SCOM and Azure – Monitoring your Cloud infrastructure

I have been asked to think about how to extend an existing datacenter monitoring infrastructure into Azure. I like to see the extended datacenter as a transparent entity,so, my approach is to ignore the fact that the remote servers are in the (for now).

If I had a remote datacenter, the first think to take in account is the number of agents. If I have just a couple of machines there, I would let them report directly to the SCOM Server at the main DC. Bandwidth shouldn’t be an issue. If you have more thought, it would make sense to try and optimize the bandwidth usage.

Since all the SCOM 2012 Management servers have to talk to the database directly, it doesn’t help a lot to have a remote management server. You will basically change the type of traffic from port 5723 to SQL server data. If you have some way to optimize the traffic, maybe you could think about. The answer for that is to use a Gateway server in the remote DC (Azure, in our case).

For our lab purposes, I already have a connection to my remote network and a server deployed there (see a previous article for that). Now, I will deploy a SCOM gateway server, connect it to my main location (home, sweet home) and allow for my remote DC to report to the gateway server.

Let’s get to work!

First, let’s review the configuration:

Now, let’s create the SCOM gateway in Azure:

Basic configuration:


Now let’s wait.

Ok, the VM is ready. I can connect (RDP) internally to the VM, so I will join it to the domain, and install SCOM SW

Note: you normally can’t ping the VM. You have to enable the proper rules in the firewall to allow that.

Now you should see it here:

Reject it!

Now approve the gateway:

Now that we have the Gateway, let’s deploy the DC agent:

Here’s a trick: usually, things behind a gateway are not directly manageable and therefore, the agent is normally installed manually. However, we CAN manage the remote DC and I’m using the GW just to reduce traffic. So, I will install the agent from the console, and then redirect the management to the gateway. Behold:

Once you have the DC and the gateway reporting properly, we can just switch the management server for the Azure DC:



And ther eyou have it. The Gateway will serve as concentraition point in azure, to avoid external traffic.

Hope this helps!