Partner Technical Services Blog

A worldwide group of consultants who focus on helping Microsoft Partners succeed throughout the business cycle.

Network Monitoring with System Center Operations Manager 2012

Network Monitoring with System Center Operations Manager 2012

  • Comments 4
  • Likes

(Post courtesy Nikunj Kansara)

This post describes the network monitoring capabilities of the System Center Operations Manager 2012 Beta.

In my opinion, network monitoring is the most exciting feature of the upcoming Operations Manager 2012 release. This article will help users to get an overview of the network monitoring, how to discover network devices, configure network monitoring rules and object discoveries, sneak-peek on reports generated out of network management and network dashboard.

I have split up the blog in four different topics:

How to discover the network devices:

Discovery is the process of identifying network devices to be monitored.

Operations Manager 2012 can monitor devices that use SNMP v1, v2c and V3.

The benefit that we get by configuring Network Monitoring is that if a critical server seems to be down, and if network monitoring is configured, we will see an alert that a switch/router port is down which was connected to the critical server. We can also see the network topology diagram called the Network Vicinity view.

Operations Manager 2012 provides the following monitoring for discovered network devices:

  • We can view connection health between the network devices and between the server and the network device
  • We can view the VLAN health based on health state of switches in VLAN
  • We can view HSRP group health based on health state of individual HSRP end points
  • We can view Port/Interface Monitoring like Up/Down, Inbound / Outbound volume traffic
  • We can view Port/Interface Utilization, Packets dropped, broadcasted.
  • We can view Processor Utilization for some certified devices
  • We can view Memory utilization some certified devices

Network device discovery is performed by discovery rules that you create.

Below are steps for creating the discovery rule:

1. Open the Operations Console

2. Go to Administration Workspace, right click Administration and the click Discovery

Figure 1

3. The What would you like to manage? Page in Figure 1 will open up and we need to select the Network Devices option and click Next.

4. The General page in Figure 2 appears and we need to provide the Name of the discovery rule and then we need select the Management server from the drop down. And then click Next.


  • We can create one discovery rule per management server or gateway server.
  • If we are creating a second discovery rule then we will only see the management servers that don’t have any discovery rule associated with them.
  • Also, we might want plan ahead and strategically place the management servers or gateway servers so they can access the network devices that we would like to discover.

Figure 2

5. On the Discovery Method page in figure 3, we need to select the method to discover the network device. In this example we need to select Explicit discovery and then click next.


  • Differences between Explicit discovery and Recursive Discovery:
    • Explicit discovery – An explicit discovery rule will try to to discover the devices that you explicitly specify in the wizard by IP address or FQDN. It will only monitor those devices that it can successfully access. The rule will try to access the device by using ICMP, SNMP, or both depending on the configuration of the rule.
    • Recursive discovery – A recursive discovery rule will attempt to discover those devices that you explicitly specify in the wizard by IP address, as well as other network devices that are connected to the specified SNMP v1 or v2 device and that the specified SNMP v1 or v2 device knows about through the device’s Address Routing Protocol (ARP) table, its IP address table, or the topology Management Information Block (MIB).

Figure 3

6. On the Default Account Page in Figure 4, click on the Create default Run As Account as we need to create an account which will be used to discover the network devices.

Figure 4

7. On the Introduction page of Create Run As account Wizard in Figure 5, click next

Figure 5

8. On the General Properties page of the Create Run As account Wizard in Figure 6; enter the Display name of the Run As Account and click next.

Figure 6

9. On the Credentials page on the Create Run As account Wizard in Figure 7, enter the SNMP community string and click on create.

SNMP Community Strings

We can configure Read only [RO] and Read Write [RW] SNMP Community strings. With the RO Community string we have read access to the network device. For Operations Manager 2012, we need only RO SNMP Community String to access the device. So it’s should be easy to convince the network guys ;-)

Figure 7

10. On the Default Account Page in Figure 8, select the created Run As Account and click on Next.

Figure 8

11. On the Devices Page, click on Add Button

Figure 9

12. On the Add a device window in Figure 10, enter the IP address / Name of the device we want to monitor; Select the Access Mode as ICMP and SNMP (You can also select ICMP only and SNMP only); Select the version on SNMP as v1 or v2; Select the created Run As account and then click OK.


