430 likes | 538 Views
UNIX and Linux Management with System Center 2012. Barry Shilmover Senior Program Manager Microsoft Corporation. Session Objectives and Takeaways. Session Objective(s): UNIX/Linux management capabilities in OpsMgr 2012 UNIX/Linux management capabilities in ConfigMgr2012.
E N D
UNIX and Linux Management with System Center 2012 Barry Shilmover Senior Program Manager Microsoft Corporation
Session Objectives and Takeaways • Session Objective(s): • UNIX/Linux management capabilities in OpsMgr 2012 • UNIX/Linux management capabilities in ConfigMgr2012
Why UNIX/Linux? Windows only 14% • It’s a heterogeneous world out there! • 86% of large IT orgs have mixture of Windows, UNIX, and Linux 86% Heterogeneous
Increasing Heterogeneous Momentum 2008 2009 2010 2011 2012 • Develop UNIX/Linux in OpsMgr 2007 • Ship UNIX/Linux in OpsMgr 2007 • Ship VMware support in SC VMM • Acquire Opalis • Enhance UNIX/Linux in OpsMgr 2012 • Develop Xen support in SC VMM • Integrate Opalis into SC • DevelopUNIX/Linux in ConfigMgr • Develop JEE in OpsMgr • Ship UNIX/Linux in OpsMgr 2012 • Ship Xen support in SC VMM • Ship Opalis as SC Orchestrator • Develop UNIX/Linux in ConfigMgr • Ship JEE in OpsMgr 2012 • Start next wave of development • Start next wave of development • Start next wave of development
Who’s Using UNIX/Linux in OpsMgr? • 3000+ customers (nearly 20% of all OpsMgr customers) are managing UNIX/Linux in addition to Windows • Managed UNIX/Linux node count ranges from just a few to 15,000 • Linux leads, but all three UNIX flavors as well
Supported Operating Systems • Version Support • New versions of operating systems supported within 180 days of release • Old versions supported as long as vendor provides support
Architectural Overview Config Service Config Service OpsMgr Management Server OpsMgr Management Server SDK SDK Health Service ssh protocol OM channel WS-Man protocol Health Service OpsMgr agent for UNIX/Linux (OpenPegasus CIMOM Server + providers) Managed Windows Computer MP MP Managed UNIX/Linux Computer MP MP MP MP OpsMgr agent for Windows
UNIX/Linux Architecture Details Managed UNIX/LinuxComputer OpsMgrManagementServer Config Service ssh client library Agent Maintenance Actions ssh connection sshd SDK Port 1270 WS-Man request WinRM client library OpsMgr agent for UNIX/Linux (OpenPegasus CIMOM Server + providers) HTTPS transport Health Service HTTPS transport WS-Man response MP MP MP WinRM = Windows Remote Management WS-Man = Web Service Management protocol sshd = standard UNIX/Linux secure shell daemon
High Availability Implications Admin creates Resource Pool and copies certificates using scxcertconfig.exe Management Server fails Resource Pool with two MS’s Config Service Config Service SDK SDK Pool selects one of its members to discover and monitor the UNIX/Linux computer Health Service Health Service Pool selects another member to monitor the UNIX/Linux computer Admin selects a Resource Pool to discover and monitor the UNIX/Linux computer OpsMgr agent for UNIX/Linux (OpenPegasus CIMOM Server + providers) MP MP MP MP UNIX/Linux computer has no Management Server state and is not aware of the change MP MP UNIX/Linux Computer
Communication Overhead • Management Server must get WS-Man query results each time a monitor/rule fires • Multiple monitors/rules can be satisfied by a single WS-Man network query via “cookdown” • Works across management packs • Intervals must match • Example: 10 File Systems * 12 standard monitors/rules = 120 monitors/rules All cookdown to a single WS-Man query to the agent, per interval
Topology Implications • Recommendation: Put UNIX/Linux computers on a dedicated Management Server pool • Scale by adding Management Servers to pool • Gateways can be used to cross firewall boundaries • Configure gateways in a pool for high availability
OpsMgr Access to UNIX/Linux Computers • Based on RunAs Profiles and RunAs Accounts • An administrator sets up RunAs Accounts, including passwords, that are stored in OpsMgr database • Associates an Account with each of three Profiles listed below • Other operators can initiate actions without knowing passwords
OpsMgr Access to UNIX/Linux Computers (“sudo” is similar to Windows “RunAs” command; sudo = “Do as SuperUser”)
Privilege Elevation Architecture Linux Admin ensures sudo is set up on unprivileged account MP rule fires Config Service OpsMgr agent for UNIX/Linux OpsMgr Management Server Managed UNIX/Linux Computer SDK sudo Privileged Action Health Service Connect to OpsMgr agent using username & password (unprivileged) Linux username & password are retrieved Invoke sudo to get privileges, then perform the privileged action MP MP OpsMgr Database OpsMgr Admin creates RunAs Account using info from Linux Admin MP RunAs Profile RunAs Acct RunAs Acct RunAs Acct
