Implementing SCOM Monitoring on DMZ servers using Scom Gateway Server in DMZ

Every Orginization has Production Network and DMZ Network.  DMZ Network will have lots of servers. This servers also needs to be monitored and it can be monitored with the help of SCOM server in production. We need make use of certificate for this purpose

  1. Export Root Certificate domain.com from CA and install on all the SCOM RMS and MS into Computer Account
  2. Create Custom Certificate from the Certificate Authority OpsManagerCert by Duplicating IPSec(Offline Request) Certificate with all the Required parameter and with Setting key as exportable
  3. From RMS open CA Web enrollment Request Page and Request the Certificate           with the Custom Created Template OpsManagerCert and RMSservername.domain.com and install the same
  4. Export the newly Installed Certicate from “Current User –Personal Certificate” and import into to Certicate – Local computer – Personal store
  5.  Access All Management Servers in the production domain and  and follow step 3 and 4 to install OpsManagerCert
  6. Loging to GateWay server in DMZ and request the certificate for OpsManagercert using webenrollment gatewayserver.efsecure.com
  7. Export the newly Installed Certicate from “Current User –Personal Certificate”  in PFX form with password and import into to Certicate – Local computer – Personal store
  8. Import PFX file using MoMCertimport.exe  C:\cert.pfx  Cert which is exported on all the DMZ servers
  9. Loging to Servers in DMZ and and open Certificate webenrollment page in domain and request OpsMansgerCert Custom certificate with DMZ server name
  10. Follow Step 7 and export and import to the personal Store
  11. Install Root Certificate on all the Serves in DMZ
  12. Running Gateway approval tool on the RMS Server
  13. Running MomGateway.msi on the Gateway server
  14. Install the Agent on Servers
  15. Loging to the Scom Server and Approve

Note : TCP ports 5723 and 5724 Must be open between DMZ and Interal Network

Below Article helps to Request certificate for all the DMZ servers in the given input text file

http://blogs.technet.com/momteam/archive/2008/08/22/obtaining-certificates-for-non-domain-joined-agents-made-easy.aspx

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s