Microsoft SCOM
This integration allows you to locate and notify on-call resolvers when critical network incidents are detected. Network operation and failure information is presented to message recipients via multiple communication channels, allowing technicians to take direct action remotely in real time from any mobile device. As actions are taken, the integration updates the tickets with information annotations to provide a full audit trail.
The instructions cover the following topics:
- The Overview: how it works and features and updates
- Before you begin: create a Microsoft SCOM user and download the workflow
- Configure xMatters: set up an integration user, create users and groups, import the workflow and configure inbound integrations, create a web service user
- Configure the Integration Agent: install and configure the integration files, set the password files, and enable deduplication
- Configure SCOM: configure notification channels, subscribers, subscriptions, and alert resolution settings
- How to use the integration: trigger a notification, respond to it, and view the results
- Troubleshooting: view information on deprecated features from previous releases, and troubleshooting instructions.
- Extend and optimize your integration: edit how values are displayed and how responses work
How it works
This integration uses a client-hosted Integration Agent, installed on the SCOM server.
When a new SCOM alert triggers a given subscription, a notification channel delivers notification subscriber alerts, which send incident information to xMatters, including severity, priority, alert ID, server name, signal source, event time, management group name, resolution state, and event description. xMatters then creates an alert and notifies the specified recipients.
This integration is a configurable, two-way integration; updates from xMatters are recorded in SCOM.
The integration includes authentication from the Integration Agent to SCOM and from the Integration Agent to xMatters , in addition to the secure Integration Agent communication channel.
Features and updates
This version of the integration includes the following updates:
- Injects signals to xMatters via inbound integrations.
- Adds support for the Alert Comments trigger for outbound integrations.
- Uses the latest version of the embedded Integration Agent utilities.
- Makes the "Sent to xMatters" state change optional when injecting signals.
- Allows "del" injections to terminate existing alerts.
- Removes the "Work in Progress" response option. (If you still want this response option, you can customize the integration to include it.)
Before you begin
Before you get started configuring the integration, there are a couple of things you can do ahead of time to make it easier: create a user in Micrsoft SCOM and download the workflow. This integration also requires the Integration Agent.
This integration requires the username and password of a SCOM user with Administrator privileges. Make sure you have these ready before you configure the integration.
Download the attached .zip file to a location on your local machine, and extract the contents. The file contains all of the components required to integrate xMatters and SCOM.
If you navigate through the folders, you will find another .zip file called scom.zip. This is the workflow, which contains pre-configured integrations, forms, properties, and messages specifically designed for SCOM. Don't extract the contents of the scom.zip file! You'll import it directly into xMatters in the next section of instructions.
Configure xMatters
The first step in setting up your integration is to configure xMatters:
This integration requires a user who can authenticate REST web service calls when working with alerts – these permissions are provided by the "REST Web Service User" role in xMatters. See Create an integration user for more information.
Note: Make sure you keep the user ID and password of this user handy. You'll need them when configuring other parts of this integration.
This integration uses SCOM notification subscriptions to associate particular alerts to users and groups in SCOM. These users and groups must also be present in xMatters (with the same ID) to be targeted for notifications.
- To create a new group, see Create a new group.
- To create a new user, see Add a new user.
You can also create multiple groups and users at once using the EPIC feature.
The next step is to import the workflow. You can find the workflow scom.zip file in the extracted archive you downloaded.
- In xMatters, click the Workflows tab, and then click Import.
- Go to the location of the extracted xM-MS-SCOM folder.
- Go to components > xmatters and select the scom.zip file.
- Click Import Workflow.
- Once the import is finished, the workflow should be automatically enabled. If it isn't, click the Disabled toggle to enable it.
- Click the gear icon beside the workflow, and select Editor Permissions.
- Add the integration user, and then click Save.
- Click the workflow name to open the Forms tab.
- For the first form in the list, click the Web Service drop-down, and then select Sender Permissions.
- Add the integration user, and then click Save Changes.
You need to configure the authentication and retrieve the URL for the inbound integration. You'll use the URL when you configure the Integration Agent.
To configure an inbound integration:
- In the Integration Builder, expand the list of inbound integrations.
- Click the name of the integration to view its details.
- Under the Select authentication method step, make sure the authentication is set to Basic.
- If it is not, select Basic then click Save.
- Scroll down to the bottom of the page, and click Copy beside the field (you need this later to configure the Integration Agent):
This integration requires a web service user with specific permissions in xMatters to receive user responses and notifications about alert status changes for the Integration Agent. ("Web service users" are a specific type of user in xMatters that can work with the SOAP web services used by the Integration Agent; this means you can't just use a regular user and assign them a specific role or permission – you have to create a dedicated user.)
To set up a web service user:
- In xMatters, click the Users tab, and then, in the menu on the left side of the page, click Add Web Service User.
- On the Add Web Service User page, enter a User ID.
- In the Denied Web Services list, locate and select the following web service, and then click Add:
- Register Integration Agent
- Receive APXML
- Send APXML
- Enter a password for the new web service user.
