Integrating with Microsoft SCOM

As a tenant administrator, it's important that you can monitor the connected systems and quickly identify and resolve any issues. The BMC Helix Intelligent Integrations Microsoft SCOM connector collects events, metrics, and topology data from Microsoft SCOM.

Related topics

Editing-and-deleting-integrations

Monitoring BMC Helix Intelligent Integrations

You can view the collected data in various BMC Helix application and derive the following benefits: 

BMC Helix application

Type of data collected or viewed

Benefits

BMC Helix Operations Management

Events

Use a centralized event view to monitor and manage events, perform event operations, and filter events. Identify actionable events from a large volume of event data by processing events.

For more information, see  Monitoring events and reducing event noise..

BMC Helix Operations Management

Metrics

Detect anomalies and eliminate false positives. Use alarm and variate policies to detect anomalies through static and dynamic thresholds.

For more information, see Detecting anomalies by using static and dynamic thresholds..

BMC Helix Discovery

Topology

  • Import all CIs from Microsoft SCOM in BMC Helix Discovery
  • Visualize automatically created service models in BMC Helix Discovery

For more information, see Managing your IT infrastructure..

BMC Helix AIOps

Situations (created from events)

  • Improve the mean time to resolve (MTTR) based on the situation-driven workflow
  • Lower the mean time to detect or discover (MTTD) and the time required for investigating tickets.

For more information, see Monitoring situations..

BMC Helix AIOps

Services (created from topology)

Perform root cause analysis of the impacted services.

For more information, see Performing causal analysis of impacted services..

As a tenant administrator, perform the following steps to configure a connection with Microsoft SCOM, verify the connection, and view the collected data in various BMC Helix applications.

ConnectorSteps.png

Supported versions

This connector supports the following versions of Microsoft SCOM for data collection:

  • 2022
  • 2019 

Task 1: To plan for the connection

Review the following prerequisites to help you plan and configure a connection with Microsoft SCOM:


Microsoft SCOM prerequisites

  • The database user that you plan to use for the connection is assigned the read-only role to the Microsoft SCOM's OperationsManager database (default database name).
  • If the database user is an Active Directory user, ensure that both the BMC Helix Intelligent Integrations on-premises server and the OperationsManager database server belong to the same domain. No such restrictions are applicable if the database user is an SQL user.


BMC Helix Intelligent Integrations prerequisites

  • Depending on the location of the third-party product (SaaS, on-premises), choose one or more BMC Helix Intelligent Integrations deployment modes and review the corresponding port requirements. For information about various deployment modes and port requirements, see Deployment scenarios.
  • Based on the deployment mode, use the BMC Helix Intelligent Integrations SaaS deployment or the BMC Helix Intelligent Integrations on-premises gateway or both. For more information about the gateway, see Deploying the BMC Helix Intelligent Integrations on-premises gateway.
  • The on-premises gateway must be able to reach the third-party product on the required port (default is 1433).

In the preceding list, third-party product refers to Microsoft SCOM. 

Task 2: To configure the connection with Microsoft SCOM

  1. Depending on the deployment mode, perform one of the following steps to access BMC Helix Intelligent Integrations:
    • BMC Helix Intelligent Integrations SaaS – Log on to BMC Helix Portal, and click Launch on BMC Helix Intelligent Integrations.
    • BMC Helix Intelligent Integrations on-premises gateway – Use the following URL to access BMC Helix Intelligent Integrations: https://<hostName>:<portNumber>/swpui
  2. On the CONNECTORS tab, click add_icon.pngin the SOURCES panel.

  3. Click the 

    Microsoft SCOM

     tile.

  4. Specify the source connection details:

    1. Specify a unique instance name.

      Best practice
      We recommend that you specify the instance name in the following format:

      <sourceType>_<sourceControllerServerName>_<InstanceQualifier>

      The instance qualifier helps you to distinguish the multiple instances configured from the same source server. For example, you can name your instances as MSSQLSERVER_PROD and MSSQLSERVER_TEST.

