SCOM (Microsoft System Center Operations Manager)

Microsoft System Center Operations Manager (SCOM) is a cross-platform data center management system for operating systems and hypervisors. Using this integration, you can configure SCOM to automatically send alerts to BigPanda. The SCOM integration provides streamlined installation, debugging, and supports installations that use an HTTP proxy server.

📘

Open Integration Manager

The Open Integration Manager is available for use with SCOM. For more information, see the Open Integration Manager documentation.

How it Works

The SCOM Integration works by subscribing BigPanda to all alert notifications. The SCOM Integration utility automatically installs the BigPanda command executable file and creates a command channel, a subscriber, and a subscription in SCOM. When a SCOM alert is generated, the information is forwarded to BigPanda using these elements:

• The command notification channel defines what information is sent to BigPanda. By default, all standard SCOM fields are sent to BigPanda, and you can add custom fields. It also determines that the notification is sent by running the BigPanda command executable file.
• The notification subscriber defines the BigPanda channel as the recipient and determines the schedule for sending notifications. You can customize the notifications schedule.
• The notification subscription defines the criteria for sending a notification. By default, all alerts are sent to BigPanda, and you can filter which alerts are sent and set an initial delay. It also defines that the BigPanda channel is used to send the notification and the BigPanda subscriber receives the notification.

BigPanda then processes and correlates the alert from SCOM to create and maintain up-to-date incidents in BigPanda.

🚧

Simultaneous Response Limit

SCOM has a limitation of allowing only 5 simultaneous responses, which affects the command notification channel. The asynchronous response limit can be increased to 100, but an incremental increase is recommended. For alert storms exceeding this limit, consider adding a mitigation mechanism upstream.

❗️

Payload size

Alert payloads must be 6MB or smaller. Larger payloads will fail to process with BigPanda. We recommend reviewing your configurations to ensure that only actionable, useful information is being sent to BigPanda.

When Alerts are Updated and Closed

The life cycle of a SCOM alert in BigPanda reflects the notifications that SCOM sends.

• Alerts are not updated: SCOM sends an alert when an error first occurs, but does not send updates when the error criteria change. The error criteria in BigPanda remain in the initial state for the entire life cycle of the alert. If SCOM is configured for auto-remediation, the remediation updates are not sent to BigPanda.
• Alerts cannot transition from warning to critical: If a check in SCOM transitions from a warning to a critical state, SCOM closes the warning and sends a new, critical alert with a unique identifier. The initial warning alert is closed and a new critical alert is opened in BigPanda. This behavior does not affect alert correlation. The check is counted as two different alerts in BigPanda.
• Some alerts are not closed automatically: For alerts from monitors, SCOM sends an update when the error is resolved. The alert is then automatically closed in BigPanda. For alerts from rules, SCOM does not send a resolution event so the related alert in BigPanda remains open. You must manually resolve BigPanda incidents that contain SCOM alerts from rules.

📘

Acknowledged Alerts

When an alert is acknowledged in SCOM, it is marked as Acknowledged in BigPanda.

SCOM Data Model

BigPanda normalizes alert data from SCOM. You can use tag values to filter the incident feed and to define filter conditions for Environments. The primary and secondary properties are also used during the deduplication and correlation processes.

Standard Tags

Custom Tags

You can independently configure the integration to send custom SCOM fields to BigPanda. These fields become custom tags in BigPanda are available along with the standard tag data to help users resolve problems.

To send custom fields to BigPanda:

1. In SCOM, open the Operations console, and then click Administration. You must have the Operations Manager Administrators role in SCOM.

2. In the navigation pane, go to Notifications > Channels.

3. Open the BigPanda channel and click the Settings tab.

   

4. In the Command line parameters field, add the custom fields in one of the following ways.

   • Enter the field names manually. For example, CustomField1=domain_name.
   • Click the arrow and select the custom field you want to send.

Install The Integration

Administrators can install the integration by following the SCOM Installation instructions.

