groups
Every time you start the Operations console, only alerts from the local management group are displayed. To view alerts from the connected management group, you need to provide credentials for a user from the connected management group.
To view alerts from the connected Management Group
Start the Operations console, and click the Monitoring button.
In the Monitoring pane, expand Monitoring, and then click Active Alerts.
In the Active Alerts pane, in the toolbar, click Show Connected Alerts.
In the Enter Credentials dialog box, type the user name, password, and domain name of a user in the connected management group.
The credentials entered must be from a user in the connected management groups that is a member of a role in Operations Manager. The scope of alerts that can be viewed is determined by the scope of the user's credentials.
Connecting Management Groups Across Untrusted Domains
There are two topologies available for connecting management groups that span untrusted domains. If only one connected management group is going to be connected to one local management group, the two management groups themselves can exist entirely within their respective domains as shown in the following figure.
If there are more than three management groups that are going to be connected, one local management group and two or more connected management groups, then both the local and connected management groups must span the two domains as shown in the following illustration.
In this example, the same rules for user roles still apply as described in the “To Configure User Roles for Connected Management Groups” topic in this document.