Reliability Workbook for Microsoft System Center Operations Manager

Overview

Service health is the state in which a service and all the components it depends on are behaving as desired within acceptable limits. This task list provides a schedule of proactive health monitoring and maintenance tasks to review and adapt to your individual requirements. For further instructions about the configuration and use of this task list, see the Administrator's Guide for Reliability Workbooks at www.microsoft.com/mof.

Task List Columns

  • Health Attribute: A group of requirements for a healthy system.
  • Health Area: A category of health action.
  • Health Requirement: A requirement in a particular health control area that drives monitoring activity, which ensures continued component health.
  • Monitoring Task: An action that involves observing trends and paying attention to warning levels and error alerts. These alerts will trigger maintenance tasks.
  • Maintenance Task: Regularly scheduled or trend-driven work that ensures the continued health of the component.
  • Monitoring Parameter: The picture of health for a component. These conditions are determined by your organization's requirements and may vary according to factors such as the component's importance to the business, the size of the organization, or staffing constraints.
  • Owner: Person with the responsibility to ensure that a task is done. The owner can complete the task, automate it, or delegate it and confirm that the work has been done.
  • Notes: Additional information relating to this item.

Monitoring Activities

Microsoft System Center Operations Manager Agents

Check the Operations Manager Health service Windows service state.

Health requirement

The agent is able to collect health data.

Monitoring task

Check the Operations Manager Health service Windows service state.

Monitoring parameter

The Operations Manager Health service Windows service is running.

Manual

Verify that the service is running.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Agent

Frequency

Hourly

Owner

Operator

Query the service state and the configuration.

Health requirement

The agent is able to collect health data.

Monitoring task

Query the service state and the configuration.

Monitoring parameter

The configuration of the Health service is correct.

Manual

View the configuration of the service.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Agent

Frequency

Hourly

Owner

Operator

Ping the computer by using the Internet Control Message Protocol.

Health requirement

The agent is able to collect health data.

Monitoring task

Ping the computer by using Internet Control Message Protocol.

Monitoring parameter

The computer responds to ping requests.

Manual

Run the ping command, and view state.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Agent

Frequency

Hourly

Owner

Operator

Verify that the configuration threshold of agents is up to date.

Health requirement

The agent is able to collect health data.

Monitoring task

Verify that the configuration threshold of agents is up to date.

Monitoring parameter

The configuration of the agent is synchronized with the management server.

Manual

Verify that the configuration of the agent is synchronized with the management server.

Automation

Check with the management pack unit monitor.

Health attribute

Patching

Health area

Agent

Frequency

Daily

Owner

Operator

Check connectivity to management servers using the TCP port configured for the Health service, which defaults to TCP port 5723.

Health requirement

The agent can communicate with other Microsoft System Center Operations Manager server roles.

Monitoring task

Check connectivity to management servers using the TCP port configured for the Health service, which defaults to TCP port 5723.

Monitoring parameter

The root management server can communicate with other Microsoft System Center Operations Manager server roles.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Agent

Frequency

Hourly

Owner

Operator

Check patch levels.

Health requirement

The agent is able to collect health data and communicate with other Microsoft System Center Operations Manager server roles.

Monitoring task

Check patch levels.

Monitoring parameter

The agent is able to collect health data and communicate with other Microsoft System Center Operations Manager server roles.

Manual

Verify that the configuration of the agent is synchronized with current patch levels.

Automation

Check with the Desired Configuration Management feature in Microsoft System Center Configuration Manager.

Health attribute

Patching

Health area

Agent

Frequency

Daily

Owner

Operator

Ensure that agent proxy is not enabled.

Health requirement

Reduces the attack surface and helps prevent Denial Of Service attacks.

Monitoring task

Ensure that the agent proxy is not enabled.

Monitoring parameter

The agent proxy configuration setting is not enabled.

Manual

Automation

Check with the Desired Configuration Management feature in Microsoft System Center Configuration Manager.

Health attribute

Security

Health area

Agent

Frequency

Daily

Owner

Operator

Ensure that certificates have not expired.

Health requirement

The agent can communicate with other Microsoft System Center Operations Manager server roles.

Monitoring task

Ensure that certificates have not expired.

Monitoring parameter

The agent certificate is valid.

Manual

Verify the certificate validity in the Certificates console on agents.

Automation

Check with the custom unit monitor or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

Agent

Frequency

Hourly

Owner

Operator

Ensure agents are not reloading configuration too frequently.

Health requirement

Processor utilization usage for agent should be appropriate.

Monitoring task

Check the Microsoft System Center Operations Manager event log for event ID 21025.

Monitoring parameter

There should be no more than one event ID 21025 in the Microsoft System Center Operations Manager event log per hour.

Manual

View the Microsoft System Center Operations Manager event log.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Performance

Health area

Agent

Frequency

Daily

Owner

Operator

Ensure that agents are not restarting.

Health requirement

Agents should not restart.

Monitoring task

Check the Microsoft System Center Operations Manager event log for event ID 102.

Monitoring parameter

Under normal conditions, the agent should not restart.

Manual

View the Microsoft System Center Operations Manager event log.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Availability

Health area

Agent

Frequency

Daily

Owner

Operator

Root Management Server

Check connectivity among connected management groups.

Health requirement

The root management server is able to communicate with connected management groups.

Monitoring task

Check connectivity among connected management groups.

Monitoring parameter

The root management server is able to communicate with connected management groups.

Manual

View Operations console to verify connectivity.

Automation

Check with the custom unit monitor or use a Windows PowerShell script.

Health attribute

Availability

Health area

Root Management Server

Frequency

Hourly

Owner

Operator

Verify proper operation of the Lightweight Directory Access Protocol module for Active Directory Domain Services integration.

Health requirement

The root management server is able to communicate with Active Directory Domain Services.

Monitoring task

Check proper operation of the Lightweight Directory Access Protocol module for Active Directory Domain Services integration.

Monitoring parameter

The root management server is able to perform Lightweight Directory Access Protocol queries with Active Directory Domain Services.

Manual

View event logs for Active Directory Domain Services–related events.

Automation

Check with the management pack unit monitor.

Health attribute

Security

Health area

Active Directory Domain Services Integration

Frequency

Hourly

Owner

Operator

Check the Operations Manager Health service Windows service state.

Health requirement

The root management server is able to aggregate health data from agents.

Monitoring task

Check the Operations Manager Health service Windows service state.

Monitoring parameter

The Operations Manager Health service Windows service is running.

Manual

Verify that the service is running.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Root Management Server

Frequency

Hourly

Owner

Operator

Check the System Center Data Access service Windows service state.

Health requirement

The root management server is able to communicate with Operations console and other integrated services.

Monitoring task

Check the System Center Data Access service Windows service state.

Monitoring parameter

The System Center Data Access service Windows service is running.

Manual

Verify that the service is running.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Root Management Server

Frequency

Hourly

Owner

Operator

Check the Management Configuration service Windows service state.

Health requirement

The root management server is able to configure agents.

Monitoring task

Check the Management Configuration service Windows service state.

Monitoring parameter

The Management Configuration service Windows service is running.

Manual

Verify that the service is running.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Root Management Server

Frequency

Hourly

Owner

Operator

Check the health of the OperationsManager database.

Health requirement

The root management server is able to read and modify the OperationsManager database.

Monitoring task

Check the health of the OperationsManager database.

Monitoring parameter

The OperationsManager database is healthy.

Manual

Verify that the database is mounted and healthy in Microsoft SQL Server Management Studio and that no errors appear in the event log that relate to the OperationsManager database.

Check the Microsoft System Center Operations Manager log on the root management server for event ID 3333 from the Data Access Layer source.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Check the health of the Microsoft SQL Server computer hosting the OperationsManager database.

Health requirement

The root management server is able to read and modify the OperationsManager database.

Monitoring task

Check the health of the Microsoft SQL Server computer hosting the OperationsManager database.

Monitoring parameter

The Microsoft SQL Server computer hosting the OperationsManager database is healthy.

Manual

Verify that Microsoft SQL Server is running in SQL Server Management Studio and that no errors appear in the event log that relate to the OperationsManager database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Check the health of the root management server cluster when running in the cluster configuration.

Health requirement

The root management server is able to aggregate health data from agents.

Monitoring task

Check the health of the root management server cluster when running in the cluster configuration.

Monitoring parameter

The root management server server role is running on the active node of the cluster.

Manual

Verify cluster node health using the Cluster Management console and that no errors appear in the event log that relate to Microsoft System Center Operations Manager.

Automation

Check with the custom management pack unit monitor and cluster management pack.

Health attribute

Availability

Health area

Root Management Server

Frequency

Hourly

Owner

Operator

Check connectivity to the OperationsManager database using the TCP port configured for database access—by default, TCP port 1433.

Health requirement

The root management server can communicate with the OperationsManager database.

Monitoring task

Check connectivity to the OperationsManager database using the TCP port configured for database access—by default, TCP port 1433.

Monitoring parameter

The root management server can communicate with the OperationsManager database.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Check connectivity to the data warehouse database using the TCP port configured for the database access—by default, TCP port 1433.

Health requirement

The root management server can communicate with the data warehouse database.

Monitoring task

Check connectivity to the data warehouse database using the TCP port configured for database access—by default, TCP port 1433.

Monitoring parameter

The root management server can communicate with the data warehouse database.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Data Warehouse Database

Frequency

Hourly

Owner

Operator

Check connectivity to other Microsoft System Center Operations Manager server roles using the TCP port configured for the Health service—by default, TCP port 5723.

Health requirement

The root management server can communicate with other Microsoft System Center Operations Manager server roles.

Monitoring task

Check connectivity to other Microsoft System Center Operations Manager server roles using the TCP port configured for the Health service—by default, TCP port 5723.

Monitoring parameter

The root management server can communicate with other Microsoft System Center Operations Manager server roles.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Root Management Server

Frequency

Hourly

Owner

Operator

Check the health of the data warehouse database.

Health requirement

The root management server is able to read and modify the data warehouse database.

Monitoring task

Check the health of the data warehouse database.

Monitoring parameter

The data warehouse database is healthy.

Manual

Verify that the database is mounted and healthy in Microsoft SQL Server Management Studio and that no errors appear in the event log that relate to the data warehouse database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

Data Warehouse Database

Frequency

Hourly

Owner

Operator

Check the health of the Microsoft SQL Server computer hosting the data warehouse database.

Health requirement

The root management server is able to read and modify the data warehouse database.

Monitoring task

Check the health of the Microsoft SQL Server computer hosting the data warehouse database.

Monitoring parameter

The Microsoft SQL Server computer hosting the data warehouse database is healthy.

Manual

Verify that Microsoft SQL Server is running in SQL Server Management Studio and that no errors appear in the event log that relate to the data warehouse database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

Data Warehouse Database

Frequency

Hourly

Owner

Operator

Check the heartbeat of managed computers.

Health requirement

The root management server is able to collect health information from computers without agents.

Monitoring task

Check the heartbeat of managed computers.

Monitoring parameter

The root management server receives heartbeat communications from managed computers.

Manual

Verify that no errors appear in the event log that relate to the Microsoft System Center Operations Manager heartbeat.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Root Management Server

Frequency

Hourly

Owner

Operator

Check Run As accounts to ensure that only minimal permissions and rights are assigned.

Health requirement

Run As accounts are configured with minimal permissions and rights.

Monitoring task

Check Run As accounts to ensure that only minimal permissions and rights are assigned.

Monitoring parameter

Run As accounts are configured with minimal permissions and rights.

