OMS in CSP

A lot of CSP partners ask about OMS availability in CSP. In this article I'll show what OMS components are available in CSP and how to use them.

Microsoft Operations Management Suite (OMS) includes several management solutions for hybrid cloud. It was introduced in May 2015 as an evolution of System Center, and it's capable to manage public clouds and private clouds. OMS capabilities, pricing and licensing are well described in this datasheet.

oms

Some facts about OMS:

  1. There is an OMS Portal and OMS SKUs - special SKUs in Open/EA pricelist. OMS Portal and related functionality are available in CSP inside Azure subscription, but OMS SKUs are not.
  2. Currently there are 6 OMS SKUs:
    1. Insight & Analytics - includes Azure Log Analytics and 2 additional solutions on OMS Portal (Service Map + Network Performance Monitor), that are not available in regular Log Analytics
    2. Automation & Control - includes Azure Automation (with Desired State Configuration (DSC) and Automation Hybrid Worker functionality) and 2 additional solutions on OMS Portal (Change Tracking + Update Management)
    3. Security & Compliance - includes Azure Security Center and 2 additional solutions on OMS Portal (Antimalware Assessment + Security and Audit)
    4. Protection & Recovery - includes Azure Backup and Azure Site Recovery. Note: OMS SKUs include both Azure Backup and ASR (no matter if it's Site-to-Site or Site-to-Azure scenario). But in CSP you'll see 3 separate charges with different prices - Azure Backup, Azure Site Recovery Site-to-Site and Azure Site Recovery Site-to-Azure.
    5. OMS E1 - includes Insight & Analytics + Automation & Control. This is SKU is not available in CSP, so you'll need to purchase those 2 solutions separately.
    6. OMS E2 - full bundle, that includes all 4 OMS solutions with a discount. This SKU is not available in CSP, so if you'll need all 4 OMS solutions, you will be charged for all of them separately, without a discount.
  3. OMS is well integrated with System Center 2016 and its components can be treated as "cloud versions" of System Center components:
    1. OMS Insight & Analytics is a monitoring solution, that runs in the cloud and accessible from any devise through web browser. It can be used instead of System Center Operations Manager (you can install OMS agents on Windows and Linux machines in the cloud or on-premise) or it can be connected to SCOM to visualize it's data and extend it with its own "solutions" (analog of Management Packs in SCOM). Service Map functionality in OMS is an analog of "Distributed Applications" in SCOM.
    2. OMS Automation & Control is an automation and orchestration solution. It includes Azure Automation, which shares a big part of code with System Center SMA (part of System Center Orchestrator). Change Tracking solution in OMS has an overlapping functionality with System Center Service Manager, and OMS Update Management in some way overlaps with System Center Configuration Manager.
    3. OMS Protection & Recovery adds backup to the cloud capabilities to System Center Data Protection Manager, and it adds Disaster Recovery capabilities for Hyper-V environments, managed by System Center Virtual Machine Manager.
  4. If you'll purchase OMS SKUs with an annual commitment, you'll also receive System Center 2016 licenses for the period of OMS subscription. If you'll decide to pay for OMS SKUs monthly without commitment, you won't get System Center licenses. You won't get System Center licenses if you'll purchase OMS solutions through CSP.
  5. All OMS solutions are licenses per node. Node equals to VM or physical (non-virtualized) host. It also requires Azure Storage for backups, log collection and DR data, and it's charged separately.

capture_17022017_175954

I usually face 3 scenarios how customers are using OMS:

  1. OMS as a management solutions instead of System Center:
    1. Azure Log Analytics (OMS Insight & Analytics) as a comprehensive monitoring solution, that managed Windows & Linux machines on-premise and in the cloud, also including Office 365 monitoring and Windows Telemetry analysis. OMS Agent Proxy can be used to get monitoring data even from servers, not connected to the Internet.
    2. Azure Automation as a comprehensive automation solution. It can automate a lot of tasks in the cloud, and Automation Hybrid Worker extends it capabilities to the on-premise environment.
    3. Azure Security Center audits the security in the cloud and prevents breaches, while OMS Antimalware Assessment and OMS Security and Audit analyze what's happening in the on-premise environment.
    4. Azure Backup can backup VMs in Azure, and Azure Backup Server (which in fact is equal to System Center DPM, but lacks tape support) can be used to backup on-premise VMs (Hyper-V and VMWare), Exchange databases, SQL Server databases, file servers, SharePoint farms and a state of Active Directory. Azure Backup Server can backup on-premise data to local disks, and then copy important data to the cloud (which is equal to DPM approach).
    5. Azure Site Recovery can be used to make a DR from on-premise Hyper-V and VMWare hosts to Azure.
  2. OMS as an addition to System Center:
    1. Existing SCOM analyses what's happening on-premise, and Log Analytics analyzes what's happening in the public cloud. SCOM agents send data to SCOM server, and SCOM server can be connected to OMS Workspace. You don't need to install OMS agents on every server in your environments if you've already installed SCOM agent.
    2. Existing System Center Orchestrator and SMA automate and orchestrate on-premise environment. Azure Automation automate tasks in the cloud.
    3. Existing DPM can leverage Azure Backup to store backups in the cloud.
    4. VMM manages Hyper-V-based private cloud and leverages Azure Site Recovery for Site-to-Site and Site-to-Azure DR scenarios.
    5. And of course System Center Configuration Manager and System Center Service Manager are powerful tools to manage on-premise environments.
  3. Part of management is delivered by OMS, part by System Center. Mix of 2 scenarios, described above.

If you'll decide to go with scenario 2 or 3 through CSP, you'll need to purchase System Center 2016 licenses separately - through SPLA or any Volume Licensing channel.

Using OMS in CSP

To start using OMS in CSP, you'll need to create an Azure subscription on Partner Center as usual. Logon to Azure Portal with Owner rights for that subscription. Click on More Services and choose Solutions.

capture_17022017_172428

Then click Add. You'll see 4 OMS solutions - Insight & Analytics, Automation & Control, Security & Compliance and Protection & Recovery. Let's create the 1st one.

capture_17022017_172553

OMS Insight & Analytics

First of all you'll need to create a new OMS Workspace. You need to choose pricing tier "Per Node (OMS)" to get access to all OMS capabilities. When you'll click OK, a new Azure Log Analytics resource will be also created inside the selected Resource Group.

capture_17022017_172637 capture_17022017_172835

Then click Create to create OMS Insight & Analytics solution.

capture_17022017_173104

Choose Log Analytics in the More Services menu.

capture_17022017_173308

In OMS Workspace menu you'll see a direct link to OMS Portal.

capture_17022017_173423

Further configuration of OMS is done on OMS Portal. You'll need to install OMS agents on all servers that you want to monitor, add another Solutions (similar of Management Packs in SCOM) and customize your dashboards.

capture_17022017_173448 capture_17022017_173507 capture_17022017_174014 OMS Solution Gallery

OMS Automation & Control

Return to Solutions menu and click Add again. Choose Automation & Control item.

capture_17022017_173604

Choose an existing OMS Workspace. In OMS Workspace settings you'll need to select an existing Azure Automation account or create a new one. I'll create a new account.

capture_17022017_173634

When you'll click OK, a new Azure Automation account and RunAs account will be created. You'll see an error that Classic RunAs account wasn't created - that's OK because Classic (non-ARM) resource model is not available in CSP. You can ignore that error.

capture_17022017_173801

Then you'll see 3 new solutions in OMS Portal (Azure Automation, Change Tracking and Update Management).

capture_17022017_173912

You can configure Azure Automation on the Azure Portal, including Hybrid Workers.

capture_17022017_190647 capture_17022017_190545

OMS Security & Compliance

Return to Solutions menu and click Add again. Choose Security & Compliance item.

capture_17022017_173951Choose an existing OMS Workspace and click create. 2 new solutions will appear on OMS Portal - Antimalware Assessment and Security and Audit.

capture_17022017_191106

But Azure Security Center won't be enabled automatically. You'll need to click More Services, select Azure Security Center and then click Launch Security Center to activate it inside your subscription.

capture_17022017_174151

Azure Security Center uses a separate agent (not a regular OMS agent) that you'll need to push to all your VMs in Azure.

