All about System Center Articles and Tutorials

Operations Manager Basic Concepts

Posted by on May 10, 2017 in SCOM, SCOM 2012, SCOM 2016

Operations Manager Basic Concepts

Applies To: System Center Operations Manager 2012, 2016.

Whenever I meet people working on Non-Microsoft tools or domain, they ask me what exactly this System Center Operations Manager all about. I do explain them about this awesome tool and how it can help them in their environment.

I know there’s huge number of articles available on Internet about the functionality and capabilities of Operations Manager however I think it’s still worth to write an article on it as it may be a value add and helpful for the community who don’t know much about this wonderful monitoring tool.

So, will start with a brief introduction about this tool.

System Center Operations Manager (SCOM) – component of Microsoft System Center 2016 is a well-known Enterprise Class monitoring tool for Microsoft having capabilities to monitor Server OS, Hardware, Network Devices and Applications. Using Operations Manager, we can monitor services, devices, and operations for many computers from a single console. It helps in identifying and resolving the issues a well.

Imagine yourself in a situation wherein you have business critical applications running and you don’t have a proper monitoring mechanism implemented. In this scenario, the application may encounter unusual long downtime and may lead to user dissatisfaction. On other hand, if you are monitoring your critical applications though Operations Manager and you see your application status up and super green on SCOM console, you can go home and relax as you know SCOM monitoring is in place and you will be notified if there’s any issue with the application. You can fix the issue then and there.


Below are the key features of System Center Operations Manager:

  • Best in class Server, OS and Workload monitoring
  • Existing Management Packs
  • Audit Collection Services (ACS)
  • Agentless Exception Monitoring (AEM)
  • Distributed Application Designer (DAD)
  • Reporting & Data Warehouse
  • Synthetic Transactions & Templates
  • Gateway Servers
  • PowerShell
  • Service Level Tracking (SLA/SLO)
  • Active Directory Integration
  • Notifications & Subscriptions


The product began as a network management system called SeNTry ELM, which was developed by the British company Serverware Group plc.

In June 1998 the intellectual property rights were bought by Mission Critical Software inc, who renamed the product Enterprise Event Manager. Mission Critical undertook a complete rewrite of the product, naming the new version OnePoint Operations Manager (OOM).

Mission Critical Software merged with NetIQ in early 2000 and sold the rights of the product to Microsoft in October 2000. It was renamed Microsoft Operations Manager (MOM) and had another release as Microsoft Operations Manager 2005. Microsoft renamed the product System Center Operations Manager and released System Center Operations Manager 2007.

System Center Operations Manager 2007 was designed from a fresh code base, and although sharing similarities to Microsoft Operations Manager, is not an upgrade from the previous versions.


Operations Manager Infrastructure includes below components:

  • Management Group
  • Management Server
  • Gateway Server
  • Operational Database
  • Reporting Data Warehouse Database

Management Group  – A Management Group is the logical entity in which all the objects and data are stored in a SCOM environment. You can say, it is like a Domain in Active Directory.

A Management Group is typically created while a SCOM environment is installed. At the very minimum it can be hosted on only one server concentrating several roles: Management Server, the Operational Database, and the Reporting Data Warehouse Database.

Management Server – A Management Server is the focal point for administering the management group and communicating with the database. When you open the Operations console and connect to a management group, you connect to a management server for that management group. Depending on the size of your computing environment, a management group can contain a single management server or multiple management servers.

The role of the management server is to administer the management group configuration, administer and communicate with agents, and communicate with the databases in the management group.

Gateway Server Operations Manager requires mutual authentication to be performed between agents and Management Server prior to the exchange of information between them. If the agents are in DMZ or Management Server and agents don’t lie in same trust boundary, we require a Gateway Server.

Operational Database It is SQL Server database that contains all configuration data for the management group and stores all monitoring data that is collected and processed for the management group. The operational database retains short-term data, by default 7 days.

Data Warehouse Database – It is SQL Server database that stores monitoring and alerting data for historical purposes. Data that is written to the Operations Manager database is also written to the data warehouse database, so reports always contain current data. The data warehouse database retains long-term data.

When Operations Manager reporting role is installed, the Management Group also contains a Reporting server which builds and presents reports from data in the Data Warehouse Database.

These core components of a Management Group can exist on a single server, or they can be distributed across multiple servers, as shown in the following image.


Below are the three common services run on Management Server:

1: Microsoft Monitoring Agent – Known as Health Service. On a Management Server, the service runs monitoring workflows and manages credentials. To run workflows, the service initiates MonitoringHost.exe processes using specified credentials. These processes monitor and collect event log data, performance counter data, Windows Management Instrumentation (WMI) data, and run actions such as scripts.

2: System Center Data Access Service – Known as SDK Service. It’s responsible for providing access to Operations Manager Web Console, Importing & Storing Management Packs, Stores Management Group information to the Operations Manager DB.

3: System Center Management Configuration Service – It manages the relationships and topology of the Management Group. It also distributes Management Packs to monitored objects.