Manual

Verify assigned permissions and rights for resources that are accessed by Run As accounts.

Automation

Check with Windows PowerShell scripts.

Health attribute

Security

Health area

Agent

Frequency

Daily

Owner

Operator

Check scopes to ensure that they include the appropriate monitoring objects.

Health requirement

Scopes include the appropriate monitoring objects so that IT pros can run necessary tasks and monitor necessary IT services.

Monitoring task

Check scopes to ensure that they include the appropriate monitoring objects.

Monitoring parameter

Scopes include the appropriate monitoring objects.

Manual

Verify the list of monitoring objects in each scope in the Operations console.

Automation

Check with Windows PowerShell scripts.

Health attribute

Security

Health area

Operations Console

Frequency

Monthly

Owner

Operator

Check Microsoft System Center Operations Manager user role membership to ensure that the appropriate users are assigned to a user role.

Health requirement

Only authorized users are able to perform specific tasks based on job role.

Monitoring task

Check Microsoft System Center Operations Manager user role membership to ensure that the appropriate users are assigned to a user role.

Monitoring parameter

The appropriate authorized users are able to perform their job roles because they are assigned to the appropriate user roles.

Manual

Verify list users for each user role in the Operations console.

Automation

Check with Windows PowerShell scripts.

Health attribute

Security

Health area

Operations Console

Frequency

Monthly

Owner

Operator

Check Microsoft System Center Operations Manager privileges assigned to custom profiles to ensure that the appropriate privileges are assigned to a profile.

Health requirement

Only authorized users are able to perform specific tasks based on job role.

Monitoring task

Check Microsoft System Center Operations Manager privileges assigned to custom profiles to ensure that the appropriate privileges are assigned to a profile.

Monitoring parameter

The appropriate authorized users are able to perform their job roles because they are assigned to the appropriate profiles, which are assigned the appropriate privileges.

Manual

Verify the privileges assigned to each profile in the Operations console.

Automation

Check with Windows PowerShell scripts.

Health attribute

Security

Health area

Operations Console

Frequency

Monthly

Owner

Operator

Check permissions and privileges assigned to agent action accounts.

Health requirement

The agent is able to perform the necessary actions.

Monitoring task

Check permissions and privileges assigned to agent action accounts.

Monitoring parameter

The minimal permissions and privileges are assigned to the agent action.

Manual

Verify permissions and privileges assigned to agent actions in Microsoft Management Console, such as Active Directory Users and Computers.

Automation

Check with Windows PowerShell scripts.

Health attribute

Security

Health area

Agent

Frequency

Monthly

Owner

Operator

Check permissions and privileges assigned to the SDK and Config Service accounts.

Health requirement

Services are able to perform corresponding functions.

Monitoring task

Check permissions and privileges assigned to the SDK and Config Service accounts.

Monitoring parameter

The minimal permissions and privileges are assigned to the SDK and Config Service accounts.

Manual

Verify permissions and privileges assigned to service accounts in Microsoft Management Console, such as Active Directory Users and Computers.

Automation

Check with Windows PowerShell scripts.

Health attribute

Security

Health area

Root Management Server

Frequency

Monthly

Owner

Operator

Check permissions and privileges assigned to the Agent Installation account.

Health requirement

An agent can be installed successfully on the targeted computers.

Monitoring task

Check permissions and privileges assigned to the Agent Installation account.

Monitoring parameter

The Agent Installation account has only the minimal permissions required for installing an agent on target computers (members of the local Administrators group instead of being members of Domain Admins).

Manual

Verify permissions and privileges assigned to the agent installation account in Microsoft Management Console, such as Active Directory Users and Computers.

Automation

Check with Windows PowerShell scripts.

Health attribute

Security

Health area

Agent

Frequency

Monthly

Owner

Operator

Check permissions and privileges assigned to the Data Warehouse Write account.

Health requirement

The root management server and management servers can modify the data warehouse database.

Monitoring task

Check permissions and privileges assigned to the Data Warehouse Write account.

Monitoring parameter

The account has only the minimal permissions required for modifying the data warehouse database.

Manual

Verify the appropriate database permissions in Microsoft SQL Server Management Studio.

Automation

Check with Windows PowerShell scripts.

Health attribute

Security

Health area

Data Warehouse Database

Frequency

Monthly

Owner

Operator

Check permissions and privileges assigned to the Data Reader account.

Health requirement

The root management server and management servers can read the data warehouse database.

Monitoring task

Check permissions and privileges assigned to the Data Reader account.

Monitoring parameter

The account has only the minimal permissions required for reading the data warehouse database.

Manual

Verify the appropriate database permissions in Microsoft SQL Server Management Studio.

Automation

Check with Windows PowerShell scripts.

Health attribute

Security

Health area

Data Warehouse Database

Frequency

Monthly

Owner

Operator

Check the validity of certificates for gateway servers.

Health requirement

The root management server can communicate with gateway servers.

Monitoring task

Check the validity of certificates for gateway servers.

Monitoring parameter

Certificates used for mutual authentication between the root management server and gateway servers are valid.

Manual

Verify the certificate validity in the Certificates Microsoft Management Console snap-in on the root management server and gateway servers.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

Gateway Server

Frequency

Monthly

Owner

Operator

Check the validity of certificates for management servers.

Health requirement

The root management server can communicate with management servers.

Monitoring task

Check the validity of certificates for management servers.

Monitoring parameter

Certificates used for mutual authentication between the root management server and management servers are valid.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in on the root management server and management servers.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

Management Server

Frequency

Monthly

Owner

Operator

Check the root management server’s response to access from the Web console or Operations console.

Health requirement

The root management server responds to the Web console or Operations console in a timely manner.

Monitoring task

Check the root management server’s response to access from the Web console or Operations console.

Monitoring parameter

Response to access from the Web console or Operations console must fall within acceptable, previously established baselines.

Manual

Verify the response times by performing predefined tasks in the Web console or Operations console.

Automation

Check by using synthetic transactions in a custom management pack.

Health attribute

Performance

Health area

Root Management Server

Frequency

Hourly

Owner

Operator

Check the root management server’s capacity to process collected health data from managed computers.

Health requirement

The root management server is able to process health data and update health status in the health hierarchy in a timely manner.

Monitoring task

Check the root management server’s capacity to process collected health data from managed computers.

Monitoring parameter

The ability to process incoming collected health data and update healthy hierarchy must fall within acceptable, previously established baselines.

Manual

Verify the response times by viewing latency in the health hierarchy after a predetermined change in health status occurs in the Operations console.

Automation

Check by using synthetic transactions in a custom management pack.

Health attribute

Performance

Health area

Root Management Server

Frequency

Hourly

Owner

Operator

Check latency in reporting alerts.

Health requirement

The root management server is able to process alerts in a timely manner.

Monitoring task

Check latency in reporting alerts.

Monitoring parameter

The ability to process alerts must fall within acceptable, previously established baselines.

Manual

Verify the response times by viewing latency in alert reporting after a predetermined change in health status occurs in the Operations console.

Automation

Check by using synthetic transactions in a custom management pack.

Health attribute

Performance

Health area

Root Management Server

Frequency

Hourly

Owner

Operator

Ensure that agents are not reloading configuration too frequently.

Health requirement

Processor utilization usage for an agent should be appropriate.

Monitoring task

Check the Microsoft System Center Operations Manager event log for event ID 21025.

Monitoring parameter

There should be no more than one event ID 21025 in the Microsoft System Center Operations Manager event log per hour.

Manual

View the Microsoft System Center Operations Manager event log.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Performance

Health area

Root Management Server

Frequency

Daily

Owner

Operator

Ensure that agents are not restarting.

Health requirement

Agents should not restart.

Monitoring task

Check the Microsoft System Center Operations Manager event log for event ID 102.

Monitoring parameter

Under normal conditions, the agent should not restart.

Manual

View the Microsoft System Center Operations Manager event log.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Availability

Health area

Root Management Server

Frequency

Daily

Owner

Operator

Operations Manager Database Server

Check the health of Microsoft SQL Server.

Health requirement

The OperationsManager database can be accessed by the root management server and management servers.

Monitoring task

Check the health of Microsoft SQL Server.

Monitoring parameter

The Microsoft SQL Server instance hosting the OperationsManager database is healthy.

Manual

Verify that the database is mounted and healthy in Microsoft SQL Server Management Studio and that no errors appear in the event log that relate to the OperationsManager database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Check the health of the Microsoft SQL Server cluster when running in a cluster configuration.

Health requirement

The OperationsManager database can be accessed by the root management server and management servers.

Monitoring task

Check the health of the Microsoft SQL Server cluster when running in a cluster configuration.

Monitoring parameter

The Microsoft SQL Server instance hosting the OperationsManager database is running on the active node of the cluster.

Manual

Verify cluster node health using the Cluster Management console and that no errors appear in the event log that relate to Microsoft System Center Operations Manager.

Automation

Check with the custom management pack unit monitor and cluster management pack.

Health attribute

Availability

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Check connectivity to the root management server and management servers using the TCP port configured for the database access—by default, TCP port 1433.

Health requirement

The root management server and management servers can communicate with the data warehouse database.

Monitoring task

Check connectivity to the root management server and management servers using the TCP port configured for database access—by default, TCP port 1433.

Monitoring parameter

The root management server and management servers can communicate with the data warehouse database.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Check the service account used to access OperationsManager database to ensure that only minimal permissions and rights are assigned.

Health requirement

The root management server and management servers can communicate with the OperationsManager database.

Monitoring task

Check the service account used to access the OperationsManager database to ensure that only minimal permissions and rights are assigned.

Monitoring parameter

The service account has the ability to read and modify the OperationsManager database.

Manual

Verify the appropriate database permissions in Microsoft SQL Server Management Studio.

Automation

Check with Windows PowerShell scripts.

Health attribute

Security

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Check the response time for root management server and management server access.

Health requirement

The root management server and management servers receive timely responses from the data warehouse database.

Monitoring task

Check the response time for root management server and management server access.

Monitoring parameter

The response to queries for the OperationsManager database must fall within acceptable, previously established baselines.

Manual

Verify the response times with Microsoft SQL Server performance counters.

Automation

Check with the management pack unit monitor.

Health attribute

Performance

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Check latency in write operations to the OperationsManager database.

Health requirement

The root management server and management servers can write to the database in a timely manner.

Monitoring task

Check latency in write operations to the OperationsManager database.

Monitoring parameter

The response time to write operations to the OperationsManager database must fall within acceptable, previously established baselines.

Manual

Verify the response times with Microsoft SQL Server performance counters.

Automation

Check with the management pack unit monitor.

Health attribute

Performance

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Notes

Often characterized by a recurring event logged on the root management server

Ensure that the backup successfully finished.

Health requirement

Backup of the OperationsManager database finished successfully.

Monitoring task

Ensure that the backup successfully finished.

Monitoring parameter

Backup of the OperationsManager database finished successfully.

Manual

Verify the backup based on log files from backup software.

Automation

Check with the management pack unit monitor.

Health attribute

Continuity

Health area

OperationsManager Database

Frequency

Daily

Owner

Operator

Management Servers

Check the Operations Manager Health service Windows service state.

Health requirement

The management server is able to aggregate health data from agents.

Monitoring task

Check the Operations Manager Health service Windows service state.

Monitoring parameter

The Operations Manager Health service Windows service is running.

Manual

Verify that the service is running.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Management Server

Frequency

Hourly

Owner

Operator

Check the health of primary and failover management servers when running in this configuration.

Health requirement

The management server is able to aggregate health data from agents in the event of the failure of the primary management server.

