How I Handle SCSM Email Integration

Navigation:

Introduction

System Center Service Manager is an awesome product, but doesn’t offer much in the way of email integration ‘out of the box’.

The Goals:

  • End-users get notified on ticket creation, new comments.
  • Correspondence with end-users emails gets routed into ticket comments.
  • Help desk can create service and incident requests directly from their email client.
  • Help desk can easily convert service requests to incidents and vice-versa.

I’m used to using RT (Request Tracker). The goals don’t seem lofty, but it took me a while to really understand that Service Manager is -not- just a Microsoft version of Request Tracker. Though SCSM and RT are both issue tracking products, their approaches are very different. A couple of awesome third-party products exist that offer comprehensive email integration for SCSM (here’s to you Cireson!), but at my current position I have to roll my own solution. Long story.

I needed the following tools to accomplish the goals above. Please download them if you’re trying to follow along.

System Center Service Manager with:

  1. SCSM PowerShell SMLets
  2. PowerShell ShowUI

System Center Orchestrator with:

  1. SCO Data Manipulation IP
  2. System Center 2012 R2 – Orchestrator Component Add-ons and Extensions, which contains:
    1. SCO Exchange User IP
    2. SCO Service Manager 2012 R2 IP
  3. Orchestrator Remote Tools 2.51

In the following blog series, I’ll focus on the goals one at a time:

  1. End-User notification upon ticket creation.
  2. End-User notification when analysts add a ticket comment.
  3. Ticket comment generation upon email receipt (from end users or analysts).
  4. Creating work items from an email client.
  5. Converting between IR’s and SR’s.

It might take a while to get all of this blogged out. Feel free to ping me if things are going too slow :). It’s good motivation.

Advertisements

System Center Orchestrator – Running Powershell

I’ve had a lot of trouble with SCORCH and PowerShell, primarily because Orchestrator will always call PowerShell 2.0. Here’s how I get things done.

Reference: RUNNING AND DEBUGGING POWERSHELL SCRIPTS WITH ORCHESTRATOR 2012

  1. Add two new variables
    1. Powershell Scripts Username
    2. Powershell Scripts Password
  2. ‘Encrypt’ the password variable.
  3. Copy the PowerShell script you’d like to run to C:\Scripts on your target system.
  4. Add a ‘Run Script’ activity to your Runbook.
  5. Use the following code template, but replace username/password with variable subscriptions, and replace the PowerShell script name and path.
    $ErrorActionPreference = "Stop"
    try
    {
        $targetComputer = "server.contoso.com"
        $username = "{Scripts Username}"
        $password = "{Scripts Password}"
        $securePassword = $password | ConvertTo-SecureString -AsPlainText -Force
        $creds = New-Object System.Management.Automation.PSCredential -ArgumentList $username,$securePassword
        $retval = Invoke-Command -Credential $creds -ComputerName $targetComputer -ScriptBlock {& "C:\Scripts\Generate-VMHostGuestInfoReport.ps1"}
    }
    Catch
    {
        Throw $_.Exception
    }
    

Getting data back out is a bit of a problem, so I’ve just been writing data to a file inside my target script, and then reading the file with Orchestrator. It’s a bit of a cludge, but it works.

SCVMM 2012 R2 – Using Mac Address Pools

I had the weirdest thing happen the other day. I created a VM and migrated it to second host. I created a new VM, and had trouble accessing the first VM. What gives! Well, I ran into a MAC address duplication issue.

To avoid this, first configure your Hosts and VM’s to use Logical Switches. Once configured, set all of your VM’s to the static MAC address of ’00:00:00:00:00:00′ using SCVMM console. Once you hit ‘Apply’ and ‘OK’ to close the properties window, SCVMM will give the VM a new MAC address from the MAC address pool. No more duplicates!

For the Logical Switch configuration, see my post ‘SCVMM 2012 R2 – Logical Switches‘.

SCVMM 2012 R2 – Logical Switches

OK, logical switches are pretty sweet. Like a lot of things, it took me a little while to wrap my head around the concepts and terminology. The SCVMM concept of a logical switch is very similar to VMWare’s Distributed Virtual Switch. It’s all about finding novel ways to map your networking hardware to virtual abstractions, to hopefully make things easier to manage.

This post will cover one of the most basic configurations. Creating a simple logical network which will connect to both your hosts and VM’s.

Step One – Logical Network

This is where you tell SCVMM how you want to present the physical network to the virtual machine hosts.

  1. Open SCVMM Console -> Fabric -> Networking -> Logical Networks.
  2. Create a ‘Logical Network’.
  3.  You’ll see three options. Choose ‘One Connected Network’ and check both boxes, then click ‘Next’.
  4. On the ‘Network Sites’ page, click ‘Add’.
  5. Check the box next to ‘All Hosts’.
  6. Under the section ‘Associated VLANs and IP subnets’, click ‘Insert Row’.
  7. Change the new row’s VLAN to “0” and make the IP Subnet blank, then click ‘Next’.
  8. On the summary page, click ‘Finish’.

