OpsMgr and Anti-Virus Configurations

SUMMARY

Most organizations run anti-virus (AV) software on their servers and workstations to detect and fix computer viruses. However, running antivirus software on server software systems such as Operations Manager can cause data corruption and have a detrimental effect on performance.

MORE INFORMATION

There are particular folders and files that should be excluded from anti-virus scanning.

  • These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb.
  • You will also want to exclude queue and log files used by Operations Manager from anti-virus scanning.
  • These include but are not limited to files under %ProgramFiles%\System Center Operations Manager\Health Service State\ and its subdirectories.
  • Other areas to exclude from scanning is the OpsMgr install and wbem directories.
  • You will want to exclude the page file from anti-virus scanning and the Windows temp directory (%windirtemp%) as well.

If you use a firewall, you will need to open up the ports for installing the agent (135), client communication (5723), email communication (25), and potentially others. The ports used by Operations Manager 2007 are listed in Table 1.

Table 1. Communication Paths and Ports

From Component

To Component

Bidirectional?

TCP Port

Root Management Server (RMS) or Management Server (MS)

Operational Database (Ops DB) and Data Warehouse (DW DB)

No

OLEDB 1433 (SQL); in a cluster the second node requires a unique port number

RMS

MS or Gateway Server

Yes

5723

Operations console

RMS

No

5723

Agent

RMS, MS, or Gateway

No

5723

Reporting Server, Web Console Server

RMS

No

5724

Connector Framework Source

RMS

No

51905

Agentless Exception Monitoring (AEM) Client

AEM file share on
RMS or MS

Yes

SMB 445, 51906

Software Quality Metrics (SQM) Client

SQM Endpoint

No

51907

Web console

Web Console Server

No

HTTP 51908

Audit Collection Services (ACS) Agent

ACS Collector

Yes

51909

ACS Collector

ACS DB

No

OLEDB 1433 (SQL)

Reporting Server

DW DB

No

OLEDB 1433 (SQL); in a cluster the second node requires a unique port number

Operations console

Reporting Server

No

HTTP 80

UPDATE 7/21/08: Rod Trent recently posted an article on recommended antivirus exclusions, see http://myitforum.com/cs2/blogs/rtrent/archive/2008/07/18/recommended-antivirus-exclusions-for-opsmgr.aspx.

Advertisements
This entry was posted in Operations Manager 2007. Bookmark the permalink.

2 Responses to OpsMgr and Anti-Virus Configurations

  1. Derek says:

    Does the SCOM agent use UDP 5723 for heartbeat communications? I know MOM used a UDP port for the heartbeat. IANA has 5723 UDP registered for SCOM use and I\’ve seen one mention of the UDP port for heartbeat. But your table doesn\’t mention it, so now I\’m not sure.

  2. Operations says:

    Yes it is port 5723. The table included with this article is only a partial port listing. The System Center Operations Manager 2007 Unleashed book contains a full listing 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s