OpsMgr by Example: Monitoring Web Applications

Operations Manager 2007 includes built-in website monitoring functionality (similar to that provided by MOM 2005’s Web Sites and Web Services MP), using the "Web Application" Management Pack Template. This functionality is quite useful for monitoring web sites. The template records where you go with your browser (to use this functionality you need to configure your browser, in Internet Explorer under Tools -> Internet Options -> Advanced -> Enable third party browser extensions (requires restart) in both IE 6 and IE 7). Web Applications are created in the Operations console under Authoring -> Management Pack Templates -> Web Application.

We decided to start simple, and then move into more complex monitoring configurations.

Starting simple was developing a web application that monitors a single webpage (such as www.google.com or www.microsoft.com) without requiring authentication. There is a great write-up available at http://www.technotesblog.com/?p=432 which provides an step-by-step process to create monitoring for a single web page. We used www.google.com in our particular example, and as in the TechNotesBlog example (which uses the Microsoft website), we disabled link tracking.

Getting more complex: once our application was in a working state we went to the next step that we wanted to test – monitoring the OpsMgr Operations Web console. Since the Operations Web console requires authentication, the monitoring setup is more difficult. We created a new Web Application called Operations Web console (and stored it in a new, non-default management pack), and had the application browse to http://(servername):51908/default.aspx for the Operations Web console. We created the Web Application using the default configurations and ran it on Windows 2003, Windows XP and Windows Vista workstation systems (one of each for testing purposes). Each of these systems went to a critical status due to an access is denied message.

You can check the status of the monitored web sites by navigating in the Operations console to Monitoring -> Web Application -> Web Application State. You can also right-click and open the performance view for any of these and receive a large number of performance information is collected, check the graphic for an example.

Resolving the security issue required creating a Run As Account of type Windows (under Administration -> Security -> Run As Accounts), using an account with permissions to access the Operations Web console. We then configured this account to be used by the Web Application in the Authoring section under Authoring -> Management Pack Templates -> Web Application:

  • Edit the web application settings for the Operations Web console just created
  • Select the General tab to configure its settings, select the authentication method of NLTM and specify the account created to monitor the web site

After going back to monitoring section (Operations Console -> Monitoring -> Web Application -> Web Application State) and waiting a little bit, the Operations Web console monitor went to green.

To get even more complex, we created a web test that used the recorder. The Reporting Server was a good test for this. The URL for the Reporting Server is located under Administration -> Settings -> Reporting. In our testing environment this has a value of http://QUICKSILVER:80/ReportServer. To record, we started with http://QUICKSILVER/Reports and worked from that point. We opened up a graphic, and a folder, and a report during the capture process. Running a report would also be an option, but as this would run on a regular basis (every few minutes) we did not want to create that level of overhead with our monitoring. We configured the authentication method (NTLM and the account we previously created) and the watcher node. We then checked its status in the Health Explorer (see graphic), all were green.

Lessons Learned:

The systems performing the watcher function did not have any customizations made to their browsers, such as adding the browser location to the trusted sites. Some servers would work well as watchers and other would not (in our case the Root Management Server). We were unable to identify a specific reason for this.

Don’t test authentication items within the Web Application creator. It brings up a pop-up that warns “Running a test of this web application may fail. While running the test, credentials that have been configured for this web application will not be used. If the site you are testing does not explicitly require authentication, the test may still succeed.” Test these by actually checking their alerts and status on the monitoring tab.

If the site requires authentication to get to it, you need to configure authentication for the web tests. Check IIS to see what type it allows and provide a match (NTLM = Integrated Authentication in this particular case).

This entry was posted in Tuning and Configuration. Bookmark the permalink.

2 Responses to OpsMgr by Example: Monitoring Web Applications

  1. David says:

    i guess it doesnt test Kerberos enabled sites right? I dont use NTLM anymore.

  2. Operations says:

    possible authentication methods are None, Basic, Digest, Negotiate, and NTLM.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s