Monitoring Servers on Another Domain
I need to monitor about 300 - 400 servers from another company we merged with that are on a different domain, what would be the best way to add them to the SCOM environment?
My first thought would be to treat them like a DMZ, and just sit a management/gateway server there, but perhaps there is a better way.Paul Arbogast
June 13th, 2011 11:41am
Couple of choices - two way transitive trust would get you a long way if you can do it.
Otherwise, it is an untrusted domain, so you could use a gateway, certificates on the gateway server, and then agents with accounts in that domain (you will have to be given valid other-domain accounts to set up the action accounts etc.
Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2011 12:02pm
Hi Paul
If you have a Forest Level trust in place then you don't need to do anything. A forest level trust supports kerberos so no certificates are necessary.
If there is no Forest Level trust in place then a gateway in the "different domain" is the way to go - agents in the "different domain" can use kerberos to communicate with the gateway and you can configure certificates between the gateway in the
"different" domain and the management servers in the "home" domain.
http://technet.microsoft.com/en-us/library/bb735408.aspx
If you are comfortable with deploying agents to a DMZ and configuring certificates then the process with the gateway will be straight forward.
Cheers
Graham
View OpsMgr tips and tricks at
http://systemcentersolutions.wordpress.com/
June 13th, 2011 12:03pm
In addition, please refer to the following documents and articles:
Multiple Server, Single Management Group Scenario
http://technet.microsoft.com/en-us/library/bb432132.aspx
Deploying Gateway Server on Windows Server 2008
http://technet.microsoft.com/en-us/library/dd789059.aspx
OpsMgr 2007: Monitoring an Agent in a non-trusted domain
http://blogs.technet.com/b/smsandmom/archive/2008/09/10/opsmgr-2007-monitoring-an-agent-in-a-non-trusted-domain.aspx
Monitoring agents in an untrusted domain or workgroup using Operations Manager 2007
http://support.microsoft.com/kb/982910
Hope this helps.
Thanks.
Nicholas Li - MSFT
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2011 11:31pm
Hi Paul
Please feel free to re-open the thread if you have any further questions.
Cheers
GrahamView OpsMgr tips and tricks at
http://systemcentersolutions.wordpress.com/
June 17th, 2011 7:19am