By choosing ‘One Connected Network’, we instruct SCVMM that the sites specified in the ‘Network Sites’ page are all part of the same routable network. This is this simplest way to start.

By adding the new associated VLAN “0” with no subnet, we instruct this logical switch to transmit to and from any IP subnet on the default untagged VLAN.

Step Two – Uplink Profile

When we create a logical switch, we need to define physical ports on the VM hosts that will be designated as ‘uplinks’ to this logical switch. To do this, we need to create a ‘Port Profile’ that describes the uplinks.

  1. Open SCVMM Console -> Fabric -> Networking -> Port Profiles
  2. Create a Hyper-V Port Profile.
  3. On the ‘General’ tab, choose ‘Uplink Port Profile’ and click ‘Next’.
  4. On the ‘Network Configuration’ tab, click the checkbox next to your logical network, then click ‘Next’.
  5. On the ‘Summary’ tab, click ‘Finish’.

Notice that you can change the load balancing algorithm on the ‘General’ tab. Lots of fun stuff available there.

Step Three – Logical Switch

Now, we can create the logical switch!

  1. Open SCVMM Console -> Fabric -> Networking -> Logical Switches
  2. Create a logical switch.
  3. On the ‘Uplink’ page, add your uplink profile.
  4. On the ‘Virtual Ports’ page, add the ‘Host Management’ and ‘High Bandwidth’ profiles.

It’s worth looking into the virtual port profiles. You can do some cool stuff like manage the security settings and QoS.

Step Four – Assign the Logical Switch to Hosts

This can get tricky, and you can end up disconnecting your host from the network. I recommend that you shut down all VM’s on the host, and try this on a host where you have physical access in case things don’t work out quite right.

  1. Open SCVMM Console -> VMs and Services -> All Hosts.
  2. Right-click your host and choose ‘Properties’.
  3. Click the ‘Virtual Switches’ page.
  4. Delete the current standard switch, but don’t click ‘Apply’ yet or the host will become unreachable.
  5. Add your new logical switch, but don’t click ‘Apply’ yet or the host will become unreachable.
  6. Click the new logical switch, and then click ‘New virtual network adapter’ with the following settings, then click ‘Apply’.
    name: mgmt
    port classification: Host Management
  7. Wait a few minutes, then right-click the host and choose ‘Refresh’.

Step Five – Assign the Logical Switch to your VM’s

Alright! Now we can finally use the new-fangled virtual switch.

  1. Right-click a VM on the host and choose ‘Properties’ -> ‘Hardware Configuration’ -> ‘Network Adapter’.
  2. Connect your VM’s Network Adapter to the ‘VM Network’ that matches the ‘Logical Network’ name created in Step 1.
  3. Connect your VM to the ‘Logical Switch’ and assign it a port classification (probably ‘High Bandwidth’).

And congrats! You’ve made it through configuring a SCVMM Logical Switch.

 

 

SCVMM 2012 R2 – Initial Overview and Install

I recently got started with SCVMM.

Overview

  1. Spin up a VM. Give it 4GB RAM.
  2. Install SQL 2012 /w SP1.
  3. Create an account: service-scvmm. Grant this account local admin access.
  4. Install Windows ADK and PE.
  5. Configure AD container for distributed key management.
  6. Run setup.
  7. Create the library share via the setup wizard.
  8. Discover the hosts.

Advanced topics for later posts:

  • VM Templates
  • Logical Switches
  • MAC Address Pools
  • Virtual Machine Migration via Kerberos.

What you get ‘Out of the Box’

I wasn’t impressed with SCVMM right away. It sees like just Hyper-V manager, but with less capability. For example, I can’t seem to change the BIOS boot order inside SCVMM.

Eventually, I found some benefits:

  • Host performance statistics. Easy to access daily and monthly averages.
  • Integration with other System Center products like Orchestrator and Service Manager. You can do some really advanced and nifty stuff.
  • Virtual machine library and templates make it easy to deploy new machines.
  • Logical switches make it easy to change networking options across many hosts.
  • MAC Address pools ensure that if you migrate a machine, the original host won’t re-use the migrated machine’s mac address. Otherwise, this can cause some serious network weirdness.

Things You’ll Need

Notes on the install process:

Configuring the AD container for distributed key management isn’t tricky, just unexpected. Here’s a good link:

Process:

  1. Open ADSIEdit.
  2. Right-click the domain root -> new -> container. Name it “VMMDKM”.
  3. Grant the account installing SCVMM full control on the new container. Must also propagate to sub-containers.

Intel vPro – Configuration – Part 10 – SCCM Integration

vPro Series of Posts


Now that we have a standalone vPro reference installation, let’s integrate it into SCCM!