  • We use ICMP only in the scenario where we need to know the availability of the gateway router from the ISP to verify if the interface is up or down.
  • We use SNMP only in the scenario where we want to monitor a Firewall on which ICMP is blocked.
  • If we specify that a device uses both ICMP and SNMP, Operations Manager must be able to contact the device by using both methods or discovery will fail.
  • If you specify ICMP as the only protocol to use, discovery is limited to the specified device and monitoring is limited to whether the device is online or offline.

Figure 10

13. Now Click Next on the Devices Page as in Figure 11.

Figure 11

14. On the Schedule discovery Page in Figure 12, Select the discovery schedule and click Next.


You may also select to run the discovery manually.

Figure 12

15. Click Create on the Summary page

Figure 13

16. Click Yes on the Warning box as in Figure 14. We need to distribute the created Run As account to the Management server for discovery and to the Management Server resource pool for monitoring that was selected in General properties [Figure 2]

Figure 14

17. Click close on Completion.

Figure 15

18. Now in the Administration Workspace, go to Discovery Rules Node under the Network Management Node. You will able to see the Discovery Rule that has created. Click Run if we want to Run the discovery manually. See Figure 16

Figure 16

19. See the Figure 17 for the Task Status window that appears when we run the Discovery Manually. The success Status suggests that the discovery is submitted successfully and not that the devices have been discovered. Click close.

Figure 17

20. We will see probing status of the discovery rule when it has actually found the device. See Figure 18

Figure 18

21. The Discover Rule starts processing the discovered components as in Figure 19

Figure 19

22. The status of the discovery rule will go to pending and will run again as per the discovery schedule that we selected Wizard. If we would have selected manual discovery option in the Wizard than the status would go to Idle. See Figure 20.

Figure 20

23. Go to Network Devices under Network Management to see the discovered device. See Figure 21.

Figure 21

24. Double click the Network device to view the properties page and more information about that discovered device. See Figure 22.

Figure 22

B. Network Monitoring:

We will see some of the views that are relevant to the network device that we discovered in previous step.

1. Go to Monitoring Workspace; double click the Network Monitoring Folder to see the Network views. See Figure 23.

Figure 23

2. Select the Network Devices view to see the Network Devices being monitored.

Figure 24

3. Click on the Health Explorer to the Subcomponents of the Switch. See Figure 25 & 26

Figure 25

Figure 26

4. Click on the VLANs view to see the VLANs in which the switch is participating. See Figure 27

Figure 27

5. Click on the ICMP Ping Response Performance view or Processor utilization Performance view to see the performance graph for ping response. See Figure 28 & 29.

Figure 28

Figure 29

C. Dashboard:

1. To see the connections between the connected nodes and the network device, click on the Network Vicinity view. See figure 30.

Figure 30

2. Click on the show computers check box to see the connections. See figure 31.


By default we can see connections which are one hop away from the network device.

We can select at max 5 hops. In environments with large number of network devices, selecting five hops can take a while for Operations Manager 2012 to show the data and the view might not be useful to you.

Figure 31

3. Now coming back to Network devices view in Monitoring workspace, click on the Network Node Dashboard. We will able to view all the information related to Network devices in the just one window. See figures 32, 33, 34 and 35.

Figure 32

Figure 33

Figure 34

Figure 35

D. Reporting: [See Figure 36]

Processor Utilization Report: It displays the processor utilization of a particular network device in a specified period of time.

Memory Utilization Report: It displays the percentage of free memory on a particular network device in a specified period of time.

Interface Traffic Volume Report: It displays the rate of inbound and outbound traffic that goes through the selected port or interface in a specified period of time.

Interface Error Packet Analysis Report: It displays the percentage of error packets or discarded packets, both inbound and outbound, for the selected port or interface.

Interface Packet Analysis Report: It displays the types of packets (unicast or non-unicast) that traverse the selected port or interface.

Figure 36

Additional Resources

  • Great Blog!

    Thanks for sharing helpful information.

    It is nice blog to help and tips about network monitoring

    How about trying this new technology that i found at

  • I have followed further step as you discussed above but failed to connect network devices so please suggest us the location of logs have placed and log name to helps us to resolved the same. Even i did not got any event id for the same.

  • Ports names are non-sense on my SCOm, i'm using CISCO.

    How did you managed to have the interface number in the name ?

  • Anything for SCOM 2007?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment