Category Archives: Microsoft

HP Storage Integrations for System Center are Now Part of HP OneView for System Center

I’ve got some news. HP Storage integrations for Microsoft System Center: SCOM and SCVMM plugins are now part of the unified HP OneView for Microsoft System Center. As result of this integration, customer has to download only one master package of HP OneView for System Center 7.6.

Here are some more details on this:

HP OneView for Microsoft System Center provides comprehensive system health and alerting, driver and firmware updates, OS deployment, detailed inventory, and HP fabric visualization.

The HP Storage Management Pack for System Center and the HP Storage UI Add-in for System Center have now been included with HP OneView for Microsoft System Center (OV4SC) to provide our customers with a unified manageability experience via a single repository of Microsoft System Center related products. All HP Storage related capabilities provided by the plug-ins continue to exist with newer additions planned for the future to enhance the manageability of HP Storage in Microsoft System Center environments.

OV4SC version 7.6 includes the following new features:

  • New feature for HP OneView SCOM Integration Kit

o HP OneView Storage System Management Pack enables management of HP Storage systems managed by HP OneView

o This Management Pack supports storage alert processing, group diagram, and state monitoring

  • HP Storage SCOM Integration Kit v4.2 (HP Storage Management Pack for Microsoft System Center) and HP Storage SCVMM 2012 Integration Kit v2.2 (HP Storage UI Add-in for Microsoft System Center) are now included with the HP OneView for Microsoft System Center zip file download
  • Support for drivers and firmware updates from SPP 2015.06.0 in the HP ProLiant Updates Catalog
  • Support for HP OneView 1.20.05 or later (Hyper-V and VMware appliances)
  • Support for the new SCCM service pack releases from the Microsoft – SCCM 2012 SP2 and SCCM 2012 R2 SP1
  • Fixes in the HP Agentless Management pack reporting incorrect OS information when Agentless client is running VMware ESXi 6.0, Windows 7, or SLES 12 OS
  • Fixed PowerShell exceptions when running ‘hpproliantsccmkit-install.ps1’ installer script from the HP ProLiant SCCM 2012 Integration Kit.
    • Note that you must install System Center Configuration Manager Cmdlet Library at https://www.microsoft.com/en-us/download/details.aspx?id=46681 on the applicable SCCM console systems before installing the HP ProLiant SCCM 2012 Integration Kit. Refer the support matrix section in the HP ProLiant SCCM 2012 Integration Kit User Guide for more details
    • HP ProLiant SCCM 2012 Integration Kit does not support SCCM 2012 SP1.
  • Added HP ProLiant DL560 Gen9, DL580 Gen9 and BL660c Gen9 servers support to the HP ProLiant SCCM 2012 Integration Kit and HP ProLiant SCVMM 2012 Integration Kit
  • Added HP ProLiant BL660c Gen9 server support to the HP SCVMM 2012 Console Integration Kit

For more details please refer to the following pages:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=Z7500-63235

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=System_Center

Sample screenshots: Master Installer

image

Sample screenshots: Unified Group Diagram view
image.png

Seems pretty good changes to me. What do you think?

Cloud Consistency with Azure Resource Manager Whitepaper

I was a little bit busy these days so I’ve forgot to blog about something very important. We’ve released Cloud Consistency with Azure Resource Manager Whitepaper. The whitepaper is authored by Kristian Nese and Flemming Riis.

My participation in it is as contributor. Think for this whitepaper as a service. With time we will update it and add new things. I hope you will like it. Now go and grab it.

Open Sourcing Download All Microsoft SCOM MPs Script

I am open sourcing download the script that I’ve created for downloading all Microsoft SCOM MPs. Open sourcing is meant to be a joke of course. It is a script with code that is available for viewing and changing as whatever serves your purpose since its creation. The difference is that I am moving to GitHub so it will be easier for contribution by all. There is not new version but you can find all code here. The TechNet gallery page will be left as placeholder but will not contain the script anymore. You can find a link to GitHub repository there as well.  I hope this change is welcome.

Updated: OMSSearch PowerShell Module

You may ask what an MVP does on a rainy day? Probably a good answer will be: Trying to make your life easier?.

AS Microsoft published more information on the Operations Management Suite API I’ve decided to take a look update the OMSSearch PowerShell module. I’ve added –Start, –End and –Top parameters to Execute-OMSSearchQuery so you can make more granular searches. Also Stefan Stranger helped by adding Get-OMSWorkspace cmdlet. You will find all information and new version on Github.

Programmatically Search Operations Management Suite

At Ignite Jo Chan showed us how we can now execute Search queries trough Operations Management Suite API which is basically Azure Resource Manager API. He demonstrated that with a tool called ARMClient. That tool seems nice but I wanted to get results with PowerShell as it is more familiar to me.

Searching over Internet I’ve found ARMPowerShell Module. I’ve installed the module and with simple command like Connect-ARM I was able to authenticate. Look trough Jo’s examples from Ignite I’ve managed to get results with the following commands:

Connect-ARM
$Subscription = $ARMSubscriptions.Values | where {$_.DisplayName -eq “Visual Studio Ultimate with MSDN”}
$ResourceGroupName = “oi-default-east-us”
$OMSWorkspace = “test-stan”
$SubscriptionID = $Subscription.subscriptionId
$BaseSavedSearches = “/subscriptions/$SubscriptionID/resourcegroups/$ResourceGroupName/providers/microsoft.operationalinsights/workspaces/$OMSWorkspace/savedSearches”

$OMSSavedSearches = Execute-ARMQuery -SubscriptionId $SubscriptionID `
                                     -HTTPVerb       Get `
                                     -Base           $BaseSavedSearches `
                                     -APIVersion     “2014-10-10″

$BaseSearch = “/subscriptions/$SubscriptionID/resourcegroups/$ResourceGroupName/providers/microsoft.operationalinsights/workspaces/$OMSWorkspace/search”
$Query = “shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer”
$OMSSearchResult = Execute-ARMQuery  -SubscriptionId $SubscriptionID `
                                     -HTTPVerb       Post `
                                     -Base           $BaseSearch `
                                     -Data           @{Query=$Query} `
                                     -APIVersion     “2014-10-10″

Unfortunately this module requires some user interaction. For example Connect-ARM pops up a prompt for entering your credentials. And I’ve wanted to be able to query the OMS API from Azure Automation. This lead me to writing my own small OMS module.