📘

Execute on all SCOM management consoles

When installing the integration, be sure to copy the executable /bigpanda-scom-cli.exe to all of the SCOM management consoles, not just the one that it was installed on as the primary.

Debug SCOM

Before You Start

• Ensure the BigPanda SCOM integration and SCOM Integration utility are installed.
• Obtain access to the server where SCOM is installed.
• Open the PowerShell console and change the execution policy to RemoteSigned by running the following command:

Set-ExecutionPolicy remotesigned

Check the Version

To check the version of the SCOM Integration utility, run the following command:

./bigpanda-scom-cli.exe --version

If you don't have the latest version of the utility, download and install it:

Windows 64-Bit.

View the SCOM Log File

The SCOM Integration utility writes a message to a log file every time an alert is sent from SCOM to BigPanda. This information can be very helpful when diagnosing a problem.

Access the log file in the same directory where you extracted the utility. The file name is: bigpanda-scom-cli.log

Change the Logging Options

You can change logging options by using the following flags with your commands.

Example:

./bigpanda-scom-cli.exe test --debug -k <YOUR APP KEY> -t <YOUR TOKEN>

Send a Test Alert

You can send a test alert from SCOM to BigPanda. Run the following command and replace <YOUR APP KEY> and <YOUR TOKEN> with the corresponding values in BigPanda.

./bigpanda-scom-cli.exe test -k <YOUR APP KEY> -t <YOUR TOKEN>

Use a Proxy Server

If you're using an HTTP Proxy server in your SCOM configuration, you can use the --proxy flag when installing the utility and sending a test alert. For example, run the following command and replace with the full URL to your proxy server:

./bigpanda-scom-cli.exe test --proxy <Proxy server URL>

❗️

Proxy must be added

When installing the utility and sending a test alert, the command line excludes the .exe. The --proxy line is also not added to the full path and command line parameters of the notification channel. Adding a check for the full path of the command line channel ensures that the --proxy value is there.

After Debugging

If you are unable to resolve the problem, contact BigPanda support for assistance.

Uninstall the Integration

Deleting an integration requires that you remove the integration in both the integrated system and BigPanda. We recommend that you first uninstall the integration on the integrated system to prevent traffic from being sent and rejected by BigPanda, since the app key will not exist once you delete the integration in BigPanda.

❗️

Caution during replacement

When replacing an existing integration with a new tool or system, we recommend configuring the new integration first to ensure no data is lost.

Deactivate Inbound Integration

If you want to stop sending data to BigPanda but don’t want to delete your integration, you can temporarily deactivate it.

To deactivate an inbound integration:

1. In BigPanda, navigate to the Integrations tab and select the desired integration from the list. This will open integration details on the right side of the window.
2. At the top of the integration details, click the Active/Inactive toggle next to the application name to change the status of the integration.

In the integrations list, inactive integrations will be marked with a gray bar.

❗️

Alert Resolution for Inactive Integrations

Any active alerts belonging to an inactive integration must be manually resolved or they will stay in the system until the auto-resolve window is reached.

Stop Sending Data to BigPanda

1. Download the latest BigPanda SCOM Integration utility for your operating system: Windows 64-Bit

2. Extract the downloaded archive and open a PowerShell console with a command prompt in the extracted directory.

3. Change the execution policy for the PowerShell console to RemoteSigned by running the following command:

   Set-ExecutionPolicy remotesigned
   

4. Run the following command:

   ./bigpanda-scom-cli.exe uninstall
   

5. At the prompt, enter y to confirm the change, and press Enter.

Delete the Integration in BigPanda

Take the following steps to delete the integration from BigPanda:

1. In BigPanda, navigate to the Integrations tab and select the desired integration from the list.
2. In the integration details on the right of the page, click the trash icon, then confirm you want to delete the integration. The integration will be removed immediately.

👍

️Automatic alert resolution for deleted integrations

All active alerts from the integration will be resolved after deletion.

❗️

Data removal

This procedure does not remove any data from the integrated system.