    2. Specify the OperationsManager database host name and SQL Server port number (default value is 1433).
    3. Specify the database user name and password.

    4. Select the Windows Authentication option if the specified database user is Service Account user. 
      If you don't select this option, the database user is an SQL Server user and SQL authentication is used as the connection method.

      Important

      • If you select the Windows Authentication option, make sure that the user can access the Microsoft SCOM REST API.
      • If you do not select the Windows Authentication option, make sure that the database user you want to use for the connection is assigned the read-only role for Microsoft SCOM's OperationsManager database (default database name).

       

    5. Specify the authentication domain name if you plan to use the Windows authentication.
    6. Specify the Microsoft SCOM database name.
    7. Specify the Microsoft SCOM database instance name.
    8. Specify the time, in seconds, after which no attempt should be made to establish a connection (default value is 30 seconds).
    9. Select the Encrypt Connection option to establish a connection with Microsoft SCOM database if it has TLS protocol enabled.
  5. Click VALIDATE AND CREATE.
    The specified connection details are validated and the corresponding source connection is created in the Source Connection list.

  6. Verify that the source connection you created is selected.

    Important

    The destination host connection is created and configured automatically for each tenant when the source connection is created.

  7. Verify that the options for the datatypes for which you want to collect data are selected.

  8. Click a data type and specify the configuration parameters in the Collectors section as described in the following table:

    Parameter name

    Description

    Data type

    MS SCOM Events
    (JDBC Pull)

    MS SCOM Metrics
    (JDBC Pull)

    MS SCOM Topology (JDBC Pull)

    Collection Schedule

    Select one of the following options to specify the data collection frequency:

    • Duration: When you select this option, data collection happens constantly. Specify the schedule in minutes, hours, or day. 
      Default: 5 minutes
      Example:
      Collection Schedule is set to 5 mins.
      Current time is 00:30.

      If you run the collector just after 00:30, data is collected every 5 mins, first at 00:30 and next at 00:35, and so on.  

    • Cron schedule: When you select this option, data collection happens periodically. Specify the schedule by using a cron expression.
      A cron expression is a string consisting of five subexpressions (fields) that describe individual details of the schedule.  These fields, separated by blank spaces, can contain any of the allowed values with various combinations of the allowed characters for that field.
      Default: */5 * * * * (evaluates to 5 minutes)

      Format:
      Minutes Hours (24-hour format) Day of Month Month Day of Week

      Example:
      If you specify 10 15 3 7 * , data is collected at 15:10 hours every third day in the month of July.

    For more information about how this parameter affects data collection, see Data collection schedule.

    ✅️

    ✅️

    ✅️

    Data Collection Window

    Specify the historical time period (in minutes) from the current time for which the data should be collected from Microsoft SCOM. 

    Default: 5 minutes for events and metrics collection, 60 minutes for topology collection

    Example:

    Collection Schedule is set to 5 mins.
     Data Collection Window is set to 5 mins.
     Current time is 00:30.

    If you run the collector just after 00:30, data is collected first at 00:30 for the interval, 00:25 - 00:30, and next at 00:35 for the interval, 00:30 - 00:35, and so on.

    For more information about this parameter, see Data collection window.

    ✅️

    ✅️

    ✅️

    Data Latency

    Specify the time (in minutes) by which the data time window should be shifted back on the timeline.

    This parameter is useful in delayed data availability situations.

    Default: 0 minutes

    Example:

    Collection Schedule is set to 5 mins.
     Data Collection Window   is set to 10 mins.
    Data Latency   is set to 2 mins.
     Current time is 00:30.

    If you run the collector just after 00:30, data is collected first at 00:30 for the interval, 00:18 to 00:28 and next at 00:35 for the interval, 0:23 to 00:33, and so on.

    For more information about this parameter, see Data latency.