First I needed to find a way to authenticate and get token so I can execute web requests with Invoke-WebRequest. On StackOverflow I’ve found the following code. This allows me to get token from Azure AD. What I’ve needed is to load ADAL assembly. In my module I’ve wrote a function Import-ADALDll to do that. For that function and for the Azure Automation module I borrowed some code from my friend and fellow MVP Tao Yang. To get Token I’ve wrote a separate function called Get-AADToken. Now that I have those two pieces in hand I’ve wrote two other functions:

  • Get-OMSSavedSearches – This will return all Saved Searches in your OMS workspace. I thought that it will be useful as you can get the actual query and use it later. Result is returned as object.
  • Execute-OMSSearchQuery – With this function you will be able to execute queries. Simple as that. Results are returned as object.

The module I’ve created is called OMSSearch and you can find it in GitHub along with small documentation.

After you archive the files from Github into OMSSearch.zip file you can upload that file as module in Azure Automation:

image 

When the module is uploaded you will be able to create OMS Connection. OMS Connection probably is not the right term but here is how mine looks:

image

You have TenantADName which represents the UPN suffix that is attached to the accounts you create in your Azure AD. You will also create Azure AD account that has co-administrator rights in your subscription or owner/contributor rights on the resource group where your OMS workspaces is located.

You will enter the credentials for that account in the OMS Connection.

Besides those two there are some other prerequisites that you need to have. You can find those in the GItHub page.

After that a simple Runbook like this will returned saved searches:

workflow Get-SavedSearches
{  
    $OMSCon = Get-AutomationConnection -Name ‘stasoutlook’
    $Token = Get-AADToken -OMSConnection $OMSCon
    $subscriptionId = “3c1d68a5-4064-4522-94e4-e0378165555e”
    $ResourceGroupName = “oi-default-east-us”
    $OMSWorkspace = “test”    

    Get-OMSSavedSearches `
        -OMSWorkspaceName $OMSWorkspace  `
        -ResourceGroupName $ResourceGroupName `
        -SubscriptionID $subscriptionId `
        -Token $Token
}

image

The other example is with executing queries:

workflow Get-RestartedServers
{  
    $OMSCon = Get-AutomationConnection -Name ‘stasoutlook’
    $Token = Get-AADToken -OMSConnection $OMSCon
    $subscriptionId = “3c1d68a5-4064-4522-94e4-e03781655555e”
    $ResourceGroupName = “oi-default-east-us”
    $OMSWorkspace = “test” 
    $Query = ‘shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer’

    Execute-OMSSearchQuery -SubscriptionID $subscriptionId `
                           -ResourceGroupName $ResourceGroupName    `
                           -OMSWorkspaceName $OMSWorkspace `
                           -Query $Query `
                           -Token $Token
}

image

Hope you will find this module useful until may be we have Azure cmdlets for OMS.

Windows Firewall Auditing with Operations Management Suite Part 2

While I was writing the previous blog on that subject I’ve remembered that I’ve forgot writing on another tip with Windows Firewall auditing. This tip is a small one. You can easily gather log data about Windows Firewall Port changes by adding the following log:

  • Microsoft-Windows-Windows Firewall With Advanced Security/Firewall

image

That way when someone adds/removes or modifies Windows Firewall rules you will see them in OMS and audit them:

image

Have fun analyzing logs.

Windows Firewall Auditing with Operations Management Suite

I was browsing trough Operations Management Suite and in the Security and Audit Solution I’ve noticed something new. There was a tile with text “Distinct IP Addresses Accessed”.

image

When I first saw that tile my number was 0. Clicking on the tile lead me to the following query:

Type=WindowsFirewall CommunicationDirection=SEND | measure count() by RemoteIP

This hinted me that this information is not coming from Security event log. Logging to a server where I have the Microsoft Monitoring Agent installed I was able to find the Management Pack that gathers that log:

image

This also showed me from where those events are taken. Quick search over Internet I’ve found how to enable those logs with group policy. You need to create or use existing group policy. Edit the group policy. Go to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Windows Firewall with Advanced Security –> Windows Firewall with Advanced Security. On that page you will see a link Windows Firewall Properties:

image

Clicking on it will allow you to configure logging for every Windows Firewall Profile – Domain, Private and Public.

image

When you click customize you can configure the location of the logs, in what size the logs are created and should dropped packets be log and or successful connections as well.

image

You can leave the location not configured as this will use the default one and that is what we need. I lower the limit to lower size because OMS will pick only the old non-active logs. And I also enable dropped packets and successful connections.

You can enable the same settings on specific profile or on all Windows Firewall profiles.

After enabling this policy on the servers of your choice you will start to see that tile populated and of course when you click on the tile a query will be executed and will show results:

image

Hope this will be helpful for you in enabling OMS.