Below is the common service runs on Monitored Computer:

1: Microsoft Monitoring Agent – This service runs on managed computer as well. It collects performance data, executes tasks, and so on. Even when the service is unable to communicate with the Management Server it reports to, the service continues to run and queues the collected data and events on the disk of the monitored computer. When the connection is restored, the Microsoft Monitoring Agent service sends collected data and events to the Management Server.


Before we start need to understand about below components responsible for object discovery and monitoring in Operations Manager:

  • Agent
  • Management Pack

Agent – An Operations Manager Agent is a service that is installed on a computer which  needs to be monitored through SCOM. The agent collects data, compares sampled data to predefined values, creates alerts, and runs responses. A management server receives and distributes configurations to agents on monitored computers.

Every agent reports to a management server in the management group. This management server is referred to as the agent’s primary management server.

Agents watch data sources on the monitored computer and collect information as per the configuration that is sent to it from its management server. The agent also calculates the health state of the monitored computer and objects on the monitored computer and reports back to the management server. When the health state of a monitored object changes or other criteria are met, an alert can be generated from the agent. This lets operators know that something requires attention. By providing health data about the monitored object to the management server, the agent provides an up-to-date picture of the health of the device and all the applications that it hosts.

An agent can be configured to act as a proxy agent. A proxy agent is an agent that can forward data to a management server on behalf of a computer or network device other than its host computer. For example, an agent that is installed on the physical node of an SQL cluster can be enabled to act as proxy to monitor the cluster resource. Proxy agents enable monitoring of computers and devices on which an agent cannot be installed. For more information, see Agentless Monitoring.

Management Pack – Management packs typically contain monitoring settings for applications and services. After a management pack is imported into a Management Group, System Center Operations Manager immediately begins monitoring objects based on default configurations and thresholds that are set by the Management Pack.

Each management pack can contain any or all of the following parts:

  • Monitors – Which direct an agent to track the state of various parts of a managed component.
  • Rules – Which direct an agent to collect performance and discovery data, send alerts and events, and more.
  • Knowledge – Which provides textual advice to help operators diagnose and fix problems.
  • Views – Which offer customized user interfaces for monitoring and managing this component.
  • Reports – Which define specialized ways to report on information about this managed component.
  • Object discoveries – Which identify objects to be monitored.

Coming back to Object Discovery and MonitoringAfter Operations Manager installs an agent on a computer, it sends an initial configuration to the agent. The initial configuration includes object discoveries from management packs. The management pack defines the types of objects, such as applications and features, that will be monitored on computers that have been discovered by Operations Manager. Agents send data to the management server that identifies the instances of objects discovered on the computer. The management server then sends the agents the elements of management packs that apply to the discovered objects for each computer, such as rules and monitors.

Discovered objects have a health state, which is reflected in the Operations console as Green (Successful or Healthy), Yellow (Warning), or Red (Critical or Unhealthy).

The following image is a simplified illustration of how objects are discovered and monitored.

1: The administrator configures Operations Manager to search for computers to manage.

2: Computers that meet the specified criteria and are not already managed are identified.

3: An Operations Manager agent is installed on the discovered computer.

4: The agent requests configuration data, and then the Management Server sends the agent configuration data from installed Management Packs that includes classes to be discovered. For example, if the Windows Server operating system Management Packs are installed, the Management Server will send the agent the operating system classes.

5: The agent compares the configuration data to the computer, identifies any objects that it discovers, and returns the information to the Management Server. For example, the agent will return to the Management Server that an instance of Windows Server 2016 operating system is on the computer.

6: The Management Server sends the agent all monitoring logic from installed Management Packs that applies to the discovered objects. For example, the agent will receive all monitoring logic that applies to Windows Server 2016.

7: The agent applies the monitoring logic, such as rules and monitors, runs workflows, and returns data to the Management Server.

8: As changes occur to discovered objects, such as applications being added or uninstalled, the agent sends the updated information to the Management Server, which then sends updated monitoring logic.


The Operations Manager agent sends alert and discovery data to the primary Management Server, which writes the data to the operational database. The agent also sends events, performance, and state data to the primary Management Server for that agent, which writes the data to the Operational and Data Warehouse databases simultaneously.

The agent sends data as per the schedule parameters for each rule and monitor. For optimized collection rules, data is only transmitted if a sample of a counter differs from the previous sample by a specified tolerance, such as 10%. This helps reduce network traffic and the volume of data stored in the Operational DB.

Additionally, all agents send a packet of data, called a heartbeat, to the Management Server on a regular schedule, by default every 60 seconds (Can be changed). The purpose of the heartbeat is to validate the availability of the agent and communication between the agent and the Management Server.

For each agent, Operations Manager runs a Health Service Watcher, which monitors the state of the remote Health Service from the perspective of the Management Server.

Note: Apart from Windows Computers, Operations Manager has capability to discover and do comprehensive monitoring of Network Devices & UNIX / Linux Operating Systems. It can also provide Agentless monitoring. For more information, see Operations Manager Monitoring Scenarios in the Operations Guide.

Hope this helps.

Submit a Comment

Your email address will not be published. Required fields are marked *