Monitoring task

Check the health of primary and failover management servers when running in this configuration.

Monitoring parameter

Either the primary or failover management server is healthy and able to aggregate health data from agents. If both are healthy, indicate healthy status. If one is unhealthy, indicate warning status. If both are unhealthy, indicate error status.

Manual

Verify the health state of the primary and failover management server in Operations console.

Automation

Check with Microsoft System Center Operations Manager management pack.

Health attribute

Continuity

Health area

Management Server

Frequency

Hourly

Owner

Operator

Check the health of the OperationsManager database.

Health requirement

The management server is able to read and modify the OperationsManager database.

Monitoring task

Check the health of the OperationsManager database.

Monitoring parameter

The OperationsManager database is healthy.

Manual

Verify that the database is mounted and healthy in Microsoft SQL Server Management Studio and that no errors appear in the event log that relate to the OperationsManager database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Check the health of the Microsoft SQL Server instance hosting the OperationsManager database.

Health requirement

The management server is able to read and modify the OperationsManager database.

Monitoring task

Check the health of the Microsoft SQL Server instance hosting the OperationsManager database.

Monitoring parameter

The Microsoft SQL Server instance hosting the OperationsManager database is healthy.

Manual

Verify that Microsoft SQL Server is running in SQL Server Management Studio and that no errors appear in the event log that relate to the OperationsManager database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Check connectivity to the OperationsManager database using the TCP port configured for database access—by default, TCP port 1433.

Health requirement

The root management servers and management servers can communicate with the OperationsManager database.

Monitoring task

Check connectivity to the OperationsManager database using the TCP port configured for database access—by default, TCP port 1433.

Monitoring parameter

The root management servers and management servers can communicate with the OperationsManager database.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

OperationsManager Database

Frequency

Hourly

Owner

Operator

Check connectivity to the data warehouse database using the TCP port configured for database access—by default, TCP port 1433.

Health requirement

The management server can communicate with the data warehouse database.

Monitoring task

Check connectivity to the data warehouse database using the TCP port configured for database access—by default, TCP port 1433.

Monitoring parameter

The management server can communicate with the data warehouse database.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Data Warehouse Database

Frequency

Hourly

Owner

Operator

Check connectivity to other Microsoft System Center Operations Manager server roles using the TCP port configured for the Health service—by default, TCP port 5723.

Health requirement

The management server can communicate with other Microsoft System Center Operations Manager server roles.

Monitoring task

Check connectivity to other Microsoft System Center Operations Manager server roles using the TCP port configured for the Health service—by default, TCP port 5723.

Monitoring parameter

The management server can communicate with other Microsoft System Center Operations Manager server roles.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Management Server

Frequency

Hourly

Owner

Operator

Check the health of the data warehouse database.

Health requirement

The management server is able to read and modify the data warehouse database.

Monitoring task

Check the health of the data warehouse database.

Monitoring parameter

The data warehouse database is healthy.

Manual

Verify that the database is mounted and healthy in Microsoft SQL Server Management Studio and that no errors appear in the event log that relate to the data warehouse database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

Data Warehouse Database

Frequency

Hourly

Owner

Operator

Check the health of the Microsoft SQL Server instance hosting the data warehouse database.

Health requirement

The management server is able to read and modify the data warehouse database.

Monitoring task

Check the health of the Microsoft SQL Server instance hosting the data warehouse database.

Monitoring parameter

The Microsoft SQL Server instance hosting the data warehouse database is healthy.

Manual

Verify that Microsoft SQL Server is running in SQL Server Management Studio and that no errors appear in the event log that relate to the data warehouse database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

Data Warehouse Database

Frequency

Hourly

Owner

Operator

Check the heartbeat of managed computers.

Health requirement

The management server is able to collect health information from computers without agents.

Monitoring task

Check the heartbeat of managed computers.

Monitoring parameter

The management server receives heartbeat communications from managed computers.

Manual

Verify that no errors appear in the event log that relate to the Microsoft System Center Operations Manager heartbeat.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Management Server

Frequency

Hourly

Owner

Operator

Check the validity of certificates for the root management server.

Health requirement

Management servers can communicate with the root management servers.

Monitoring task

Check the validity of certificates for the root management server.

Monitoring parameter

Certificates used for mutual authentication between management servers and the root management servers are valid.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in on management servers and the root management server.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

Root Management Server

Frequency

Monthly

Owner

Operator

Check the validity of certificates for gateway servers.

Health requirement

Management servers can communicate with gateway servers.

Monitoring task

Check the validity of certificates for gateway servers.

Monitoring parameter

Certificates used for mutual authentication between the root management server and gateway servers are valid.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in on the root management server and gateway servers.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

Gateway Server

Frequency

Monthly

Owner

Operator

Ensure that certificates have not expired.

Health requirement

Management servers can communicate with other Microsoft System Center Operations Manager server roles.

Monitoring task

Ensure that certificates have not expired.

Monitoring parameter

management server certificates are valid.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in on management servers.

Automation

Check with the custom unit monitor, or use Windows PowerShell scripts.

Health attribute

Confidentiality

Health area

Management Server

Frequency

Hourly

Owner

Operator

Ensure agents are not reloading configuration too frequently.

Health requirement

Processor utilization usage for agent should be appropriate.

Monitoring task

Check the Microsoft System Center Operations Manager event log for event ID 21025.

Monitoring parameter

There should be no more than one event ID 21025 in the Microsoft System Center Operations Manager event log per hour.

Manual

View the Microsoft System Center Operations Manager event log.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Performance

Health area

Management Server

Frequency

Daily

Owner

Operator

Ensure that agents are not restarting.

Health requirement

Agents should not restart.

Monitoring task

Check the Microsoft System Center Operations Manager event log for event ID 102.

Monitoring parameter

Under normal conditions, the agent should not restart.

Manual

View the Microsoft System Center Operations Manager event log

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Availability

Health area

Management Server

Frequency

Daily

Owner

Operator

Gateway Servers

Check proper firewall rules to allow traffic to gateway servers.

Health requirement

Gateway servers can communicate with other server roles.

Monitoring task

Check proper firewall rules to allow traffic to gateway servers.

Monitoring parameter

Gateway servers can communicate with other Microsoft System Center Operations Manager server roles using the TCP port configured for the gateway server.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a port scan utility to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Gateway Server

Frequency

Hourly

Owner

Operator

Check the Operations Manager Health service Windows service state.

Health requirement

Gateway servers are able to aggregate health data from agents.

Monitoring task

Check the Operations Manager Health service Windows service state.

Monitoring parameter

The Operations Manager Health service Windows service is running.

Manual

Verify that the service is running.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Gateway Server

Frequency

Hourly

Owner

Operator

Check the health of primary and failover gateway servers when running in this configuration.

Health requirement

Gateway servers are able to aggregate health data from agents in the event of the failure of the primary management server.

Monitoring task

Check the health of primary and failover gateway servers when running in this configuration.

Monitoring parameter

Either the primary or failover gateway server is healthy and able to aggregate health data from agents. If both are healthy, indicate healthy status. If one is unhealthy, indicate warning status. If both are unhealthy, indicate error status.

Manual

Verify the health state of the primary and failover gateway servers in Operations console.

Automation

Check with the Microsoft System Center Operations Manager management pack.

Health attribute

Continuity

Health area

Gateway Server

Frequency

Hourly

Owner

Operator

Check connectivity to other Microsoft System Center Operations Manager server roles using the TCP port configured for the Health service—by default, TCP port 5723.

Health requirement

Gateway servers can communicate with other Microsoft System Center Operations Manager server roles.

Monitoring task

Check connectivity to other Microsoft System Center Operations Manager server roles using the TCP port configured for the Health service—by default, TCP port 5723.

Monitoring parameter

Gateway servers can communicate with other Microsoft System Center Operations Manager server roles.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Gateway Server

Frequency

Hourly

Owner

Operator

Check the validity of certificates for the root management server.

Health requirement

Gateway servers can communicate with the Root management server.

Monitoring task

Check the validity of certificates for the root management server.

Monitoring parameter

Certificates used for mutual authentication between gateway server and the root management server are valid.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in on gateway servers and the root management server.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

Root Management Server

Frequency

Monthly

Owner

Operator

Check the validity of certificates for management servers.

Health requirement

Gateway server can communicate with management servers.

Monitoring task

Check the validity of certificates for management servers.

Monitoring parameter

Certificates used for mutual authentication between gateway servers and the management server are valid.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in on gateway servers and management servers.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

Management Server

Frequency

Monthly

Owner

Operator

Ensure that certificates have not expired.

Health requirement

Gateway server can communicate with other Microsoft System Center Operations Manager server roles.

Monitoring task

Ensure that certificates have not expired.

Monitoring parameter

Gateway server certificates are valid.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in on gateway servers.

Automation

Check with the custom unit monitor, or use Windows PowerShell scripts.

Health attribute

Confidentiality

Health area

Gateway Server

Frequency

Hourly

Owner

Operator

Operations Console

Check connectivity to the root management server using the TCP port configured for the Health service—by default, TCP port 5723.

Health requirement

Operations console can communicate with the root management server.

Monitoring task

Check connectivity to the root management server using the TCP port configured for the Health service—by default, TCP port 5723.

Monitoring parameter

Operations console can communicate with the root management server.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Operations Console

Frequency

Hourly

Owner

Operator

Check the version of Operations console supported for the corresponding deployment of Microsoft System Center Operations Manager.

Health requirement

The current version of Operations console is compatible with Microsoft System Center Operations Manager.

Monitoring task

Check the version of Operations console supported for the corresponding deployment of Microsoft System Center Operations Manager.

Monitoring parameter

Operations console is compatible with the version of Microsoft System Center Operations Manager.

Manual

Check the version of Operations console in Help/About and the version of Microsoft System Center Operations Manager in Help/About on the server.

Automation

Check with the custom unit monitor, or use Windows PowerShell scripts.

Health attribute

Patching

Health area

Operations Console

Frequency

Weekly

Owner

Operator

Check connectivity to Reporting server using the TCP port configured for the Reporting server—by default, TCP port 80.

Health requirement

Operations console can communicate with the Reporting server.

Monitoring task

Check connectivity to the Reporting server using the TCP port configured for the Reporting server—by default, TCP port 80.

Monitoring parameter

Operations console can communicate with the Reporting server.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Operations Console

Frequency

Hourly

Owner

Operator

Web Console

Check the Microsoft Internet Information Services server health state.

Health requirement

Microsoft System Center Operations Manager can be accessed through a Web browser.

Monitoring task

Check the Microsoft Internet Information Services server health state.

Monitoring parameter

Microsoft System Center Operations Manager can be accessed through a Web browser internally or over the Internet.

Manual

Verify that the Web service is running in Web console.

Automation

Check with the Microsoft Internet Information Services management pack or use a custom Web monitor.

Health attribute

Availability

Health area

Web Console

Frequency

Hourly

Owner

Operator

Verify that Secure Sockets Layer is used when Web console is accessed over the Internet.

Health requirement

Microsoft System Center Operations Manager can be accessed through a Web browser over a Secure Sockets Layer connection.

Monitoring task

Verify that Secure Sockets Layer is used when Web console is accessed over the Internet.

Monitoring parameter

Microsoft System Center Operations Manager can be accessed through a Web browser over a Secure Sockets Layer connection over the Internet.

Manual

Ensure that Web console rejects connections without Secure Sockets Layer.

Automation

Check with the Microsoft management pack or Windows PowerShell scripts.