Powershell Cmdlets • UNIX/Linux specific cmdlets for: • Agent maintenance operations • Manage UNIX/Linux RunAs Accounts • Agent maintenance cmdlets allow scripting and background operation • Discovery and agent install • Agent upgrade • Delete computer from OpsMgr • Agent uninstall
Extensibility • New template in OpsMgr 2012 for UNIX/Linux command line • Create rule or monitor based on shell script or other UNIX/Linux commands (perl, …) • Similar capabilities to script template for Windows • Process/service monitoring template improvements • Distinguished based on arguments, not just process name • Monitor for min/max process instance count • Log file monitoring template improvements
Why add UNIX/Linux support to ConfigMgr? • Enterprises have heterogeneous environments • IT Admins prefer a single solution to manage clients and servers • IT Managers’ concerns around security and compliance - want a single view, consolidated reports • Customer Sales bids frequently require cross platform support • Evolution of Microsoft strategy to embrace heterogeneous platforms (started with OpsMgrsupport for UNIX/Linux)
Planned OS Platforms Supported 23 Platforms supported at RTW Solaris Version 11(x86 and SPARC) Version 10 (x86 & SPARC*) Version 9 (SPARC) SUSE Linux Enterprise Server Version 11 (x86 & x64) Version 10 (x86 & x64) Version 9 (x86) • AIX • Version 7.1 (Power) • Version 6.1 (Power) • Version 5.3 (Power) • HP-UX • Version 11iv3 (IA64 & PA-RISC) • Version 11iv2 (IA64 & PA-RISC) • Red Hat Enterprise Linux • Version 6 (x86 & x64) • Version 5 (x86 & x64)* • Version 4 (x86 & x64) * CTP Support for 3 Platforms
Core Functionality for UNIX/Linux • Hardware Inventory • Software Distribution • Software Inventory
Architecture Overview – Agent for UNIX/Linux Existing ConfigMgr 2012 or SP1 ConfigMgr Addon for UNIX/Linux New component common to all UNIX/Linux New component - OS specific Built-in OS functionality Native ConfigMgr communication with Agent Agent for UNIX/Linux Equivalent of ccmexec.exe in Windows CIMOM Server Equivalent of the WMI service in Windows Provider 1 Provider 2 Provider 3 Equivalent of WMI providers in Windows PAL OS Resources
Hardware Inventory - Scenarios • View UNIX/Linux Hardware Inventory using Resource Explorer • Create Collections (query based) of UNIX/Linux computers based on HW Inventory properties • Create Advertisements that can target Collections of UNIX/Linux computers • Generate consolidated reports based on HW Inventory • Define new CIM classes and create custom providers • Extend existing CIM classes/properties
Hardware Inventory - Implementation • Implementing a CIMOM Server (in place of WMI) • UNIX/Linux CIM Classes are mapped to existing WMI Classes • One-to-one mapping of existing class properties • Initially only implementing the core subset of UNIX/Linux applicable classes and properties • Support for UI configured Inventory of Classes/Properties (instead of editing SMS_Def.mof) • Full Inventory and Deltas are supported
Hardware Inventory - Extensibility • CIMOM server is fully extensible • Custom providers implement classes beyond what MS provides out-of-box • APIs and tools will be public • New providers must be installed on each computer Agent for UNIX/Linux CIMOM Server Provider 1 Provider 2 Provider 3 Custom Provider PAL OS Resources
Software Distribution - Scenarios • Deploy software to UNIX/Linux servers • Deploy patches/updates to installed software • Remove/uninstall software • Deploy UNIX/Linux OS patches • Run arbitrary maintenance scripts on UNIX/Linux servers
Software Distribution - Implementation • Create a package/program for Classic Software Dist • Specify application package in UNIX/Linux format (e.g. pkg, rpm or tarball) • Specify UNIX/Linux installation script to execute • Package gets replicated on the DPs • Advertise to a Collection that contains UNIX/Linux computers • UNIX/Linux Agents transfer content from DP using HTTP/HTTPS • UNIX/Linux computers typically don’t support SMB connections and UNC paths • Network bandwidth throttling is supported • Installation occurs during maintenance windows • Status message sent back - just like Windows
Scenario Walkthrough SWD – Package (PKG/RPM)+ Program (Install Script) SWD – Package (MSI) + Program Site Server & Site DB IT Admin Admin UI • UNIX/Linux additions dovetail with: • Existing ConfigMgr Console and UI • Existing Hardware Infrastructure • Existing Management Paradigms UNIX/Linux Advertisement Advertisement DP MP Status Msg Download Pkg (HTTP only) Policy Status Msg Policy Download Pkg (SMB or HTTP) Install during maintenance window Install during maintenance window
Software Inventory - Scenarios • View native installed UNIX/Linux software (pkgs/rpms) under ARP using Resource Explorer • Collect software inventory by specifying file name format and directory structure to search under
Features that will not be implemented Supported Will NOT be Supported
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.