    ✅️

    ✅️

    ✅️

    Category

    Select All or a subset of categories from the list.

    This list of categories is updated automatically from Microsoft SCOM

    ✅️

    ✅️

    Severity

    Select one or more event severities from the list.

    ✅️

    Priority

    Select one or more event priorities from the list.

    ✅️

    State

    Select one or more event states from the list. 

    The following event states are supported:

    • Assigned To Engineering 
    • Awaiting Evidence 
    • Closed
    • Scheduled 
    • Resolved 
    • Acknowledged 
    • New, which is equivalent to Open 

    If you want to collect event data for all states (include custom states defined in Microsoft SCOM ) except closed, select the All Alerts Except Closed option.

    Important:

    Use the New or Open option as follows:

    • For an existing Microsoft SCOM connector that is configured in 23.3.02 or earlier versions, the events are collected based on the selection of the Open or Closed option.   
      The New and Open options are equivalent. You can use any one of them to filter the events. The Open option continues to display until you remove that option manually by clicking the adjacent icon icon_cross.png. From this point onwards, you need to select New instead of Open.
    • If you create a new Microsoft SCOM connector in 23.4.00 and later versions, you can see the New option i nstead of Open

    ✅️

    ManagementPack

    Select one or more management packs from the list.

    This list of management packs is updated automatically from Microsoft SCOM

    ✅️

    ✅️

    ResourceGroups 

    Specify the names of the SCOM resource groups for which you want to collect events and metrics data. Use comma ( , ) as a separator to specify multiple resource groups.

    Data collection is determined by a combination of the specification here and the selecting or clearing of the  UseResourceGroups and Directly Impacted Resource Group Members Only checkboxes.

    For details, see Data collection scenarios.

    ✅️

    ✅️

    ✅️

    UseResourceGroups 

    Select this option to confirm data collection for the resource groups specified in the ResourceGroups field. 

    Data collection is determined by a combination of the specification in the ResourceGroups field and the selecting or clearing of the UseResourceGroups and Directly Impacted Resource Group Members Only checkboxes.

    For details, see Data collection scenarios.  

    ✅️

    ✅️

    ✅️

    Directly Impacted Resource Group Members Only

    Select this option to collect data for only those resource group members that are directly connected to a resource group.

    Data collection is determined by a combination of the specification in the ResourceGroups field and the selecting or clearing of the UseResourceGroups and Directly Impacted Resource Group Members Only checkboxes.

    Example 1: 

    A resource group, RS1, has two virtual machines as group members: VM1 and VM2. VM1 has an associated printer, P1. Data is collected only for VM1 and VM2 and not for P1 if this checkbox is selected.

    Example 2:

    The resource group, RS1, has two subgroups: SG1 and SG2. SG1 has two virtual machines: SG1VM1 and SG1VM2, and SG2 has one router, SG2R1. Data is collected for SGVM1, SGVM2, and SHG2R1 if this checkbox is selected.

    For details, see Data collection scenarios

    Tip: To view the members of a resource group that can be considered as directly connected members, click the View Group Members option for the group in the Microsoft SCOM user interface.

    ✅️

    ✅️

    ✅️

    (Applicable for 25.1.02 and later versions)