Health attribute

Confidentiality

Health area

Web Console

Frequency

Hourly

Owner

Operation

Audit Collection Services Forwarders

Check the Audit Collection Services Forwarder Windows service state.

Health requirement

Audit Collection Services Forwarders can aggregate health data from agents.

Monitoring task

Check the Audit Collection Services Forwarder Windows service state.

Monitoring parameter

The Audit Collection Services Forwarder Windows service is running.

Manual

Verify that the service is running.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

ACS Forwarder

Frequency

Hourly

Owner

Operator

Check connectivity to the Audit Collection Services (ACS) Collector server using the TCP port configured for the ACS Collector server—by default, TCP port 51909.

Health requirement

Audit Collection Services (ACS) Forwarders can communicate with the ACS Collector server.

Monitoring task

Check connectivity to the Audit Collection Services (ACS) Collector server using the TCP port configured for the ACS Collector server—by default, TCP port 5723.

Monitoring parameter

Audit Collection Services (ACS) Forwarders can communicate with ACS Collector servers.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

ACS Forwarder

Frequency

Hourly

Owner

Operator

Check the validity of certificates for Audit Collection Services Forwarders.

Health requirement

Audit Collection Services (ACS) Forwarders can communicate with ACS Collector servers.

Monitoring task

Check the validity of certificates for Audit Collection Services Forwarders.

Monitoring parameter

Certificates used for mutual authentication between Audit Collection Services (ACS) Forwarders and ACS Collector servers are valid.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in on Audit Collection Services (ACS) Forwarder and ACS Collector servers.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

ACS Forwarder

Frequency

Monthly

Owner

Operator

Audit Collection Services Collector Server

Check the Audit Collection Services Collector server Windows service state.

Health requirement

Audit Collection Services Collector servers are able to aggregate health data from agents.

Monitoring task

Check the Audit Collection Services Collector server Windows service state.

Monitoring parameter

The Audit Collection Services Collector server Windows service is running.

Manual

Verify that the service is running.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

ACS Collector Server

Frequency

Hourly

Owner

Operator

Check connectivity to Audit Collection Services (ACS) Collector server using the TCP port configured for the ACS Collector server—by default, TCP port 51909.

Health requirement

Audit Collection Services (ACS) Collector servers can communicate with ACS Forwarders.

Monitoring task

Check connectivity to Audit Collection Services (ACS) Collector server using the TCP port configured for the ACS Collector server—by default, TCP port 51909.

Monitoring parameter

Audit Collection Services (ACS) Collector servers can communicate with ACS Forwarders.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

ACS Collector Server

Frequency

Hourly

Owner

Operator

Check connectivity to the Audit Collection Services database server using the TCP port configured for database access—by default, TCP port 1433.

Health requirement

Audit Collection Services (ACS) Collector servers can communicate with ACS database servers.

Monitoring task

Check connectivity to the Audit Collection Services database server using the TCP port configured for database access—by default, TCP port 1433.

Monitoring parameter

Audit Collection Services (ACS) Collector servers can communicate with ACS database servers.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

ACS Database Server

Frequency

Hourly

Owner

Operator

Check the validity of certificates for Audit Collection Services Forwarders.

Health requirement

Audit Collection Services (ACS) Collector servers can communicate with the ACS Forwarder.

Monitoring task

Check the validity of certificates for Audit Collection Services Collector servers.

Monitoring parameter

Certificates used for mutual authentication between Audit Collection Services (ACS) Collector servers and ACS Forwarders are valid.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in on Audit Collection Services (ACS) Collector servers and ACS Forwarders.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

ACS Collector Server

Frequency

Monthly

Owner

Operator

Audit Collection Services Database

Check the health of the Audit Collection Services database.

Health requirement

Audit Collection Services (ACS) Collector servers can read and modify the ACS database.

Monitoring task

Check the health of the Audit Collection Services database.

Monitoring parameter

The Audit Collection Services database is healthy.

Manual

Verify that the database is mounted and healthy in Microsoft SQL Server Management Studio and that no errors appear in the event log that relate to the Audit Collection Services database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

ACS Database

Frequency

Hourly

Owner

Operator

Check the health of the Microsoft SQL Server instance hosting the Audit Collection Services database.

Health requirement

Audit Collection Services (ACS) Collector servers can read and modify the ACS database.

Monitoring task

Check the health of the Microsoft SQL Server instance hosting the Audit Collection Services database.

Monitoring parameter

The Microsoft SQL Server instance hosting the Audit Collection Services database is healthy.

Manual

Verify that Microsoft SQL Server is running in SQL Server Management Studio and that no errors appear in the event log that relate to the Audit Collection Services database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

ACS Database

Frequency

Hourly

Owner

Operator

Check connectivity to the Audit Collection Services database using the TCP port configured for database access—by default, TCP port 1433.

Health requirement

Audit Collection Services (ACS) Collector servers can communicate with the ACS database.

Monitoring task

Check connectivity to the Audit Collection Services database using the TCP port configured for database access—by default, TCP port 1433.

Monitoring parameter

Audit Collection Services (ACS) Collector servers can communicate with the ACS database.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

ACS Database

Frequency

Hourly

Owner

Operator

Check retention for Audit Collection Services data.

Health requirement

Audit Collection Services (ACS) reports work properly, and the ACS database contains less than 256 days of information.

Monitoring task

Check retention for Audit Collection Services data.

Monitoring parameter

The Audit Collection Services database contains less than 256 days of information.

Manual

Configure retention of Audit Collection Services data in Operations console.

Automation

Check with the management pack unit monitor.

Health attribute

Performance

Health area

ACS Database

Frequency

Daily

Owner

Operator

Notes

Performance for Audit Collection Services reports severely degrades after six weeks of data and cannot exceed 256 days, which is a software limitation.

Reporting Data Warehouse Database

Check the health of the data warehouse database.

Health requirement

The Reporting server can read the data warehouse database.

Monitoring task

Check the health of the data warehouse database.

Monitoring parameter

The data warehouse database is healthy.

Manual

Verify that the database is mounted and healthy in Microsoft SQL Server Management Studio and that no errors appear in the event log that relate to the data warehouse database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

Data Warehouse Database

Frequency

Hourly

Owner

Operator

Check the health of the Microsoft SQL Server instance hosting the data warehouse database.

Health requirement

The Reporting server can read the data warehouse database.

Monitoring task

Check the health of the Microsoft SQL Server instance hosting the data warehouse database.

Monitoring parameter

The Microsoft SQL Server instance hosting the data warehouse database is healthy.

Manual

Verify that Microsoft SQL Server is running in SQL Server Management Studio and that no errors appear in the event log that relate to the data warehouse database.

Automation

Check with the Microsoft SQL Server management pack.

Health attribute

Availability

Health area

Data Warehouse Database

Frequency

Hourly

Owner

Operator

Check connectivity to the reporting data warehouse database server using the TCP port configured for database access—by default, TCP port 1433.

Health requirement

The Reporting server can communicate with the data warehouse database.

Monitoring task

Check connectivity to the reporting data warehouse database server using the TCP port configured for database access—by default, TCP port 1433.

Monitoring parameter

The Reporting server can communicate with the data warehouse database.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Data Warehouse Database

Frequency

Hourly

Owner

Operator

Reporting Server

Check the Microsoft Internet Information Services server’s health state.

Health requirement

Reports can be accessed through Operations console.

Monitoring task

Check the Microsoft Internet Information Services server’s health state.

Monitoring parameter

Microsoft System Center Operations Manager reports can be accessed through Operations console using a Secure Sockets layer connection over the Internet.

Manual

Verify that the Web service is running on the Reporting server.

Automation

Check with the Microsoft Internet Information Services management pack or a custom Web application monitor.

Health attribute

Availability

Health area

Reporting Server

Frequency

Hourly

Owner

Operator

Verify that Secure Sockets Layer is used when the Reporting server is accessed over the Internet.

Health requirement

Reports can be accessed through Operations console over a Secure Sockets Layer connection.

Monitoring task

Verify that Secure Sockets Layer is used when the Reporting server is accessed over the Internet.

Monitoring parameter

Microsoft System Center Operations Manager reports can be accessed through Operations console using a Secure Sockets Layer connection over the Internet.

Manual

Ensure that the Reporting server rejects connections without Secure Sockets Layer.

Automation

Check with the Microsoft Internet Information Services management pack or Windows PowerShell scripts.

Health attribute

Confidentiality

Health area

Reporting Server

Frequency

Hourly

Owner

Operation

Check connectivity to the reporting data warehouse database server using the TCP port configured for database access—by default, TCP port 1433.

Health requirement

The Reporting server can communicate with the data warehouse database.

Monitoring task

Check connectivity to the reporting data warehouse database server using the TCP port configured for database access—by default, TCP port 1433.

Monitoring parameter

The Reporting server can communicate with the data warehouse database.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with the management pack unit monitor.

Health attribute

Availability

Health area

Data Warehouse Database

Frequency

Hourly

Owner

Operator

Agentless Exception Monitoring

Check connectivity to the root management server and management servers using the TCP port configured for Agentless Exception Monitoring—by default, TCP port 51906.

Health requirement

Agentless Exception Monitoring can communicate with the root management server and management servers.

Monitoring task

Check connectivity to the root management server and management servers using the TCP port configured for Agentless Exception Monitoring—by default, TCP port 51906.

Monitoring parameter

AEM can communicate with the root management server and management servers.

Manual

View the configuration of Windows Firewall and any intervening firewalls, and use a utility such as Telnet to ensure that the port responds.

Automation

Check with management pack unit monitor.

Health attribute

Availability

Health area

Agentless Exception Monitoring

Frequency

Hourly

Owner

Operator

Maintenance Activities

Microsoft System Center Operations Manager Agents

Deploy agents to managed computers.

Health requirement

Agents can collect health data.

Maintenance task

Deploy agents to managed computers.

Manual

Install agents using the Setup Wizard from the product distribution source.

Automation

Use automated agent installation through Operations console.

Health attribute

Configuration

Health area

Agent

Frequency

As required

Owner

Operator

Repair an agent by reinstalling it.

Health requirement

The agent can collect health data.

Maintenance task

Repair an agent by automatically reinstalling it.

Manual

Install an agent from the product distribution source.

Automation

Use automated agent installation through Operations console.

Health attribute

Configuration

Health area

Agent

Frequency

As required

Owner

Operator

Recover and diagnose an agent by using the Automatic Agent Management Account Run As profile.

Health requirement

The agent can collect health data.

Maintenance task

Recover and diagnose the agent by using the Automatic Agent Management Account Run As profile.

Manual

Recover and diagnose the agent using Operations console.

Automation

Enable the automatic recovery through Operations console.

Health attribute

Configuration

Health area

Agent

Frequency

As required

Owner

Operator

Notes

The automation for this activity works only with agents in the same forest as the root management server.

Remotely enable and restart the Health service.

Health requirement

Agents can collect health data.

Maintenance task

Remotely enable and restart the Health service.

Manual

Use management tools capable of remotely managing Windows services.

Automation

Use the Windows services unit monitor.

Health attribute

Configuration

Health area

Agent

Frequency

As required

Owner

Operator

Remotely restart the Health service.

Health requirement

Agents can collect health data.

Maintenance task

Remotely restart the Health service.

Manual

Use management tools capable of remotely managing Windows services.

Automation

Use the Windows services unit monitor.

Health attribute

Configuration

Health area

Agent

Frequency

As required

Owner

Operator

Configure the action account on multiple computers.

Health requirement

Agents can collect health data.

Maintenance task

Configure the action account on multiple computers.

