Security & Management

Some Notes for Operations Manager 2007

1. Local Management Group and Connected Management Group=2 Tier Only, CMG and CMG can't communicate. 
2. Raise the Domain Functional Level to other than Windows 2000 Mixed before deployment. No Limitation for Forest Functional Level.
3. Agent/Server mutual authentication is mandated in Operations Manager 2007 for all agent/server communication
4. The certificates used for untrusted Domain scenario must ultimately trust the same root certification authority (CA)
5. Install and add the Gateway Server in the Untrusted Domain.
6. Create a domain security group for the Operations Manager Administrators role before deployment
7. Windows Installer 3.1 required for Agent Installation
8. An agentless managed device must not be separated from its Management Server or proxy agent by a firewall because monitoring is performed over RPC.
9. The action account of the agent that is performing the monitoring must have local administrative rights on the device that is being monitored.
10. Operations Manager 2007 requires SQL Server 2005 Enterprise edition for Audit Collection Services Database
11. SQL Server 2005 SP1 and Cumulative Hotfix Package (build 2153) for SQL Server 2005 required
12. Required to use SQL Server Windows Authentication mode
13. To provide the best recovery experience, configure the OperationsManager database to run in the Full Recovery model
14. SQL Server Service Broker must be enabled
15. Keeping the OperationsManager Database relatively small ensures faster operations
16. SDK and Config Service Account should be Local System when install single Management Server in the environment.
17. Each ACS collector must have its own ACS database.
18. Run the ACS Installation on the ACS Collector.
19. A Gateway server should not be used as an AEM Collector except in the System Center Essentials configuration
20. Business-critical client monitoring allows business-critical clients to be deployed as watcher nodes and run synthetic transactions against IT services. In addition to event and performance data, business critical clients often require audit collection to ensure that compliance requirements are met
21. To use Active Directory to Automatically Assign Agents, Run MOMADAdmim.exe with the Appropriate Parameters to create the OperationsManager Container with the permission in AD. Create the Inclusion or exclusion rule on the management servers. And configure manual installed agent from reject to review