- Click Save.
Configure the xMatters Integration Agent
Now that you've configured xMatters, it's time to configure the Integration Agent.
The installation instructions below assume you already have a working xMatters Integration Agent. If this is a new installation and you have not yet deployed the Integration Agent, download, deploy, and configure the Integration Agent before continuing.
The installation package contains all that you need to configure the integration.
Note: As usual for our Integration Agent documentation, <IAHOME> refers to the installation folder of the Integration Agent on your system.
To install and configure the integration files:
- Within the extracted integration archive, navigate to \components\integration-agent\integrationservices, and copy the entire contents of this folder to the <IAHOME>\integrationservices installation directory of the Integration Agent.
- Open the <IAHOME>\conf\IAConfig.xml file and add the following line to the "service-configs" section:
<path>applications/msscom/msscom.xml</path>
- Save and close the file.
- Open the <IAHOME>\integrationservices\applications\msscom\msscom-config.js file and add or set the values for the following variables:
WEB_SERVICE_URL | The inbound integration URL. |
XMATTERS_DOMAIN | The URL of your xMatters instance. |
CALLBACKS | The default for this is null. You can configure it to accept supported outbound integrations (callbacks). However, we recommend that you configure these in the xMatters web user interface, rather than in this file. |
INITIATOR | The User ID of the integration user in xMatters. |
PASSWORD | Path and filename of the password file containing the encrypted integration user's password. |
DEDUPLICATOR_FILTER_NAME | The deduplication filter to use for this integration (this must be set to "msscom"). |
SCOM_EXECUTABLE_PATH | The path to the xMatters SCOM executable, relative to the <IAHOME> directory. |
SCOM_USERNAME | The username of the SCOM user that will access, change the status of and update Alerts. |
SCOM_PASSWORD | Path and filename of the password file containing the encrypted SCOM user's password. |
SCOM_USE_SIMPLE_LOGIN | When set to true, the integration uses only the SCOM_SERVER_NAME to create a connection to the Microsoft Enterprise Management Group. |
SCOM_SERVER_NAME | Server name for the server running SCOM. |
SCOM_DOMAIN | Domain on which the server that the Alerts will be queried from is running. |
SCOM_DEBUG_LOGGING_ENABLED | When set to true, debug logging information is logged into <IA_HOME>\integrationservices\applications\msscom\log\ |
USE_XMATTERS_STATUS | When set to true, SCOM alerts are set to the "sentToxMattersResolutionStateID" status (see below) after an alert is created. |
ALERT_SENT_MESSAGE | The message added to the alert history in SCOM when an xMatters alert is created for the alert. |
XMATTERS_HISTORY_COMMENT_PREFIX | The prefix that is added to the history comments for xMatters updates to an alert. |
acknowledgedResolutionStateID | The ResolutionState ID used when the "Acknowledge" response is selected in xMatters. |
closeResolutionStateID | The ResolutionState ID used when the "Closed" response is selected in xMatters. |
sentToxMattersResolutionStateID | The ResolutionState ID used when the alert is sent to xMatters. This is only used if the USER_XMATTERS_STATUS (see above) is set to true. |
- Save and close the file.
- Configure the password files and deduplication (if required).
- Restart the Integration Agent.
This integration includes encrypted files, located in the <IAHOME>\conf folder, that store the passwords for the integration user and the SCOM user. You need to update (or create) the files with the correct passwords for these users:
- "initiatorpasswd" stores the password for the integration user
- "msscompasswd" stores the password for the SCOM user
Note: If you store the passwords with a different file name or in a different location, make sure you update the <IAHOME>/integrationservices/applications/msscom/msscom-config.js file with the correct name and path.
To configure the integration user password:
- Open a command prompt and navigate to <IAHOME>\bin.
- Run the following command, where <new_password> is the password for the INITIATOR (integration user) specified in the msscom-config.js file, and <old_password> is the existing password (the default password for a newly installed integration is "password"):
iapassword.bat --new <new_password> --old <old_password> --file conf/.initiatorpasswd
- Next, run the following command, where <new_password> is the password for the SCOM user specified in the msscom-config.js file, and <old_password> is the existing password (the default password for a newly installed integration is "password"):
iapassword.bat --new <new_password> --old <old_password> --file conf/.msscompasswd
For more information about working with the iapassword command, and creating password files, refer to the xMatters Integration Agent Guide.
The integration package includes a filter that engages the Integration Agent's filtering and suppression module to suppress duplicate alerts (also know as deduplication). This can help avoid disruption of traffic due to alert floods (a potential issue with improperly configured management systems).
The deduplicator is installed into the <IAHOME>\conf folder, and is configured by default to suppress up to 100 duplicate alerts for two minutes. You can configure the filter to extend the time period in which an alert is considered to be a duplicate, the number of alerts within that period, and the tokens or properties that xMatters uses to determine what makes the alert unique.
To enable deduplication:
- Navigate to the <IAHOME>/conf directory.
