Predictive Analytics for System Center and OMS – The missing piece of the puzzle!

World of IT is changing and so are the IT organizations. The cloud era has begun and it is now being widely adopted. As a result of this, new technologies and products are evolving rapidly, and many of them powered by the cloud platform.

While it's appealing to look into and explore all the new capabilities of all these new technologies, it's easy to forget that most organizations in the real world are still managing or partially managing their datacenters on-premise. And more important for this article, many of them are managed with products from the Microsoft System Center Suite.

In this article I will talk about combining and analyzing the result sets from different technologies, such as agent based monitoring from Microsoft System Center Operations Manager (SCOM), but also some rather new technologies, such as log analytics with Microsoft Operations Management Suite (OMS).

In addition, I’ll address some of the concerns and requests we get from our customers throughout the industry such as service modeling, security considerations and wish for a holistic perspective of the whole IT Service delivery supported by their processes.

Log analytics in Microsoft OMS

As things are today, it's not accurate to say that OMS is a replacement for SCOM. OMS is positioned by Microsoft as a cloud management platform with some really nice features that can be combined with your own on-premise installation of System Center.

There are some good articles explaining what capabilities OMS have and the major difference between these two different solutions:

But for this purpose let’s focus on the log analytics part of OMS and what challenges it might solve.

Log Analytics is a great tool for capturing and analyzing large amounts of semi- or unstructured data that agent based or relational databases have a lot of struggle to deal with. For example, logs like security, firewall and the upcoming wire data - where network traffic can be captured. With Log Analytics you can do some heavy weight queries to extract relevant information from huge amount of data in no time, such as your security logs.

In our own workspace in OMS i got over 2 million rows of security related data just for one day. And if I’d want to filter that to show, for example, all failed logins, it can be achieved within just a second.
This solves some of the major concerns with the previous generation of monitoring platforms on how to deal with large amount of log sources, just to mention a few.

But what if we could extract relevant information and correlate them with SCOM data?

Agent based monitoring with SCOM

System Center Operations Manager (SCOM) has been around many years and has big strengths compared to many other solutions. When it comes to monitoring your windows environment, SCOM does the job and it does it really well. With all Management Packs available from Microsoft, 3rd party vendors and the community, it´s still one of the best choices for your IT-organization when it comes to monitoring your datacenters.

With SCOM, IT organizations can group their components into IT-services using Distributed Applications and then measure important key metrics such as availability, service level objectives, failures and much more.

Data collected from SCOM is saved in a separate data warehouse for reporting, but when it comes to ease of use reporting and advanced analytics, there is still much missing - until now!

SCOM and OMS - Better together!

Microsoft has released an API that enables you to do Powershell queries to your OMS workspace (read about it in this blog article). This opens up a new world of possibilities.

By extracting relevant queries that are pre-analyzed from OMS you can now correlate them with data from your System Center Operations Manager environment.

As seen below I executed a saved query within OMS that looks for failed logins and returns a set of 8 computers that have failed logins associated to them.



The same query using the API instead of the web interface.


With this extracted data you can transform and load it into our own data model, correlate it with SCOM events and link them to existing objects within your own environment. This enables your organization to get the holistic perspective of data from, not only Microsoft System Center Operations Manager and Microsoft OMS, but also with relevant process data such as incidents, problems, change request etc from Microsoft System Center Service Manager.


By utilizing security principles within SQL Server Analysis Services you can also take care of some of the security concerns with Microsoft OMS by filtering out data that is not relevant for certain users and groups, all depending on how your IT service is modelled and to who you delegated the permissions.

It doesn’t stop here!

With all these events and alerts you can now analyze and predict when certain types of events will appear in the future. Giving your organization a new more efficient way of working with automated analysis and proactive monitoring and also how to detect abnormal behaviors with baseline filtering. This will give you a complete new view of what capabilities existing Microsoft System Center customers get and when they want to combine new technologies such as Microsoft OMS. This behavior is also applicable for configuration changes, alerts and performance data.


IT Service Analytics

IT Service Analytics is a plug ´n play business intelligence and process support platform for Microsoft System Center. IT Service Analytics enables your IT  organizations to make qualified decisions based on intelligent and  accurate information gathered throughout your IT landscape.

With advanced analytics and statistical capabilities from data already collected, IT Service Analytics will turn your data into knowledge.  Combined with your IT service management processes data you get a  comprehensive toolset to keep you one step ahead of the business demands while delivering high quality IT services.

[button color="see-through-1" hover_text_color_override="#000" size="medium" url="/how-it-works/" text="How it works" color_override="#2ca447"]


With much data already in place and new data sources adding power by new technology you can get an automated analysis platform that supports your processes. The holistic view of your IT Service delivery has been a missing piece of the puzzle that now enables your organization to detect, and helps you prevent, service failures. And without the extra overhead needed with traditional reporting.

With this in mind your organization will get the best of both worlds: SCOM and OMS working together - secured by active directory and a toolset to implement real proactivity without any data hording.

Ämnen: Operations Management Suite System Center Operations Manager Azure Log Analytics Azure Automation