Friday, February 25, 2011

Clustering the SCOM 2007 R2 RMS Role on a Microsoft SQL 2008 R2 Cluster (Part 2)

If you have followed Part 1 of this series of posts, then at this point you will have your SQL 2008 R2 cluster built and tested. This will allow us to now move on with the configuration of the SCOM 2007 R2 RMS cluster configuration.



How to Cluster the SCOM 2007 R2 RMS Role into an existing SQL 2008 R2 Cluster


  • Install Windows Server 2008 R2 Enterprise onto two nodes
  • Add at least 2 NIC’s to each node
(You can add more NIC's if you want to specify a Heartbeat network but this is optional)
  • Configure NIC 1 with a local IP subnet for the domain to be used for Management
  • Configure NIC 2 with an IP for your ISCSI / Fiber subnet
  • Present the ISCSI or Fibre Channel storage LUN and Quorum to each node (i.e. 1 x StorageLUN, 1 x Quorum)
  • Install Windows Failover Clustering on each node

Service Account Preparation:

Create the 5 SCOM user accounts in Active Directory following the guide below:       

To prepare accounts and groups in Active Directory:


·    In Active Directory Users and Computers, create five accounts: the Management Server Action account, the SDK and Configuration Service account, the Data Reader account, the Data Warehouse Write Action account, and an Operations Manager Administrator account. These can all be domain user accounts. No special privileges are required at the domain level. Try to stick to the same naming convention for each new installation of SCOM using similar account to these:

  •       srv_scom_action (SCOM Action Account)
  •       srv_scom_sdk (SCOM SDK Account)
  •       srv_scom_dataread (SCOM Data Warehouse Read Account)
  •       srv_scom_datawrite (SCOM Data Warehouse Write Account)
  •       srv_scom_admin (SCOM RunAs Admin Account)
(If you have a domain password expiration Group Policy in place and you do not want to change these service account passwords on the same schedule, select Password never expires for the individual accounts.)


  • In Active Directory Domain Services, create a Global Security group for the Operations Manager Administrators. If you plan to use of any of the other Operations Manager 2007 R2 roles, create e-mail-enabled Global Security groups for those also.


Use similar to:   srv_scomadmin_group (SCOM Administration Security Group)


  • Add the Operations Manager Administrator Account (srv_scom_admin) to the Operations Manager Administrators Global Security group.

To prepare accounts and groups on the Operations Manager server:

  • On the server that you are going to install Operations Manager on, log on with an account that has local administrator rights.
  • In the Computer Management tool, under Local Users and Groups, open the Administrators group and add the Operations Manager Administrators Global Security group that you created in step 2 of "To prepare accounts and groups in Active Directory." Also add the accounts that you created to use as the Management Server Action account, the SDK and Config account, the Data Reader account, and the Data Warehouse Write Action account.

To configure the SDK Service Account to create SPNs dynamically, follow these steps:

1. Click Start, click Run, type Adsiedit.msc, and then click OK.

2. In the ADSI Edit snap-in, expand Domain [DomainName], expand DC= RootDomainName, expand CN=Users, right-click CN= AccountName, and then click Properties.

Notes
  • DomainName is a placeholder for the name of the domain. 
  • RootDomainName is a placeholder for the name of the root domain. 
  • AccountName is a placeholder for the account that you specify to start the SDK service. 
  • If you specify the Local System account to start the SDK service, AccountName is a placeholder for the account that you use to log on to Microsoft Windows. 
  • If you specify a domain user account to start the SDK Service, AccountName is a placeholder for the domain user account. 

3. In the CN= AccountName Properties dialog box, click the Security tab.

4. On the Security tab, click Advanced.

5. In the Advanced Security Settings dialog box, make sure that SELF is listed under Permission entries.

(If SELF is not listed, click Add, and then add SELF. )

6. Under Permission entries, click SELF, and then click Edit.

7. In the Permission Entry dialog box, click the Properties tab.

8. On the Properties tab, click This object only in the Apply onto list, and then make sure that the check boxes for the following permissions are selected under Permissions:

  • Read servicePrincipalName 
  • Write servicePrincipalName 

9. Click OK three times, and then exit the ADSI Edit snap-in.

That completes Part 2 of this blog series on Clustering the SCOM 2007 R2 RMS Role on a Microsoft SQL 2008 R2 Cluster. In Part 3 we will discuss how to manually create the SQL 2008 R2 databases SCOM requires using the 'DBCreateWizard' utility.

No comments:

Post a Comment