SCOM - StackState Docs

Search…
SCOM
StackState Self-hosted v4.6.x
Overview
The SCOM StackPack is used to create a near real time synchronisation with your SCOM instance. The SCOM integration can be configured to run as either an API integration or PowerShell integration, these are described in the tabs below the diagram.
SCOM is a StackState curated integration.
Data flow
API integration
PowerShell integration
API integration
The StackState SCOM API integration sends requests to the SCOM API to retrieve topology data and events.
Agent V2 connects to the configured SCOM API.
Topology data and events for the configured criteria are retrieved from SCOM.
Agent V2 pushes retrieved data to StackState.
StackState translates incoming SCOM topology data into components and relations. Incoming events are used to determine component health state and publish SCOM alerts in StackState.
When to choose API integration
The SCOM API integration produces a clean topology in StackState by allowing you to specify the topology to collect. You can run the SCOM check from any StackState Agent V2 as long as it can connect to both the SCOM API and StackState.
Retrieving a large topology can require a high number of API requests, this can take time and may place some stress on your SCOM system. The size of topology you can retrieve may also be limited by the number of requests possible. To avoid this, use the SCOM PowerShell integration.
PowerShell integration
The StackState SCOM PowerShell integration runs PowerShell scripts on the SCOM box to retrieve topology data and events.
PowerShell scripts in Agent V2 collect topology data and events from SCOM..
Agent V2 pushes retrieved data to StackState.
StackState translates incoming SCOM topology data into components and relations. Incoming events are used to determine component health state and publish SCOM alerts in StackState.
When to choose PowerShell integration
The PowerShell integration retrieves all SCOM topology data quickly without placing strain on your SCOM system. As a result, there is no limit on the size of topology that can be retrieved.
The PowerShell integration scripts must be run by an instance of StackState Agent V2 installed on the same box as SCOM and will always retrieve all topology data. This might be undesirable or confusing when viewed in StackState. If you would like to specify a criteria for the data to be retrieved or need to run the integration from a StackState Agent installed elsewhere, you should use the SCOM API integration.
Setup
Prerequisites
API integration
PowerShell integration
To set up the StackState SCOM API integration, you need to have:
​StackState Agent V2 must be installed on any machine that can connect to both SCOM and StackState.
A running SCOM instance (version 1806 or 2019).
A SCOM user with the role Operations Manager Read-Only Operators.
To set up the StackState SCOM PowerShell integration, you need to have:
​StackState Agent V2 must be installed on the same machine running SCOM.
A running SCOM instance (version 1806 or 2019).
Install
Install the SCOM StackPack from the StackState UI StackPacks > Integrations screen. You will need to provide the following parameters:
SCOM Instance URL: the SCOM instance URL from which topology need to be collected.
Configure
API integration
PowerShell integration
To enable the SCOM check and begin collecting data from SCOM, add the following configuration to StackState Agent V2:
1.Edit the Agent integration configuration file /etc/stackstate-agent/conf.d/scom.d/conf.yaml to include details of your SCOM instance:
hostip - SCOM IP.
domain - active directory domain where the SCOM is located.
username
password - use secrets management to store passwords outside of the configuration file.
auth_mode - Network or Windows (Default is Network).
integration mode - to use the API integration, set to api.
max_number_of_requests - The maximum number of requests that should be sent to the SCOM API. See how to determine the required number of API requests, default 10000.
criteria - A query to specify the components to retrieve data for.
1
init_config:
2
  
