Unsolved
This post is more than 5 years old
36 Posts
0
2074
Need some advice for configuring OpenManage in smaller environments
Hi all,
I'm in the process of setting up OpenManage for a smaller environment. We've got about five Dell PowerEdge servers from all walks of life; a PowerEdge T110, a PowerEdge T300, and two PowerEdge R610's. There could be a couple more coming in the future, but for now that's what we've got. I think that in light of all of the different DRAC versions, agent-based hardware monitoring via OMSA would be probably prudent? (all of the PowerEdge servers run Windows Server (only the T110 runs Server 2012 R2; the rest are running Server 2016). Each has Hyper-V installed, so OM would be monitoring everything, but the agents would be deployed on Hyper-V servers. I've read through most of the literature, and I still can't find a comprehensive list of what you get versus what you don't if you have or don't have the OMSA agent installed. (It's probably because the PDFs seem more designed to be printed, not read on a computer in an E-reader as I must).
My next question concerns extending the schema versus not doing so. If I don't extend it, am I able to log into the local OMSA agents with my ADDS credentials? I know that it works with OpenManage Essentials without the schema extension, though the guides for OMSA aren't clear. (In such a small environment like ours, extensions for a few groups seems overkill when we can just throw them in ourselves.) And if we create the corresponding groups ourselves, what are the permissions that each group has to be able to view things in the OME/OMSA consoles?
My last question: if using OMSA only as an agent for OME to find the server, do we have any reason at all to ever log into the local OMSA web server? Thanks, and I apologize in advance for all the silly questions.
DELL-Daniel My
Moderator
Moderator
•
6.2K Posts
0
January 29th, 2018 09:00
Hello
You will need to install OMSA on the local systems. Agent-less features were added to the iDRAC starting with 12th generation servers. 12G and later servers can be managed with OME by the iDRAC and have many of the same features that having OMSA installed would provide. Installing OMSA would still enable more features on 12G and later. You will have very few management and monitoring options on a system older than 12G if you do not install OMSA on the target system.
I'm not sure which schema you are referring. If you are talking about adding an active directory schema to manage users then I would not bother. OMSA allows access based on the account type being used. An administrator account has full access. A normal user account will have limited access. The schemas provide more control over the accounts. If you only have one or two people that will be managing the systems then I would not set up the schemas. I would create a management administrator account to be used by OME.
If you are doing a lot of management tasks on a single system I think it is easier to do it through OMSA. I find OME to be great for monitoring and managing a lot of systems at once, but if you have an issue with a single system you will likely find yourself using OMSA on that system.
Thanks
cambridgeport617
36 Posts
0
January 29th, 2018 10:00
Thanks for the clarification. Yes, the schema I am referring to is the AD schema. We try to use Active Directory where we can. If we opt not to extend the schema, we can still use AD accounts to log into the local OMSA agents, just not with as much control, right? The rest of the administrators in my group believe that the less cluttered AD is, the better, but if absolutely required, they'll allow it, more than likely, due to the fact that if something doesn't use SSO on our network, something else is normally chosen that does.
DELL-Daniel My
Moderator
Moderator
•
6.2K Posts
0
January 29th, 2018 12:00
Yes, you can use any credentials that you would normally be able to log into the host operating system with. OMSA can use domain or local credentials.
Thanks
cambridgeport617
36 Posts
0
January 29th, 2018 17:00
Thanks for the hand so far. One more question though in light of what you said about groups. How do I tell OpenManage which groups it should look for permissions in? We have a tendency to name our groups based on location so that we're not hunting for stuff when adding and deleting people. The user guide seems clearer with OME than it does with OMSA.
DELL-Daniel My
Moderator
Moderator
•
6.2K Posts
0
January 30th, 2018 09:00
OMSA provides/restricts access based on privileges. The privileges are listed on pages 11 and 12 of the Dell EMC OpenManage Server Administrator User's Guide:
http://www.dell.com/support/home/product-support/product/dell-openmanage-server-administrator-9.0.1/
Thanks