Manual

Configure the action account using Operations console.

Automation

Perform with Windows PowerShell scripts.

Health attribute

Appropriate Use

Health area

Agent

Frequency

As required

Owner

Operator

Remove agents from managed computers.

Health requirement

Agents can collect health data.

Maintenance task

Remove agents from managed computers.

Manual

Remove agents using the Setup Wizard from the product distribution source.

Automation

Use automated Agent Uninstall through Operations console.

Health attribute

Configuration

Health area

Agent

Frequency

As required

Owner

Operator

Agentless Monitoring

Add targeted computers to agentless monitoring.

Health requirement

Managed computers without agents are properly monitored.

Maintenance task

Add targeted computers to agentless monitoring.

Manual

Add targeted computers for agentless monitoring using Operations console.

Automation

Add targeted computers for agentless monitoring using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Agentless Monitoring

Frequency

As required by security policies

Owner

Operator

Remove targeted computers from agentless monitoring.

Health requirement

Managed computers without agents are properly monitored.

Maintenance task

Remove targeted computers from agentless monitoring.

Manual

Remove targeted computers from agentless monitoring using Operations console.

Automation

Remove targeted computers from agentless monitoring using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Agentless Monitoring

Frequency

As required by security policies

Owner

Operator

Management Pack

Create a TCP port monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Create a TCP port monitor.

Manual

Create a TCP port monitor using Operations console.

Automation

Create a TCP port monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Modify a TCP port monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Modify a TCP port monitor.

Manual

Modify a TCP port monitor using Operations console.

Automation

Modify a TCP port monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Remove a TCP port monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Remove a TCP port monitor.

Manual

Remove a TCP port monitor using Operations console.

Automation

Remove a TCP port monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Create a Web application monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Create a Web application monitor.

Manual

Create a Web application monitor using Operations console.

Automation

Create a Web application monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Modify a Web application monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Modify a Web application monitor.

Manual

Modify a Web application monitor using Operations console.

Automation

Modify a Web application monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Remove a Web application monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Remove a Web application monitor.

Manual

Remove a Web application monitor using Operations console.

Automation

Remove a Web application monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Create an Open Database Connectivity data source monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Create an Open Database Connectivity data source monitor.

Manual

Create an Open Database Connectivity data source monitor using Operations console.

Automation

Create an Open Database Connectivity data source monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Modify an Open Database Connectivity data source monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Modify an Open Database Connectivity data source monitor.

Manual

Modify an Open Database Connectivity data source monitor using Operations console.

Automation

Modify an Open Database Connectivity data source monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Remove an Open Database Connectivity data source monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Remove an Open Database Connectivity data source monitor.

Manual

Remove an Open Database Connectivity data source monitor using Operations console.

Automation

Remove an Open Database Connectivity data source monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Create a Windows service monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Create a Windows service monitor.

Manual

Create a Windows service monitor using Operations console.

Automation

Create a Windows services monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Modify a Windows service monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Modify a Windows service monitor.

Manual

Modify a Windows service monitor using Operations console.

Automation

Modify a Windows services monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Remove a Windows service monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Remove a Windows service monitor.

Manual

Remove a Windows service monitor using Operations console.

Automation

Remove a Windows services monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Create a process monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Create a process monitor.

Manual

Create a process monitor using Operations console.

Automation

Create a process monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Modify a process monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Modify a process monitor.

Manual

Modify a process monitor using Operations console.

Automation

Modify a process monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Remove a process monitor.

Health requirement

Management packs are properly configured to monitor applications, services, and infrastructure.

Maintenance task

Remove a process monitor.

Manual

Remove a process monitor using Operations console.

Automation

Remove a process monitor using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Pack

Frequency

As required

Owner

Operator

Root Management Server

Verify the use of low-privileged accounts for Run As accounts as appropriate.

Health requirement

Services are able to perform corresponding functions.

Maintenance task

Verify the use of low-privileged accounts for Run As accounts as appropriate.

Manual

Use Windows administration tools to view the permissions and rights assigned to the Run As accounts.

Automation

Verify permissions and rights using Windows PowerShell scripts.

Health attribute

Appropriate Use

Health area

Root Management Server

Frequency

As required by security policies

Owner

Operator

Change the password of the credentials used for the Microsoft Internet Information Services ReportServer Application Pool account password.

Health requirement

Credentials used for the Microsoft Internet Information Services ReportServer Application Pool are secure.

Maintenance task

Change the password of the credentials used for the Microsoft Internet Information Services ReportServer Application Pool account password.

Manual

Use Active Directory Users and Computers to change the password.

Automation

Change the password using Windows PowerShell scripts, or use Managed Service Accounts in Windows Server 2008 R2.

Health attribute

Confidentiality

Health area

Reporting Server

Frequency

As required by security policies

Owner

Operator

Change the password of the credentials used for the Reporting Server Execution account.

Health requirement

Credentials used for the Reporting Server Execution account are secure.

Maintenance task

Change the password of the credentials used for the Reporting Server Execution account.

Manual

Use Active Directory Users and Computers to change the password.

Automation

Change the password using Windows PowerShell scripts, or use Managed Service Accounts in Windows Server 2008 R2.

Health attribute

Confidentiality

Health area

Reporting Server

Frequency

As required by security policies

Owner

Operator

Change the credentials used for the SDK and Config Service accounts.

Health requirement

Credentials used for the SDK and Config Service accounts are secure.

Maintenance task

Change the credentials used for the SDK and Config Service accounts.

Manual

Use Active Directory Users and Computers to change the password.

Automation

Change the password using Windows PowerShell scripts, or use Managed Service Accounts in Windows Server 2008 R2.

Health attribute

Confidentiality

Health area

Root Management Server

Frequency

As required by security policies

Owner

Operator

Change the password of the credentials used for Microsoft SQL Server 2008 Reporting Services.

Health requirement

Credentials used for Microsoft SQL Server Reporting Services 2008 are secure.

Maintenance task

Change the password of the credentials used for Microsoft SQL Server 2008 Reporting Services.

Manual

Use Active Directory Users and Computers to change the password.

Automation

Change the password using Windows PowerShell scripts, or use Managed Service Accounts in Windows Server 2008 R2.

Health attribute

Confidentiality

Health area

Reporting server

Frequency

As required by security policies

Owner

Operator

Managing certificate renewal for the root management server.

Health requirement

The root management server can communicate with management servers.

Maintenance task

Managing certificate renewal for the root management server.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

Root Management Server

Frequency

As required

Owner

Operator

Add the root management server in a cluster configuration.

Health requirement

The root management server can process health data and update health status in the event of a cluster node failure.

Maintenance task

Add the root management server in a cluster configuration.

Manual

Add the root management server to a cluster using the Microsoft System Center Operations Manager installation process and Windows cluster management tools.

Automation

Add the root management server to a cluster using unattended answer setup files.

Health attribute

Availability

Health area

Root Management Server

Frequency

As required

Owner

Operator

Manage Microsoft System Center Operations Manager user roles.

Health requirement

User roles have the appropriate rights and permissions.

Maintenance task

Manage Microsoft System Center Operations Manager user roles.

Manual

Manage roles using Operations console.

Automation

Manage roles using Windows PowerShell scripts.

Health attribute

Security

Health area

Root Management Server

Frequency

As required

Owner

Operator

Manage Microsoft System Center Operations Manager profiles.

Health requirement

Profiles have the appropriate rights and permissions.

Maintenance task

Manage Microsoft System Center Operations Manager profiles.

Manual

Manage profiles using Operations console.

Automation

Manage profiles using Windows PowerShell scripts.

Health attribute

Security

Health area

Root Management Server

Frequency

As required

Owner

Operator

Create connected management groups.

Health requirement

Other management groups can report alerts and events.

Maintenance task

Create connected management groups.

Manual

Create connected management groups using Operations console.

Automation

Create connected management groups using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Connected Management Groups

Frequency

As required

Owner

Operator

Configure user roles for connected management groups.

Health requirement

User roles have the appropriate rights and permissions.

Maintenance task

Configure user roles for connected management groups.

Manual

Manage connected management groups using Operations console.

Automation

Manage groups using Windows PowerShell scripts.

Health attribute

Security

Health area

Connected Management Groups

Frequency

As required

Owner

Operator

Remove connected management groups.

Health requirement

Unnecessary health information from a connected management group is eliminated.

Maintenance task

Remove connected management groups.

Manual

Remove connected management groups using Operations console.

Automation

Remove groups using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Connected Management Groups

Frequency

As required

Owner

Operator

Resolve active alerts after a period of time.

Health requirement

Remove active alerts after a period of time to reduce the storage used by the Operations Manager database.

Maintenance task

Resolve active alerts after a period of time.

Manual

Resolve active alerts using Operations console.

Automation

Configure automatic alert resolution in Microsoft System Center Operations Manager.

Health attribute

Capacity

Health area

Operations Manager Database

Frequency

As required

Owner

Operator

Configure grooming settings for management groups.

Health requirement

Remove inactive health information to reduce the storage used by the Operations Manager database.

Maintenance task

Configure grooming settings for management groups.

Manual

Configure using Operations console.

Automation

Remove groups using Windows PowerShell scripts.

Health attribute

Capacity

Health area

Operations Manager Database

Frequency

As required

Owner

Operator

Back up the root management server encryption key.

Health requirement

Ensure recovery of the root management server in the event of a failure.

Maintenance task

Back up the root management server encryption key.

Manual

Back up the key using any backup software, such as Windows Server Backup.

Automation

Back up using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Root Management Server

Frequency

Each time encryption key changes

Owner

Backup Operator

Back up Microsoft Internet Information Services configuration.

Health requirement

Ensure recovery of the root management server in the event of a failure.

Maintenance task

Back up Microsoft Internet Information Services configuration.

Manual

Back up the configuration using any backup software, such as Windows Server Backup.

Automation

Back up using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Root Management Server

Frequency

Perform a full backup every time the configuration of Microsoft Internet Information Services changes.

Owner

Backup Operator

Back up root management server certificates.

Health requirement

Ensure recovery of the root management server in the event of a failure.

Maintenance task

Back up root management server certificates.

Manual

Back up certificates using any backup software, such as Windows Server Backup.

Automation

Back up using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Root Management Server

Frequency

Each time certificates are updated

Owner

Backup Operator

Recover from root management server failure by promoting management server.

Health requirement

Ensure the recovery of a root management server in the event of a failure.

Maintenance task

Recover from root management server failure by promoting a management server.

Manual

Recover from failure using any backup software, such as Windows Server Backup.

Automation

Recover using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Root Management Server

Frequency

As required by failure

Owner

Operator

Recover from a failed root management server cluster node.

Health requirement

Ensure recovery of a root management server in the event of a failure.

Maintenance task

Recover from a failed root management server cluster node.

Manual

Recover using any backup software, such as Windows Server Backup.

Automation

Recover using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Root Management Server

Frequency

As required by failure

Owner

Operator

Operations Manager Database Server

Remove aged discovery data from the Operations Manager database (OperationsManager).

Health requirement

Remove aged discovery data after a period of time to reduce the storage used by the Operations Manager database.

Maintenance task

Remove aged discovery data from the Operations Manager database (OperationsManager).

Manual

Remove discovery data using Operations console.

Automation

Configure automatic removal of discovery data in Microsoft System Center Operations Manager.

Health attribute

Capacity

Health area

Operations Manager Database

Frequency

As required

Owner

Operator

Repair data block corruption in database schema objects.