OMS Protection & Recovery

This step will be different from OMS installation using regular OMS SKUs. OMS Portal still uses classic (non-ARM) Azure Backup vault and Azure Site Recovery vault, while Azure CSP uses new combines version of a vault called Azure Recovery Services vault. That vault includes both Backup and Site Recovery capabilities.

Return to Solutions menu and click Add again. Choose Backup and Site Recovery (OMS) item.

capture_17022017_174737

You'll see a regular Recovery Services Vault creation wizard.

capture_17022017_174835

But you still won't be able to select that new (ARM-based) vault in the OMS Portal:

capture_17022017_185811 capture_17022017_185851 capture_17022017_185906

That's not a big problem because all Backup and Site Recovery management tasks are done on Azure Portal or using Azure Backup Server management console. Check my previous articles about Azure Backup in CSP and Azure Site Recovery in CSP.

Further deployment steps

OK, we've activated all 4 OMS solutions inside an Azure subscription in CSP. Next steps will be:

  1. Install OMS agents on all Windows and Linux machines that you want to monitor.
  2. If you have an existing SCOM installation - then connect SCOM to your OMS Workspace.
  3. If you have an existing SCCM installation - then connect SCCM to your OMS Workspace.
  4. If you have Office 365 subscription - then add Office 365 Analytics solution from Solution Gallery and provide Global Admin credentials to monitor your Office 365 services in OMS Workspace.
  5. Create Azure Automations runbooks and deploy Azure Automation Hybrid Workers to extend runbooks to your on-premise environment.
  6. Activate Azure Security Center agents inside all Azure VMs in that subscription and check the security recommendations that will be provided.
  7. Deploy Azure Backup Server and configure backup of Azure VMs.
  8. Configure Azure Site Recovery for disaster protection.
  9. Add other OMS Solutions from the Solutions Gallery.

OMS Solution Gallery capture_17022017_195233

I hope it was valuable for you and you'll feel the benefits of a modern Microsoft management solution for the Hybrid Cloud. Good luck!

Comments

  • Anonymous
    February 20, 2017
    Thank you for explaining the licensing specifics of the CSP program.As a service provider deploying OMS to monitor customers workloads hosted in our datacenter which is fully covered by "System Center Datacenter SPLA" it would have been nice to get some benefits/discounts for this scenario.
  • Anonymous
    February 21, 2017
    The comment has been removed
    • Anonymous
      February 22, 2017
      Separate OMS PerNode meters are available in CSP price list. So if you will choose "PerNode (OMS)" pricing tier inside OMS subscription, you will be charged using those OMS PerNode meters from Azure CSP price list. You don't need OMS SKUs for that.
      • Anonymous
        February 22, 2017
        Thank you! That was the missing piece I wasn't aware of but now makes sense.
  • Anonymous
    February 26, 2017
    I love this article. thx!!and one quick question.In the previous document, "CPS' Security & Compliance has Security Center OR two solution packs".Have you changed to Security Center AND two solution packs now?
    • Anonymous
      February 27, 2017
      When you activate Security & Compliance solution in CSP, only 2 security solution packs are created on OMS Workspace. Security Center need to be activated separately.
      • Anonymous
        March 05, 2017
        Thank you so much!!
  • Anonymous
    March 26, 2017
    Hi Kirill. Thanks for the good explanation.Just to help me clarify this. In your article, you mentioned that there are 6 OMS SKU's - the four key offerings plus E1 and E2. Is it correct that CSP only offers the first 4 SKU's? i.e. only the E1 and E2 OMS SKUs are not available in CSP.
    • Anonymous
      March 28, 2017
      No, OMSs SKUs are not available in CSP at all. OMS SKUs are special SKUs to purchase OMS without Azure subscription. In case of CSP partner will create Azure subscription and create OMS services inside it.
      • Anonymous
        November 06, 2017
        So, assuming a customer is sold Azure via CSP, then adds all 4 solutions, will they get E2 type discounting? I am assuming not.
        • Anonymous
          November 06, 2017
          No, you will be charged for 4 different solutions.
  • Anonymous
    April 27, 2017
    Can OMS be part of the DPOR? I didn't see it listed...