Hi,

I am planning a deployment of SCOM 2012 R2 and have several questions regarding the appropriate placement of management and gateway servers.

The environment has multiple untrusted domains and need to monitor both Windows and Linux computers on both sides of the firewall. The main domain has 1500 Windows computers and 1300 Linux computers. The untrusted domain has 250 Windows servers and 450 Linux servers.

It is understandable that gateway servers are utilized to communicate across the firewall.

The questions are:

1. Is it possible to locate one or more management servers in the untrusted domain for the Linux servers and another management server to work with the Windows servers and have those management servers in the untrusted domain communicate through the firewall via gateway servers to the databases in the main domain?

2. If it is not possible to have management servers in the untrusted domain communicate via the gateways; how many gateways would be required to relay to the management servers in the main domains management group?

3. With the number of Linux servers in the untrusted domain is it better to install a separate management group there?

Thanks, for any advice in dealing with the above scenario.

--SG

Hi,

Multiple gateway servers can be placed in a single domain so that the agents can failover from one to the other if they lose communication with one of the gateway servers. Similarly, a single gateway server can be configured to failover between management servers so that no single point of failure exists in the communication chain.

We can have multi gateway servers in untrusted domain. And we may configure agent report to a specified Gateway Server and configure them to be able to failover to another Gateway Server.

Please refer to the links below for more details:

To configure agent failover to multiple gateway servers

https://technet.microsoft.com/en-us/library/hh212733.aspx?f=255&MSPPError=-2147217396

http://blogs.technet.com/b/jimmyharper/archive/2010/07/23/powershell-commands-to-configure-gateway-server-agent-failover.aspx

Regards,

Yan Li

Hi There,

Microsoft recommends you to place all the management servers in the same data center so if 1 goes down the other comes to know about it asap.

If you place it in another location then fail over may happen late.

Also you have mentioned to place the management servers in another domain, Which is possible but you need to have trust and permission stuff which is a very hectic work.

So i would suggest you to place gateways as it will help in compression if the network bandwidth is low between the domains and sites.

And based on the MS's Sizing and management options a Gateway server can manage 100 Unix boxes for a dedicated gateway server and 500 per management server on the same domain.

So based on your situation as below:

1300 Linux - Same domain

450 - Different domain

3 Management servers for the main domain for dedicated Linux

1 MS For Windows Agent monitoring.

Totally 4 in a management group for the same domain one.

1 Separate management group with 1 MS will be fine for dedicated Linux monitoring for the 450 servers in the other domain.

If you want to still place gateways then you will need to place 5 Gateway servers which is difficult to manage.

Operations Manager supports the following number of monitored items.

Refer the below link for the managing details: https://technet.microsoft.com/en-us/library/dn249696.aspx?f=255&MSPPError=-2147217396