  9. Click CREATE COLLECTORS to create the required collector streams for the selected data types.
  10. Click a data type and specify the configuration parameters in the Distributors section as described in the following table:
    Parameter name
    Description
    Max Batching Size
    Specify the maximum number of data items to send in a single POST request to the destination API.
    The batch size     depends on the destination’s ability to buffer the incoming data.Default: 250
    Max Batching Delay
    Specify the maximum time (in seconds) to wait before building and processing a batch.Default: 3 seconds 
    Base Retry Delay
    Specify the initial time (in seconds) for which to wait before retrying to build and process a batch.
    The waiting time increases in the following sequence: n1, n2, n3, and so on, where n indicates the number of seconds.Default: 2 secondsExample:Base Retry Delay is set to 2 seconds.Retry is performed after 2, 4, 8, 16, ... seconds.
    Max Intra-Retry Delay
    Specify the maximum limit for the base retry delay. Default: 60 secondsExample:Max Intra-Retry Delay is set to 60 seconds.
    Base Retry Delay is set to 2 seconds.Retries are performed 2, 4, 8, 16, 32,... seconds later.
    Max Retry Duration
    Specify the total time for retrying a delivery. For REST destinations, a delivery is a batch of data items in one POST request. Default: 5 minutesExample:Max Retry Duration is set to 8 hours.
    Base Retry Delay is set to 2 seconds.Requests are sent for 2+4+8+16+32+64+132... until 8 hours in total duration is reached. After that, no subsequent attempts are made to retry the delivery.The assumption here is that if there is an outage or other issue with the destination tool, recovery should take less than the value of the Max Retry Duration parameter to be completed.
    Attributes To Be Dropped When Updating Events
    Specify the event attributes that you do not want to be updated in BMC Helix Operations Managementwhen events are updated. For example, if you do not want an event's severity, source address, source category, and subcategory to be updated in BMC Helix Operations Management , you need to specify those attributes in a comma-separated format: severity,source_address,source_category,source_subcategory .Important:You can obtain the event attribute names in BMC Helix Operations Management, by exporting any event data in JSON, BAROC, XML, or CSV format . The exported file contains all attributes of the event data, and from there you can identify the attributes to be dropped. 
  11. Click CREATE DISTRIBUTORS to create the required distributor streams for the selected data types.

  12. Click one of the following buttons:

    • SAVE STREAM: Click this button if you want to edit the integration details before creating the instance. After you save the stream, the connector that you just created is listed in the SOURCES panel. Move the slider to the right to start the data stream.
    • SAVE AND START STREAM: Click this button if you want to save the integration details and start receiving data immediately.

    Important
    For a data stream, the Run Latency (max/avg), Items (Avg per Run), and Last Run Status columns on the Streams page might show the status as No Runs during the data collection process. After completion of the process, these columns are updated with an appropriate status.

    For more information about data streams, see Starting-or-stopping-data-streams. 

Data collection scenarios 

The following table lists the data collection scenarios based on the specification in the ResourceGroups field, and the selecting or clearing of the  UseResourceGroups and Directly Impacted Resource Group Members Only checkboxes:

Scenario

Resource Groups

UseResourceGroups

Directly Impacted Resource Group Members only  (Option applicable for topology starting with version 25.1.02)

Events

Metrics 

Topology 

 

1

✅️

✅️

✅️

Data is collected for only those members of the resource groups that are directly connected to the specified resource groups.

The specified management pack is ignored, and data is collected for only those members of the resource groups that are directly connected to the specified resource groups.

The specified management pack is ignored, and data is collected for only those members of the resource groups that are directly connected to the specified resource groups.

2

✅️

✅️

Data is collected for all members of the resource groups that are directly or indirectly connected to the specified resource groups.

Data is collected for all members of the resource groups that are directly or indirectly connected to the specified resource groups.

Data is collected for all members of the resource groups that are directly or indirectly connected to the specified resource groups.

3

✅️

✅️

Data is collected for only those members of the resource groups that are directly connected to the specified resource groups.

Data is collected for only those members of the resource groups that are directly connected to the specified resource groups.

Data is collected for only those members of the resource groups that are directly connected to the specified resource groups.

4

✅️

Data is collected for all resources based on the other filters, such as Category, Severity, Priority, and State.

Data is collected for the specified management packs. If no management packs are defined, no data is collected.

Data is collected for the specified management packs. If no management packs are defined, no data is collected.

5

✅️

✅️

No data is collected.

No data is collected.

No data is collected.

6

❌ 

✅️

 

No data is collected.

No data is collected.

No data is collected.

✅️

Data is collected for all resources based on the other filters, such as Category, Severity, Priority, and State.

No data is collected.