Health requirement

Ensure the integrity of the Operations Manager database.

Maintenance task

Repair data block corruption in database schema objects.

Manual

Repair corruption using Microsoft SQL Server Management Studio.

Automation

Health attribute

Integrity

Health area

Operations Manager Database

Frequency

As required

Owner

Operator

Add an Operations Manager database server in a cluster configuration.

Health requirement

The Operations Manager database is available to other Microsoft System Center Operations Manager server roles.

Maintenance task

Add an Operations Manager database server in a cluster configuration.

Manual

Add Microsoft SQL Server to the cluster using the SQL Server installation process and Windows cluster management tools.

Automation

Add a root management server to the cluster using unattended answer setup files.

Health attribute

Availability

Health area

Operations Manager Database

Frequency

As required

Owner

Operator

Back up the msdb database (Msdbdata).

Health requirement

Ensure the recovery of the Operations Manager database in the event of a failure.

Maintenance task

Back up the msdb database (Msdbdata).

Manual

Back up using any backup software, such as Windows Server Backup.

Automation

Backup using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Operations Manager Database

Frequency

Perform a full backup after the initial installation and configuration of the Operations Manager database components. Perform incremental backups after changing the scheduled Microsoft SQL Server agent jobs that Microsoft System Center Operations Manager uses.

Owner

Backup Operator

Restore the msdb database (Msdbdata).

Health requirement

Ensure recovery of the Operations Manager database in the event of a failure.

Maintenance task

Restore the msdb database (Msdbdata).

Manual

Recover using any backup software, such as Windows Server Backup.

Automation

Recover using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Operations Manager Database

Frequency

As required by failure

Owner

Operator

Back up the Operations Manager database (OperationsManager).

Health requirement

Ensure the recovery of the Operations Manager database in the event of a failure.

Maintenance task

Back up the Operations Manager database (OperationsManager).

Manual

Back up using any backup software, such as Windows Server Backup.

Automation

Back up using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Operations Manager Database

Frequency

Perform full backups weekly and incremental backups.

Owner

Backup Operator

Restore the Operations Manager database (OperationsManager).

Health requirement

Ensure recovery of the Operations Manager database in the event of a failure.

Maintenance task

Restore the Operations Manager database (OperationsManager).

Manual

Recover using any backup software, such as Windows Server Backup.

Automation

Recover using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Operations Manager Database

Frequency

As required by failures

Owner

Operator

Management Server

Manage certificate renewal for management servers.

Health requirement

Management servers can communicate with other management servers.

Maintenance task

Manage certificate renewal for management servers.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

Management Server

Frequency

As required

Owner

Operator

Back up management server certificates.

Health requirement

Ensure recovery of management servers in the event of a failure.

Maintenance task

Back up management server certificates.

Manual

Back up using any backup software, such as Windows Server Backup.

Automation

Backup using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Management Server

Frequency

Each time certificates are updated

Owner

Backup Operator

Add management server to a management group.

Health requirement

Management servers can process health data and update health status in the event of an individual management server failure.

Maintenance task

Add a management server to a management group.

Manual

Add management servers using the Microsoft System Center Operations Manager installation process.

Automation

Add a management server using unattended answer setup files.

Health attribute

Configuration

Health area

Management Server

Frequency

As required

Owner

Operator

Remove management server from a management group.

Health requirement

Remove unnecessary management servers to reduce the attack surface.

Maintenance task

Remove a management server from a management group.

Manual

Remove a management server using the Microsoft System Center Operations Manager installation process.

Automation

Remove a management server using unattended answer setup files.

Health attribute

Configuration

Health area

Management Server

Frequency

As required

Owner

Operator

Recover from total failure of management server.

Health requirement

Ensure recovery of a management server in the event of a failure.

Maintenance task

Recover from total failure of a management server.

Manual

Recover using any backup software, such as Windows Server Backup.

Automation

Recover using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Management Server

Frequency

As required by failure

Owner

Operator

Gateway Server

Configure agent failover among multiple gateway servers.

Health requirement

Gateway servers can aggregate health data from agents in the event of the failure of a single gateway server.

Maintenance task

Configure agent failover among multiple gateway servers.

Manual

Configure using Operations console.

Automation

Configure using Windows PowerShell scripts.

Health attribute

Availability

Health area

Gateway Server

Frequency

As required

Owner

Operator

Configure a gateway server to fail over among multiple management servers.

Health requirement

Gateway servers can aggregate health data from agents in the event of the failure of a single management server.

Maintenance task

Configure a gateway server to fail over among multiple management servers.

Manual

Configure using Operations console.

Automation

Configure using Windows PowerShell scripts.

Health attribute

Availability

Health area

Gateway Server

Frequency

As required

Owner

Operator

Manage certificate renewal for gateway servers.

Health requirement

Gateway servers can communicate with other server roles.

Maintenance task

Manage certificate renewal for gateway servers.

Manual

Verify certificate validity in the Certificates Microsoft Management Console snap-in.

Automation

Check with the custom unit monitor, or use a Windows PowerShell script.

Health attribute

Confidentiality

Health area

Gateway Server

Frequency

As required by revocation of certificates

Owner

Operator

Back up gateway server certificates.

Health requirement

Ensure recovery of the gateway server in the event of a failure.

Maintenance task

Back up gateway server certificates.

Manual

Back up using any backup software, such as Windows Server Backup.

Automation

Back up using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Gateway Server

Frequency

Each time certificates are updated

Owner

Backup Operator

Add a gateway server to a management group.

Health requirement

Gateway servers can process health data and update health status in the event of an individual gateway server failure.

Maintenance task

Add a gateway server to a management group.

Manual

Add a gateway server using the Microsoft System Center Operations Manager installation process.

Automation

Add a gateway server using unattended answer setup files.

Health attribute

Configuration

Health area

Gateway Server

Frequency

As required

Owner

Operator

Remove a gateway server from a management group.

Health requirement

Remove unnecessary gateway servers to reduce the attack surface.

Maintenance task

Remove a gateway server from a management group.

Manual

Remove a gateway server using the Microsoft System Center Operations Manager installation process.

Automation

Remove a gateway server using unattended answer setup files.

Health attribute

Configuration

Health area

Gateway Server

Frequency

As required

Owner

Operator

Recover from total failure of a gateway server.

Health requirement

Ensure recovery of a gateway server in the event of a failure.

Maintenance task

Recover from total failure of a gateway server.

Manual

Recover using any backup software, such as Windows Server Backup.

Automation

Recover using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Gateway Server

Frequency

As required by failure

Owner

Backup Operator

Operations Console

Place monitored objects in maintenance mode.

Health requirement

Eliminate a large number of repeated events from being reported for known errors.

Maintenance task

Place monitored objects in maintenance mode.

Manual

Place in maintenance mode using Operations console.

Automation

Place in maintenance mode using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Operations Server Management

Frequency

As required

Owner

Operator

Remove monitored objects in maintenance mode.

Health requirement

Return monitored objects to normal operation after being placed in maintenance mode.

Maintenance task

Remove monitored objects in maintenance mode.

Manual

Remove from maintenance mode using Operations console.

Automation

Remove from maintenance mode using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Operations Server Management

Frequency

As required

Owner

Operator

Add Operations console to a management group.

Health requirement

Ensure that the Operations team has access and that additional Operations consoles are available in the event of the failure of a single Operations console.

Maintenance task

Add Operations console to a management group.

Manual

Add an Operations console using the Microsoft System Center Operations Manager installation process.

Automation

Add an Operations console using unattended answer setup files.

Health attribute

Configuration

Health area

Operations Console

Frequency

As required

Owner

Operator

Remove an Operations console from a management group.

Health requirement

Remove an unnecessary Operations console to reduce the attack surface.

Maintenance task

Remove an Operations console from a management group.

Manual

Remove an Operations console using the Microsoft System Center Operations Manager installation process.

Automation

Remove an Operations console using unattended answer setup files.

Health attribute

Configuration

Health area

Operations Console

Frequency

As required

Owner

Operator

Import management packs.

Health requirement

Ensure management of correct monitored objects.

Maintenance task

Import management packs.

Manual

Add management packs using Operations console.

Automation

Add management packs using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Packs

Frequency

As required

Owner

Operator

Export management packs.

Health requirement

Ensure management of correct monitored objects.

Maintenance task

Export management packs.

Manual

Export management packs using Operations console.

Automation

Export management packs using Windows PowerShell scripts.

Health attribute

Continuity

Health area

Management Packs

Frequency

As required

Owner

Operator

Modify management packs.

Health requirement

Ensure management of correct monitored objects.

Maintenance task

Modify management packs.

Manual

Modify management packs using Operations console.

Automation

Modify management packs using Windows PowerShell scripts.

Health attribute

Configuration

Health area

Management Packs

Frequency

As required

Owner

Operator

Back up custom management packs.

Health requirement

Ensure recovery of management packs in the event of the total loss of the Operations Manager database.

Maintenance task

Back up custom management packs.

Manual

Back up using any backup software, such as Windows Server Backup.

Automation

Backup using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Management Packs

Frequency

Monthly or after making significant changes to management packs

Owner

Operator

Restore custom management packs.

Health requirement

Ensure recovery of management packs in the event of the total loss of the Operations Manager database.

Maintenance task

Restore custom management packs.

Manual

Recover using any backup software, such as Windows Server Backup.

Automation

Recover using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Management Packs

Frequency

As required by failure

Owner

Operator

Recover from total failure of Operations console.

Health requirement

Ensure continued monitoring of services, applications, and infrastructure.

Maintenance task

Recover from total failure of Operations console.

Manual

Recover using any backup software, such as Windows Server Backup.

Automation

Recover using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Operations Console

Frequency

As required by failure

Owner

Operator

Create custom groups.

Health requirement

Users have access to the appropriate management information and specific applications, services, and infrastructure.

Maintenance task

Create custom groups.

Manual

Create custom groups using Operations console.

Automation

Create custom groups using Windows PowerShell scripts.

Health attribute

Appropriate Use

Health area

Operations Console

Frequency

As required

Owner

Operator

Modify custom groups.

Health requirement

Users have access to the appropriate management information and specific applications, services, and infrastructure.

Maintenance task

Modify custom groups.

Manual

Modify custom groups using Operations console.

Automation

Modify custom groups using Windows PowerShell scripts.

Health attribute

Appropriate Use

Health area

Operations Console

Frequency

As required

Owner

Operator

Remove custom groups.

Health requirement

Users have access to the appropriate management information and specific applications, services, and infrastructure.

Maintenance task

Remove custom groups.

Manual

Create custom groups using Operations console.

Automation

Remove custom groups using Windows PowerShell scripts.

Health attribute

Appropriate Use

Health area

Operations Console

Frequency

As required

Owner

Operator

Web Console Server

Configure the Web console server to fail over to another root management server.

Health requirement

Users are able to access monitoring information in the event of a root management server failure.

Maintenance task

Configure the Web console server to fail over to another root management server.

Manual

Configure Web console server failover by modifying the Web.config file.

Automation

Configure using Windows PowerShell scripts.

Health attribute

Availability

Health area

Web Console Server

Frequency

As required

Owner

Operator

Change the authentication method that a Web console server uses.

Health requirement

Ensure that the authentication method is appropriate for usage scenarios, such as Windows authentication for intranet users or Basic authentication with Secure Sockets Layer for Internet users.

Maintenance task

Change the authentication method that a Web console server uses.

Manual

Configure the authentication method using IIS Manager.

Automation

Configure using Windows PowerShell scripts.

