Hi SCOM Forum peeps. I have a question to ask regarding SCOM and Edgesight 5.4 We have a multi-tenanted SCOM installation and one client wants Edgesight to be monitored. The issue is that they are both in seperate domains/forests and there are no trusts between the domains and these will not be created. We have followed all of the steps within the edgesight guide including the security considerations. I cannot see of a way of doing this if the Edgesight and SCOM are in seperate domains without any trusts. Any help,pointers or a simple it won't work! Will be greatly appreciated Thanks Simon

Hi Simon If you want to monitor the Edgesight server in a different domain please use the scom certificate other wise if more servers you need to monitor then use SCOM Gateway server. Donald D'souza (http://donald-scom.blogspot.com/)

Hi Simon If you want to monitor the Edgesight server in a different domain please use the scom certificate other wise if more servers you need to monitor then use SCOM Gateway server. Donald D'souza (http://donald-scom.blogspot.com/)

Hi Simon - Donald is right on - you will need to use SCOM's certificate-based method of authentication to manage the Edgesight application which is in the other domain. Here is a comprehensive step by step to deploy ceritificates to an agent: http://blogs.technet.com/b/quenguyen/archive/2011/07/13/monitoring-non-domain-servers-using-scom.aspx At the end of that checklist is a list of other links that cover all aspects of monitoring resources in untrusted domains using SCOM.John Joyner MVP-SC-CDM

Hi Simon - Donald is right on - you will need to use SCOM's certificate-based method of authentication to manage the Edgesight application which is in the other domain. Here is a comprehensive step by step to deploy ceritificates to an agent: http://blogs.technet.com/b/quenguyen/archive/2011/07/13/monitoring-non-domain-servers-using-scom.aspx At the end of that checklist is a list of other links that cover all aspects of monitoring resources in untrusted domains using SCOM.John Joyner MVP-SC-CDM

Guys Have a gateway in place that gets all of the alerts back to the management server and RMS. That all works fine, the issue is monitoring edgesight 5.4 using the scom connector supplied by Citrix. it seems that there needs to be an account that can work in both domains, with admin rights to the edgesight server and access to put data into the database. with the edgesight server and RMS/SCOM database being in seperate domains with no trusts I dont see how this can be achieved. So in short Edgesight5.4 server in Domain 1 has the SCOM console installed and can see the RMS so that the console works. SCOM RMS and DB in Domain 2. There are no trusts between the domains. There is a gateway in domain 1 that is fully certificated and working - alerts are coming back from servers in domain 1 without issue. The problem is the edgesight scom connector - this needs to use an account the has the following: EdgeSight Alert Action The Alert Action includes credentials used for authentication. This account must be a member of the Operations Manager Administrators role to access the SDK Service. This account must also be a member of the administrators Local Group on the EdgeSight Server so that the alert action can spawn a local process. The low-privilege section describes the minimum permissions required by this account. Low-privilege Environments The minimum privileges required by the SCOM administrator account are: Domain: Member of the Domain Users Global GroupOperations Manager: Member of the Operations Manager Administrators roleEdgeSight for XenApp 5.0 or later: Member of the Administrator Local Group on the EdgeSight Server I cannot see a way to get this to work if there are no trusts between the domains