3
  
4
instances:
5
# run every minute
6
- # min_collection_interval: 60 # use in place of collection_interval for Agent v2.14.x or earlier 
7
  collection_interval: 60
8
  hostip: localhost
9
  domain: stackstate
10
  username: <username>
11
  password: <password>
12
  auth_mode: Network
13
  integration_mode: api    # can be api or powershell, default api
14
  max_number_of_requests: 10000   # default 10000
15
  criteria : "(FullName LIKE 'Microsoft.Windows.Computer:%')" # an Operations Manager Data Query
Copied!
2.​Restart the StackState Agent(s) to apply the configuration changes.
Specify the components to retrieve data for
The components to retrieve data for can be defined using an Operations Manager Data Query (docs.microsoft.com). For example, to retrieve data for all Microsoft Windows computers:
1
criteria : “(FullName LIKE ‘Microsoft.Windows.Computer:%’)”
Copied!
Errors in the configured criteria query will be reported in the StackState Agent log file.
1
2020-11-05 09:19:31 GMT | ERROR | ... | (scom2.py:114) | Invalid criteria :The property FullNsame is not valid for the given criteria.
Copied!
Determine the required number of API requests
Use the script below to determine the number of components that match a criteria query and the number of dependencies. Add these numbers together and multiply by 2 to find the required number of API requests to retrieve topology data from SCOM. Two API requests are required to retrieve data for each component and each dependency.
1
$components = (Get-SCOMManagementGroup).GetMonitoringObjects("FullName LIKE 'Microsoft.Windows.Computer:%'")
2
"total number of components that match criteria: "+$components.count 
3
$deps= ($components.GetRelatedMonitoringObjects('Recursive')).count
4
"Total number of dependencies: "+ $deps
Copied!
As two API requests are required to retrieve data for each component and each dependency, the configured max_number_of_requests must be higher than the returned total number of components that match criteria AND total number of dependencies multiplied by 2.
To enable the SCOM check and begin collecting data from SCOM, add the following configuration to StackState Agent V2 running on the same box as your SCOM instance:
1.Edit the Agent integration configuration file /etc/stackstate-agent/conf.d/scom.d/conf.yaml to include details of your SCOM instance:
integration mode - to use the PowerShell integration, set to powershell.
1
init_config:
2
  # run every minute
3
  # min_collection_interval: 60 # use in place of collection_interval for Agent v2.14.x or earlier 
4
  collection_interval: 60
5
instances:
6
- integration_mode: powershell    # api or powershell, default api
Copied!
2.​Restart the StackState Agent(s) to apply the configuration changes.
Status
Integration status
To check the status of the SCOM integration, run the status subcommand and look for SCOM under Running Checks:
1
sudo stackstate-agent status
Copied!
API connectivity (API integration only)
To check connectivity between StackState Agent V2 and the SCOM API, open the StackState Agent log file and search for the SCOM Connection Status Code. Connection status is reported as an HTTP status code - 200 is a good connection, other codes show a problem with connectivity.
1
(scom.py:118) | Connection Status Code 200
Copied!
Integration details
REST API endpoints
Retrieving topology data from SCOM requires 2 API requests per component.
API endpoint
Description
OperationsManager/data/scomObjects
Get type of component.
OperationsManager/data/objectInformation
Get component information and relations.
OperationsManager/data/alert
Get alerts.
Data retrieved
Events
Alerts and Health state from SCOM are available in StackState as events.
Data
Description
Alerts
The following alert fields are retrieved: id, name, monitoringobjectdisplayname, description, resolutionstate, timeadded, monitoringobjectpath.
Health state
The component health state retrieved from SCOM is used to determine component health in StackState: Healthy = green Warning = orange Critical = red Not monitored, Out of contact or Maintenance mode = gray
Metrics
The SCOM check does not retrieve any metrics data.
Topology
Retrieved topology data is visible in the StackState UI SCOM view, named *SCOM.* .
Components
Relations
Traces
The SCOM check does not retrieve any traces data.
Open source
The code for the StackState SCOM check is open source and available on GitHub at: https://github.com/StackVista/stackstate-agent-integrations/tree/master/scom​
Troubleshooting
Troubleshooting steps for any known issues can be found in the StackState support Knowledge base.
Uninstall
To uninstall the SCOM StackPack and disable the SCOM check:
1.Go to the StackState UI StackPacks > Integrations > SCOM screen and click UNINSTALL.
All SCOM specific configuration will be removed from StackState.
2.Remove or rename the Agent integration configuration file, for example:
1
 mv scom.d/conf.yaml scom.d/conf.yaml.bak
Copied!
3.​Restart the StackState Agent(s) to apply the configuration changes.
Release notes
SCOM StackPack v2.1.1 (2021-04-12)
Improvement: Common bumped from 2.5.0 to 2.5.1
See also
​StackState Agent V2​
​Secrets management in StackState​
​StackState Agent integrations - SCOM (github.com)​
​Operations Manager API reference (docs.microsoft.com)​
​Using Operations Manager data queries (docs.microsoft.com)​