Health attribute

Confidentiality

Health area

Web Console Server

Frequency

As required

Owner

Operator

Enable Secure Sockets Layer on a Web console server.

Health requirement

Ensure that no unauthorized users can view traffic between users and the Web console server.

Maintenance task

Enable Secure Sockets Layer on a Web console server.

Manual

Configure the authentication method using IIS Manager.

Automation

Configure authentication using Windows PowerShell scripts.

Health attribute

Confidentiality

Health area

Web Console Server

Frequency

As required

Owner

Operator

Manage certificates on Web console servers.

Health requirement

Users can access monitoring information using Windows Internet Explorer.

Maintenance task

Manage certificates on Web console servers.

Manual

Manage certificates using IIS Manager.

Automation

Manage certificates using Windows PowerShell scripts.

Health attribute

Confidentiality

Health area

Web Console Server

Frequency

As required

Owner

Operator

Add a Web console server to a management group.

Health requirement

Users can access monitoring information in the event of a Web console server failure.

Maintenance task

Add a Web console server to a management group.

Manual

Add a Web console sever using the Microsoft System Center Operations Manager installation process.

Automation

Add a Web console server using unattended answer setup files.

Health attribute

Configuration

Health area

Web Console Server

Frequency

As required

Owner

Operator

Remove a Web console server from a management group.

Health requirement

Remove unnecessary Web console servers to reduce the attack surface.

Maintenance task

Remove a Web console server from a management group.

Manual

Remove a Web console sever using the Microsoft System Center Operations Manager installation process.

Automation

Remove a Web console server using unattended answer setup files.

Health attribute

Configuration

Health area

Web Console Server

Frequency

As required

Owner

Operator

Back up Microsoft Internet Information Services configuration.

Health requirement

Ensure the recovery of a Web console server in the event of a failure.

Maintenance task

Back up Microsoft Internet Information Services configuration.

Manual

Back up using any backup software, such as Windows Server Backup.

Automation

Back up using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Web Console Server

Frequency

Each time any changes are made to Microsoft Internet Information Services configuration

Owner

Operator

Restore Microsoft Internet Information Services configuration.

Health requirement

Ensure the recovery of a Web console server in the event of a failure.

Maintenance task

Restore Microsoft Internet Information Services configuration.

Manual

Restore using any backup software, such as Windows Server Backup.

Automation

Use the Desired Configuration Management feature in Microsoft System Center Configuration Manager.

Health attribute

Continuity

Health area

Web Console Server

Frequency

As required by failure

Owner

Operator

Recover from total failure of a Web console server.

Health requirement

Ensure the recovery of a Web console server in the event of a failure.

Maintenance task

Recover from total failure of a Web console server.

Manual

Recover using any backup software, such as Windows Server Backup.

Automation

Recover using image-based deployment methods.

Health attribute

Continuity

Health area

Web Console Server

Frequency

As required by failure

Owner

Operator

Audit Collection Services Forwarder

Add an Audit Collection Services Forwarder to a management group.

Health requirement

Audit Collection Services (ACS) information is collected and forwarded to the ACS Collector server in the event of an ACS Forwarder failure.

Maintenance task

Add an Audit Collection Services Forwarder to a management group.

Manual

Add an Audit Collection Services Forwarder using the Microsoft System Center Operations Manager installation process.

Automation

Add an Audit Collection Services Forwarder using unattended answer setup files.

Health attribute

Configuration

Health area

ACS Forwarder

Frequency

As required

Owner

Operator

Back up Audit Collection Services Forwarder configuration.

Health requirement

Ensure recovery of an Audit Collection Services Forwarder in the event of a failure.

Maintenance task

Back up Audit Collection Services Forwarder configuration.

Manual

Back up using any backup software, such as Windows Server Backup.

Automation

Back up using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

ACS Forwarder

Frequency

Each time any changes are made to the Audit Collection Services.

Owner

Operator

Remove an Audit Collection Services Forwarder from a management group.

Health requirement

Remove an unnecessary Audit Collection Services Forwarder to reduce the attack surface.

Maintenance task

Remove an Audit Collection Services Forwarder from a management group.

Manual

Remove an Audit Collection Services Forwarder using the Microsoft System Center Operations Manager installation process.

Automation

Remove an Audit Collection Services Forwarder using unattended answer setup files.

Health attribute

Configuration

Health area

ACS Forwarder

Frequency

As required

Owner

Operator

Enable an Audit Collection Services Forwarder for a computer group.

Health requirement

Enable collection of Audit Collection Services information on a group of computers.

Maintenance task

Enable an Audit Collection Services Forwarder for a computer group.

Manual

Enable an Audit Collection Services Forwarder using Operations console.

Automation

Enable an Audit Collection Services Forwarder using Windows PowerShell scripts.

Health attribute

Configuration

Health area

ACS Forwarder

Frequency

As required

Owner

Operator

Recover from total failure of an Audit Collection Services Forwarder server.

Health requirement

Ensure recovery of an Audit Collection Services Forwarder in the event of a failure.

Maintenance task

Recover from total failure of an Audit Collection Services Forwarder server.

Manual

Recover using any backup software, such as Windows Server Backup.

Automation

Recover using image-based deployment methods.

Health attribute

Continuity

Health area

ACS Forwarder

Frequency

As required by failure

Owner

Operator

Audit Collection Services Collector Server

Add an Audit Collection Services Collector server to a management group.

Health requirement

Audit Collection Services (ACS) information is collected from ACS Forwarders in the event of an ACS Collector server failure.

Maintenance task

Add an Audit Collection Services Collector server to a management group.

Manual

Add an Audit Collection Services Forwarder using the Microsoft System Center Operations Manager installation process.

Automation

Add an Audit Collection Services Forwarder using unattended answer setup files.

Health attribute

Configuration

Health area

ACS Collector Server

Frequency

As required

Owner

Operator

Remove an Audit Collection Services Collector server from a management group.

Health requirement

Remove unnecessary Audit Collection Services Collector servers to reduce the attack surface.

Maintenance task

Remove an Audit Collection Services Collector server from a management group.

Manual

Remove an Audit Collection Services Collector server using the Microsoft System Center Operations Manager installation process.

Automation

Remove an Audit Collection Services Collector server using unattended answer setup files.

Health attribute

Configuration

Health area

ACS Collector Server

Frequency

As required

Owner

Operator

Configure the collector-side filter.

Health requirement

Only specific Audit Collection Services information is collected.

Maintenance task

Configure the collector-side filter.

Manual

Configure the filter using the AdtAdmin –setquery command.

Automation

Configure the filter using the AdtAdmin –setquery command.

Health attribute

Configuration

Health area

ACS Collector Server

Frequency

As required

Owner

Operator

Recover from total failure of an Audit Collection Services Collector server.

Health requirement

Ensure recovery of an Audit Collection Services Collector server in the event of a failure.

Maintenance task

Recover from total failure of an Audit Collection Services Collector server.

Manual

Recover using any backup software, such as Windows Server Backup.

Automation

Recover using image-based deployment methods.

Health attribute

Continuity

Health area

ACS Collector Server

Frequency

As required by failure

Owner

Operator

Audit Collection Services Database Server

Back up the Audit Collection Services database (OperationsManagerAC).

Health requirement

Ensure recovery of the Audit Collection Services database in the event of a failure.

Maintenance task

Back up the Audit Collection Services database (OperationsManagerAC).

Manual

Back up using any backup software, such as Windows Server Backup.

Automation

Back up using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

ACS Database

Frequency

Perform a full backup monthly and incremental backups weekly.

Owner

Backup Operator

Restore the Audit Collection Services database (OperationsManagerAC).

Health requirement

Ensure recovery of the Audit Collection Services database in the event of a failure.

Maintenance task

Restore the Audit Collection Services database (OperationsManagerAC).

Manual

Restore using any backup software, such as Windows Server Backup.

Automation

Restore using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

ACS Database

Frequency

As required by failure

Owner

Operator

Back up the msdb database (Msdbdata).

Health requirement

Ensure recovery of the Audit Collection Services database in the event of a failure.

Maintenance task

Back up the msdb database (Msdbdata).

Manual

Back up the database using any backup software, such as Windows Server Backup.

Automation

Back up the database using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

ACS Database

Frequency

Perform a full backup after the initial installation and configuration of the Operations Manager database components. Perform incremental backups after changing the scheduled Microsoft SQL Server agent jobs that Microsoft System Center Operations Manager uses.

Owner

Backup Operator

Restore the msdb database (Msdbdata).

Health requirement

Ensure recovery of the Audit Collection Services database in the event of a failure.

Maintenance task

Restore the msdb database (Msdbdata).

Manual

Restore the database using any backup software, such as Windows Server Backup.

Automation

Restore the database using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

ACS Database

Frequency

As required by failure

Owner

Operator

Recover from total failure of an Audit Collection Services database server.

Health requirement

Ensure recovery of an Audit Collection Services database server in the event of a failure.

Maintenance task

Recover from total failure of an Audit Collection Services database server.

Manual

Recover from failure using any backup software, such as Windows Server Backup.

Automation

Recover from failure using image-based deployment methods.

Health attribute

Continuity

Health area

ACS Database

Frequency

As required by failure

Owner

Operator

Agentless Exception Monitoring

Install Agentless Exception Monitoring for managed computers.

Health requirement

Agentless Exception Monitoring is performed for managed computers.

Maintenance task

Install Agentless Exception Monitoring for managed computers.

Manual

Verify proper operation of Agentless Exception Monitoring (AEM) using the AEM Validation tool.

Automation

Health attribute

Configuration

Health area

Agentless Exception Monitoring

Frequency

As required

Owner

Operator

Uninstall Agentless Exception Monitoring for managed computers.

Health requirement

Agentless Exception Monitoring is not performed for managed computers.

Maintenance task

Uninstall Agentless Exception Monitoring for managed computers.

Manual

Verify that Agentless Exception Monitoring components are no longer installed.

Automation

Health attribute

Configuration

Health area

Agentless Exception Monitoring

Frequency

As required

Owner

Operator

Run Agentless Exception Monitoring reports to ensure that proper information is being collected.

Health requirement

Agentless Exception Monitoring is collecting information about abnormal operating system or application terminations.

Maintenance task

Run Agentless Exception Monitoring reports to ensure that proper information is being collected.

Manual

Verify that Agentless Exception Monitoring is collecting the appropriate information about abnormal operating system or application terminations.

Automation

Health attribute

Continuity

Health area

Agentless Exception Monitoring

Frequency

As required

Owner

Operator

Reporting Data Warehouse Database Server

Configure the reporting data warehouse data grooming interval.

Health requirement

Ensure that information no longer needed for reporting is removed from the reporting data warehouse database.

Maintenance task

Configure the reporting data warehouse data grooming interval.

Manual

Configure the interval using the Operations console.

Automation

Configure the interval using Windows PowerShell scripts.

Health attribute

Capacity

Health area

Reporting Data Warehouse Database

Frequency

As required

Owner

Operator

Back up the reporting data warehouse database (OperationsManagerDW).

Health requirement

Ensure recovery of the reporting data warehouse database in the event of a failure.

Maintenance task

Back up the reporting data warehouse database (OperationsManagerDW).

Manual

Back up the database using any backup software, such as Windows Server Backup.

Automation

Back up the database using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Reporting Data Warehouse Database

Frequency

Perform a full backup monthly and incremental backups weekly.

Owner

Backup Operator

Restore the reporting data warehouse database (OperationsManagerDW).

Health requirement

Ensure recovery of the reporting data warehouse database in the event of a failure.