Here, I’m going to turn things over to Brian Muller. His blog post on SCCM 2012 integration is excellent.

Integrating SCCM 2012 with SCS 8.1

Here is the general overview. Consider it a preview of what you’re in for (stolen from his post).

  1. Adding the Out of Band Role Management Role to your SCCM server
  2. Extending the Hardware Inventory for SCCM 2012
  3. Modifying the SCS profile for SCCM 2012
  4. Creating the collections required for the discovery and configuration of your clients
  5. Creating the Discovery and Configurations packages
  6. Creating the Task Sequences required for the discovery and configuration of your clients
  7. Creating the Deployments (SCCM 2007 – Advertisements)
  8. Creating the Status Filter rules to automatically update the Intel collections
  9. Queries to help you troubleshoot

Next up, some custom PowerShell scripting to make things a bit easier.

Intel vPro – The Basics of vPro

vPro Series of Posts


Hi. I’ve spent almost 6 months working on a vPro project at a college\department at OSU. Honestly, it’s been a tough technical road, but it’s relatively well-traveled.

So what is vPro? In short, it’s an embedded computer-on-a-chip built into the motherboard of many new enterprise-class systems. It provides management access to a system regardless of it’s Operating System or Power State. It’s also pretty awesome. Here are two links that provide a lot of good info.

Feature Overview

Here are the best features.

Most Commonly-Used Features

  1. KVM (Keyboard Video Mouse). With a vPro-enabled system (AMT version 6.0 and higher), you can actually use a specialized VNC client to connect to a computer. After connecting, you can mount ISO’s, Floppy images, reboot and change BIOS settings, PXE boot and image the computer with a new operating system, run system diagnostics, etc. This is independent of the Operating System.
  2. PC Alarm Clock. This lets you schedule a wake-up time for computers. This is useful for patch distribution.
  3. Asset Information. This reports some useful information like the type of RAM in each slot, disks, etc.
  4. Power Management. This lets you control the system power — power on, reboot, power off, etc.

Lesser-Known Features

There are several lesser-known features that are cool, but most people won’t use them directly.

  1. Serial-Over-LAN. This outputs the serial port over the vPro connection. It’s super-useful for Linux systems.
  2. Network Filters. This gives you limited firewall-like capability.
  3. Watchdog Policies. This lets you monitor Operating System processes.
  4. Heuristic Filters. This lets you configure an AMT service that rate-limits incoming\outgoing traffic when certain conditions are hit (virus found, etc).

Other General Info

vPro is primarily designed to be used as an underlying platform for vendor-specific implementations. Intel provides ‘reference’ designs and utilities which can be used stand-alone, but they don’t seem to outwardly or specifically support using their reference designs. The good news is that the reference designs are very stable.

For example, Microsoft SCCM has implemented Out-of-Band management support for vPro. Microsoft uses Intel API’s to do all the provisioning, security, and management of the vPro platform when used with SCCM. In this model, when you have a problem, you call up Microsoft (not Intel).

In subsequent blog posts, I’ll cover the installation and configuration of an Intel reference implementation of vPro. This will get you access to all of the vPro features. I’ll also cover vPro reference integration with SCCM, since SCCM’s native vPro support is somewhat dodgy.

vPro Tools

There are several vendor-neutral tools which can be used to connect to a vPro system. They have different purposes and strengths, and they’re all a tad buggy. Here’s a quick list that I’ve found.

  1. RealVNC+. This can be used to gain KVM and IDE Redirection (ISO and Floppy Mount) to a vPro-enabled system. It has problems waking up a PC from sleep, and it sometimes disconnects if you reboot a system. However, you can re-connect pretty quickly.
  2. Open Source Manageability Toolkit (AKA Manageability Commander). This can be used for everything except KVM, although it gives you a one-click KVM connect button as long as RealVNC+ is installed. This product is actively maintained by a very responsive and deeply knowledgeable person named Ylian Saint-Hilaire. The product currently has a bug when trying to use SOL or IDER to a Kerberos-enabled vPro system, but there is an easy workaround (more later).
  3. Intel Platform Solution Manager. This is Intel’s reference application. It gives you access to SOL, IDER, Power Management Features, and Asset Information. It’s the most stable, but doesn’t offer all of the features of the Manageability Toolkit.
  4. Intel Web-UI. This is a built-in web interface for all vPro enabled systems. It provides some basic asset information and power control.

Demo

Let’s see it in action! These systems and domains are all on test\dev boxes, so don’t get too excited by seeing the FQDN. 🙂

RealVNC+

vncplus-1

vncplus-2

vncplus-3

Open Source Manageability Commander

mcmdr1 mcmdr2

Intel vPro Solutions Platform

intel-solutionmgr1

Intel Web-UI

webui1 webui2

I’m sure you’re thinking, “OK, let’s go! Show me how to set this up!”. I’ll be going over the architecture and configuration in subsequent blog posts ASAP. Thanks!