No data is collected.

8

Data is collected for all resources based on the other filters, such as Category, Severity, Priority, and State.

Data is collected for the specified management packs. If no management packs are defined, no data is collected.

Data is collected for the specified management packs. If no management packs are defined, no data is collected.

Task 3: To verify the connection

In BMC Helix Intelligent Integrations, on the SOURCES panel, confirm that the data streams for the integration you created are running. Data streaming is indicated by moving colored arrows.

SCOM_Stream.png

  • A moving dark blue arrow (EventsStream_Icon.png) indicates that the event stream is running. Event data will be pushed according to the configured Collection Schedule interval.
  • A moving red arrow (MetricsStream_Icon.png) indicates that the metric stream is running. Metric data will be pushed according to the configured Collection Schedule interval.
  • A moving light blue arrow (TopologyStream_Icon.png) indicates that the topology stream is running. Topology data will be pushed according to the configured Collection Schedule interval.

To view data in BMC Helix applications

View data collected from Microsoft SCOM in multiple BMC Helix applications.

To view events in BMC Helix Operations Management

  1. In BMC Helix Operations Management, select Monitoring > Events.
  2. Filter the events by the ScomEvent class.
    SCOMEvents.png

Incoming events from Microsoft SCOM are processed in BMC Helix Operations Management through a set of deduplication rules to determine whether the incoming event is a duplicate event or a new event. For more information, see Event-deduplication-suppression-and-closure-for-reducing-event-noise.

For more information about events, see Monitoring and managing events.

To view metrics in BMC Helix Operations Management

  1. In BMC Helix Operations Management, select Monitoring > Devices.
  2. Click the links for the required device.
  3. On the Monitors tab, click the required monitor.
    The Performance Overview tab shows the metrics graph. 
    SCOM_Metrics.png

For information about metrics, see Viewing collected data..

BMC Helix Intelligent Integrationsidentifies all the Microsoft SCOM KPI metrics. All the KPI metrics are prefixed with KPI in BMC Helix Operations Management. You can use these metrics for baselining.

Click here to view the list of KPI metrics
  • Private Bytes
  • LDAP Search Time (ms)
  • I/O Database Writes Average Latency (ms)
  • Private Bytes (%)
  • ASMCU - Active Conferences
  • AVMCU - Total MRAS Request
  • Disk Transfers/sec
  • Available MBytes
  • AVMP - Active Data Channels
  • % Processor Time
  • Working Set
  • DB Active Connections
  • DB Available Space Total (%)
  • Messages in Queue
  • Cpu Usage (%)
  • PercentMemoryUsed
  • BUSYOPTIONS - Total number of calls handled by the Busy
  • Options application
  • Log Free Space (%)
  • DB Used Space (MB)
  • DB Total Free Space (%)
  • DB In-Memory OLTP Data Disk Free Space (%)
  • DB FILESTREAM Data Free Space (%)
  • CPU Utilization (%)
  • Tasks Running
  • PercentBandwidthUsedTotal
  • Segments     eived/sec
  • % Free Space
  • Database Available Space (MB)
  • SQL SENDs/sec
  • Messages Received/sec
  • SQL RECEIVEs/sec
  • I/O Database Reads Average Latency (ms)
  • Sessions In Use
  • Index Size (MB)
  • Transactions/sec
  • SMTP Connections Current
  • DATAMCU - Active Conferences
  • NTLM Authentications
  • Server Sessions
  • Client Connections Count
  • Transfers/sec
  • JOINLAUNCHER - Incoming join requests
  • Total Method Requests/sec
  • Requests/sec
  • Global Catalog Search Time
  • LYSS - Total number of messages enqueued
  • Messages Sent/Sec
  • LYSS - Current percentage of space used by Storage Service DB.
  • Segments Sent/sec
  • Outbound Connections Current
  • Volume Space Utilization
  • XTP Memory Used (KB)
  • Database Size
  • Current Connections
  • Connection Attempts/sec
  • Inbound Connections Current
  • Percent Processor Time
  • EWS Response Time (ms)
  • LDAP Client Sessions
  • MEDIA - Total bandwidth of incoming audio streams in bytes per second
  • MEDIA - Total bandwidth of outgoing audio streams in bytes per second
  • DB File Available Space Total (%)
  • Kerberos Authentications
  • Total Messages Submitted
  • DB File Group Available Space Total (%)
  • SIP - Messages In Server
  • SIP - Average Incoming Message Processing Time
  • DB Log File Available Space Total (%)
  • Used memory (KB)
  • Index location % used
  • Mailbox Database Size (MB)
  • Active Sessions
  • CPU Used By SSRS (%)
  • Active Mailbox Delivery Queue Length
  • WEB - Total Requests/sec
  • WEB - Total Requests In Processing
  • Database modifys/sec
  • Token Requests/sec
  • Total online clients
  • Batches/sec
  • Avg. Batch Processing Time, ms
  • Total Web Application Response Time
  • Current connections
  • DNS Resolution Time
  • Transaction Response Time
  • Duration of Processing (sec)
  • Free space / Percent
  • Storage Virtual Machine Space Utilization
  • Batch Size
  • Memory Used By SSRS (GB)
  • Percent Log Used
  • IPV4Scope-AddressesInUse
  • IPV4Scope-AddressesAvailable
  • Avg. Response Time
  • Open Connection Count
  • Queue Count