Maintenance task

Restore the reporting data warehouse database (OperationsManagerDW).

Manual

Restore the database using any backup software, such as Windows Server Backup.

Automation

Restore the database using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Reporting Data Warehouse Database

Frequency

As required by failure

Owner

Operator

Back up the msdb database (Msdbdata).

Health requirement

Ensure recovery of the reporting data warehouse database in the event of a failure.

Maintenance task

Back up the msdb database (Msdbdata).

Manual

Automation

Health attribute

Continuity

Health area

Data Warehouse Database

Frequency

Perform a full backup after the initial installation and configuration of the Operations Manager database components. Perform incremental backups after changing the scheduled Microsoft SQL Server agent jobs that Microsoft System Center Operations Manager uses.

Owner

Backup Operator

Restore the msdb database (Msdbdata).

Health requirement

Ensure recovery of the reporting data warehouse database in the event of a failure.

Maintenance task

Ensure recovery of the reporting data warehouse database in the event of a failure.

Manual

Restore the database using any backup software, such as Windows Server Backup.

Automation

Restore the database using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Reporting Data Warehouse Database

Frequency

As required by failure

Owner

Operator

Recover from total failure of the reporting data warehouse database server.

Health requirement

Ensure recovery of the reporting data warehouse database in the event of a failure.

Maintenance task

Recover from total failure of the reporting data warehouse database server.

Manual

Recover from failure using any backup software, such as Windows Server Backup.

Automation

Recover from failure using image-based deployment methods.

Health attribute

Continuity

Health area

Reporting Data Warehouse Database

Frequency

As required by failure

Owner

Operator

Reporting Server

Manage user access to reports.

Health requirement

Ensure that authorized users can run reports.

Maintenance task

Manage user access to reports.

Manual

Configure using Microsoft SQL Server Reporting Services.

Automation

Health attribute

Confidentiality

Health area

Reporting Server

Frequency

As required

Owner

Operator

Manage access to Audit Collection Services reports.

Health requirement

Ensure that authorized users can run reports.

Maintenance task

Manage access to Audit Collection Services reports.

Manual

Configure using Microsoft SQL Server Reporting Services.

Automation

Health attribute

Confidentiality

Health area

ACS Reports

Frequency

As required

Owner

Operator

Configure the Audit Collection Services data-retention period.

Health requirement

Ensure that information no longer needed for reporting is removed from the Audit Collection Services database.

Maintenance task

Configure the Audit Collection Services data-retention period.

Manual

Configure the retention period using Microsoft SQL Server Management Studio.

Automation

Configure the retention period using Windows PowerShell scripts.

Health attribute

Capacity

Health area

ACS Reports

Frequency

As required

Owner

Operator

Back up custom report definition files.

Health requirement

Ensure recovery of custom reports in the event of a failure.

Maintenance task

Back up custom report definition files.

Manual

Back up the files using Microsoft SQL Server Reporting Services.

Automation

Health attribute

Continuity

Health area

Reporting Server

Frequency

As required

Owner

Operator

Back up the msdb database (Msdbdata).

Health requirement

Ensure recovery of the Reporting server database in the event of a failure.

Maintenance task

Back up the msdb database (Msdbdata).

Manual

Back up the database using any backup software, such as Windows Server Backup.

Automation

Back up the database using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Reporting Server

Frequency

Perform a full backup after the initial installation and configuration of the Operations Manager database components. Perform incremental backups after changing the scheduled Microsoft SQL Server agent jobs that Microsoft System Center Operations Manager uses.

Owner

Backup Operator

Restore the msdb database (Msdbdata).

Health requirement

Ensure recovery of the Reporting server database in the event of a failure.

Maintenance task

Restore the msdb database (Msdbdata).

Manual

Restore the database using any backup software, such as Windows Server Backup.

Automation

Restore the database using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Reporting Server

Frequency

As required by failure

Owner

Backup Operator

Back up the Reporting server database (ReportServer).

Health requirement

Ensure recovery of the Reporting server database in the event of a failure.

Maintenance task

Back up the Reporting server database (ReportServer).

Manual

Back up the database using any backup software, such as Windows Server Backup.

Automation

Back up the database using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Reporting Server

Frequency

Perform a full backup on a recurring basis, with the frequency depending on how often reports change in the organization and every time after significant changes are made to report definitions (including additions, changes, and deletions). Perform incremental backups on the same schedule as full backups.

Owner

Backup Operator

Restore the Reporting server database (ReportServer).

Health requirement

Ensure recovery of the Reporting server in the event of a failure.

Maintenance task

Restore the Reporting server database (ReportServer).

Manual

Restore the database using any backup software, such as Windows Server Backup.

Automation

Health attribute

Continuity

Health area

Reporting Server

Frequency

As required by failure

Owner

Operator

Recover from total failure of the Reporting server.

Health requirement

Ensure recovery of the Reporting server in the event of a failure.

Maintenance task

Recover from total failure of the Reporting server.

Manual

Recover the server using any backup software, such as Windows Server Backup.

Automation

Recover the server using image-based deployment methods.

Health attribute

Continuity

Health area

Reporting Server

Frequency

As required by failure

Owner

Backup Operator

Add a Reporting server to a management group.

Health requirement

Ensure recovery of a Reporting server in the event of a failure.

Maintenance task

Remove a Reporting server from a management group.

Manual

Add a Reporting server using the Microsoft System Center Operations Manager installation process.

Automation

Add a Reporting server using unattended answer setup files.

Health attribute

Configuration

Health area

Reporting Server

Frequency

As required

Owner

Operator

Remove a Reporting server from a management group.

Health requirement

Remove unnecessary Reporting servers to reduce the attack surface.

Maintenance task

Remove a Reporting server from a management group.

Manual

Remove the Reporting server using the Microsoft System Center Operations Manager installation process.

Automation

Remove a Reporting server using unattended answer setup files.

Health attribute

Configuration

Health area

Reporting Server

Frequency

As required

Owner

Operator

Back up Microsoft Internet Information Services configuration.

Health requirement

Ensure recovery of Reporting server in the event of a failure.

Maintenance task

Restore Microsoft Internet Information Services configuration.

Manual

Back up configuration using any backup software, such as Windows Server Backup.

Automation

Back up configuration using backup software that supports scheduled backups.

Health attribute

Continuity

Health area

Reporting Server

Frequency

Perform a full backup each time any changes are made to Microsoft Internet Information Services configuration.

Owner

Backup Operator

Restore Microsoft Internet Information Services configuration.

Health requirement

Ensure recovery of the Reporting server in the event of a failure.

Maintenance task

Restore Microsoft Internet Information Services configuration.

Manual

Restore configuration using any backup software, such as Windows Server Backup.

Automation

Health attribute

Continuity

Health area

Reporting Server

Frequency

As required by failure

Owner

Backup Operator

Health Risks

ID

Description

Probability

Impact

Exposure (1–5)

Mitigation strategy

(1–100%)

(1–5)

1

Root management server failure

10%

5

5

Install a failover root management server in the cluster, recover from a current backup, or promote a management server to be a root management server.

2

Operations Manager database server failure

10%

5

5

Install a failover Operations Manager database server in the cluster, or recover from a current backup.

3

Management server failure

10%

3

3

Install a failover management server, or recover from a current backup.

4

Gateway server failure

10%

3

3

Install a failover gateway server, or recover from a current backup.

5

Agent failure

70%

1

1

Repair agent installation.

6

Operations console failure

20%

2

2

Install Operations console on multiple computers.

7

Web console server failure

10%

2

2

Install a failover Web console server (configured with hardware or software load balancing), or recover from a current backup.

8

Audit Collection Services Forwarder failure

10%

2

2

Install a failover Audit Collection Services Forwarder, or recover from a current backup.

9

Audit Collection Services Collector server failure

10%

2

2

Install a failover Audit Collection Services Collector server, or recover from a current backup.

10

Audit Collection Services database server failure

10%

2

2

Install a failover Audit Collection Services database server in the cluster, or recover from a current backup.

11

Reporting data warehouse database server failure

10%

2

5

Install a failover reporting data warehouse database server in the cluster, or recover from a current backup.

12

Reporting server failure

10%

1

2

Install a failover Reporting server (configured with hardware or software load balancing), or recover from a current backup.

13

Latency in collection of monitoring data

20%

3

4

Install additional server roles, or increase the system resources of existing servers, especially if the write times to the Operations Manager database are longer than 10 milliseconds.

14

Run As accounts with elevated permissions are compromised

30%

5

5

Configure Run As accounts with minimal permission, and ensure that password policies are enforced.

15

Action accounts with elevated permissions are compromised

30%

5

5

Configure action accounts with minimal permission, and ensure that password policies are enforced.

16

Failure of the Operations Manager database (OperationsManager)

10%

5

5

Install a failover Operations Manager database server in the cluster, perform log shipping of the Operations Manager database to another server, or recover from a current backup.

17

Failure of reporting data warehouse database (OperationsManagerDW)

10%

2

5

Install a failover reporting data warehouse database server in the cluster, perform log shipping of the Operations Manager database to another server, or recover from a current backup.

18

Failure of the Audit Collection Services database (OperationsManagerAC)

10%

2

2

Install a failover Audit Collection Services database server in the cluster, perform log shipping of the Operations Manager database to another server, or recover from a current backup.

19

Agent proxy is enabled

10

4

4

Disable the agent proxy configuration setting, which prevents an agent from submitting discovery data and monitoring data on behalf of another object.

Standard Changes

Proposed standard change

Category verified?

Approved by

Date for change development complete

Date for change release

Change the password of the credentials used for the Microsoft SQL Server Reporting service.

Change the credentials used for the SDK and Config Service accounts.

Change the password of the credentials used for the Reporting server execution account.

Change the password of the credentials used for the Microsoft Internet Information Services ReportServer Application Pool account password.

Verify use of low-privileged accounts for Run As accounts as appropriate.

Managing certificate renewal for the root management server.

Configure user roles for connected management groups.

Resolve active alerts after a period of time.

Configure grooming settings for a management group.

Back up root management server certificates.

Remove aged discovery data from the Operations Manager database (OperationsManager).

Back up the Operations Manager database (OperationsManager).

Manage certificate renewal for management servers.

Back up management server certificates.

Back up gateway server certificates.

Manage certificate renewal for gateway servers.

Place monitored objects in maintenance mode.

Add an Operations console to a management group.

Remove an Operations console from a management group.

Import management packs.

Export management packs,

Modify management packs.

Back up custom management packs.

Manage certificates on Web console servers.

Back up Audit Collection Services Forwarder configuration.

Back up the msdb database (Msdbdata).

Back up the reporting data warehouse database (OperationsManagerDW).

Back up the Audit Collection Services database (OperationsManagerAC).

Back up Microsoft Internet Information Services configuration.

Change the authentication method that a Web console server uses.

Manage certificates on Web console servers.

Add an Audit Collection Services Forwarder to a management group.

Enable an Audit Collection Services Forwarder for a computer group.

Add an Audit Collection Services Collection server to a management group.

Configure the collector-side filter.

Configure the Audit Collection Services data-retention period.

Manage access to Audit Collection Services reports.

Configure the reporting data warehouse data grooming interval.

Manage user access to reports.

Deploy an agent to managed computers.

Repair the agent by automatically reinstalling it.

Repair the agent by manually reinstalling it.

Recover and diagnose the agent by using the Automatic Agent Management Account Run As profile.

Remotely enable and restart the Health service.

Remotely restart the Health service.

Configure the action account on multiple computers.

Remove an agent from managed computers.