To view the topology data in BMC Helix Discovery

In BMC Helix Discovery, select Explore > Data, and click <count> Import Records in the Miscellaneous section. The Import Record List page shows the CI records received from Microsoft SCOM.  For information about records, see Managing your IT infrastructure.

To view services and situations in BMC Helix AIOps

Before you view services and situations in , create a Business Service model in BMC Helix Discovery. For information about creating models, see Managing models.  

In , on the Overview page, view the services and situations for the event and topology data received from Microsoft SCOM. For information about situations, see Monitoring and investigating situations.

Marking devices for deletion in BMC Helix Operations Management

If the devices in BMC Helix Operations Management are not collecting any metrics data for a particular time period, you can mark them for deletion by using the shouldSupportTopologyLifecycle and itemExpiryDuration parameters.

For example, if you want to mark devices for deletion that do not collect any metrics data in 5 hours in BMC Helix Operations Management, set the shouldSupportTopologyLifecycle parameter to true and set the value of itemExpiryDuration parameter to 5 hours.

Important

  • For BMC Helix Intelligent Integrations to identify the device for deletion, a monitored device must receive metrics data at least once after configuring the settings. When this device stops receiving data, it is marked for deletion.
  • If a monitored device stops receiving metrics data before configuring the settings, it is not considered for deletion.

To mark the devices for deletion

  1. Click Configure Mediatoricon_gear.png adjacent to Microsoft SCOM.
  2. Expand the MS SCOM METRICS (JDBC PULL) section.
  3. Click COLLECTOR CONFIGURATION.
  4. Enable the Edit JSON option to view the collection configuration parameters in JSON format.
  5. Set the value of the shouldSupportTopologyLifecycle parameter to true and then click SAVE.
    By default, the value is set to false.
  6. Click DISTRIBUTER CONFIGURATION.
  7. Enable the Edit JSON option to view the distributer configuration parameters in JSON format.

  8. Edit the itemExpiryDuration parameter as shown in the following example:

    "itemExpiryDuration":{
    "unit": "HOURS"
    "value": 5
    }
    • The valid values for unit are SECONDS, MINUTES, HOURS, and DAYS.
    • The default value for itemExpiryDuration is 30 days and the minimum value is 1 hour.
    • If itemExpiryDuration is set to less than 1 hour, BMC Helix Intelligent Integrations considers the value to be 1 hour.
  9. Click SAVE to save the settings. 
  10. Click SAVE & CLOSE.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*