- If you have an existing deduplicator-filter.xml file in this folder, create a backup version in a separate location.
- Copy the deduplicator-filter.xml file from the integration-agent/conf folder in the extracted integration archive into the <IAHOME>/conf directory.
- If you backed up an existing deduplicator file, merge the contents of your backup with the newly installed <IAHOME>/conf/deduplicator-filter.xml file: open both files in a text editor, and then copy the <filter> node from the backup file into the new deduplicator file after the last </filter> node.
- Save and close the file.
- Restart the Integration Agent.
For more information about the deduplication filter and the available settings, refer to the "Filtering and Suppression" section in the xMatters Integration Agent Guide.
Configure SCOM
Now that you've configured xMatters to integrate with your system, it's time to configure SCOM to integrate with xMatters. This requires you to configure the following components in SCOM:
- Notification channels
- Notification subscribers
- Notification subscriptions
- Add/update resolution status
The notification channels define how SCOM delivers the information to xMatters, which attributes of the alert are sent, and when to remove the alert from xMatters.
To set the notification channels:
- In the Administration pane in SCOM, expand Notifications, and then click Channels.
- Right-click in the Channels pane, and then select New Channel.
- In the Command Notification Channel dialog box type Send Alert via xMatters in the Channel Name field, and then click Next.
- In the Full path of the command file field, type the path to the APClient.bin.exe file in the xMatters Integration Agent installation folder (the default location is <IAHOME>\bin\APClient.bin.exe).
- In the Command line parameters field, type the following:
--map-data "applications|msscom" "add" "$Data/Context/DataItem/AlertId$" "$Data/Context/DataItem/AlertName$" "$Data/Context/DataItem/TimeRaisedLocal$" "$Target/ManagementGroup/Name$" "$Data/Recipients/To/Address/Address$" "$Data/Context/DataItem/Priority$" "$Data/Context/DataItem/Severity$" "$Data/Context/DataItem/ManagedEntityDisplayName$" "$Data/Context/DataItem/ResolutionState$"
Note: You can copy and paste the above command from this article into the Command line parameters field, but first you need to paste the text into a plain text file and remove any line breaks or other formatting. You can then copy the command from the text file and paste it into the SCOM field.
- In the Startup folder for the command line field, enter your <IAHOME> directory.
- Click Finish, and then click Close.
- Repeat steps 2 through 4 to add another notification channel with the name Delete Closed Alerts From xMatters.
- In the Command line parameters field, type the following:
--map-data "applications|msscom" "del" "$Data/Context/DataItem/AlertId$"
- In the Startup folder for the command line field, type enter your <IAHOME> directory.
- Click Finish, and then click Close.
SCOM notification subscribers allow you to specify who should be notified, and on which devices. You must configure subscribers to use the xMatters command channels, and set the xMatters recipient (the target user or group) as the delivery address.
Note: In the SCOM interface, selecting some options will lock other fields in the dialog box, preventing you from making necessary changes. The following steps indicate the best way to prevent this, and describe which options to set first so that other required settings are not locked before you can modify them.
To set the notification subscriber:
- In the Administration pane, under Notifications, click Subscribers.
- Right-click in the Subscribers pane, and then select New Subscriber.
- In the Notification Subscriber Wizard, in the Subscriber Name field, type xMatters, and then click Next.
- On the Schedule Notifications page, select Always send notifications, and then click Next.
- On the Subscriber Addresses page, click Add.
- On the Describe the Subscriber Address page, type xMattersSCOMGroup in the Address name field, and then click Next.
- This example uses the group xMattersSCOMGroup as an xMatters recipient. Replace xMattersSCOMGroup here and in step 7 with the name of the user or group you want to use.
- In the Delivery address for the selected channel field, type xMattersSCOMGroup.
- In the Channel Type drop-down list, select Command.
- In the Command Channel field, select Send Alert to xMatters, and then click Next.
- Click Finish to complete the Schedule Notifications configuration.
- Click Finish, and then click Close.
To set the closed alerts subscriber:
- Right-click in the Subscribers pane, and then select New Subscriber.
- The Schedule Notifications page, select Always send notifications, and then click Next.
- On the Subscriber Addresses page, click Add.
- On the Describe the Subscriber Address page, type xMattersClose in the Address name field, and then click Next.
- This example uses the group xMattersClose as an xMatters recipient. Replace xMattersClose with the name of the user or group you want to use.
- In the Channel Type drop-down list, select Command.
- In the Command Channel field, select Delete Closed Events From xMatters and then click Next.
- Click Finish to complete the Schedule Notifications configuration.
- Click Finish, and then click Close.
Once you have created the command channel and configured the subscribers, you can set up a subscription to allow xMatters to subscribe to SCOM alerts.
You can create subscriptions for many different kinds of alerts. The following instructions describe how to subscribe with two criteria (severity and resolution state) as a way of demonstrating the process, and how to configure a subscription that will delete the corresponding alert in xMatters when an alert is closed.
To configure a "new" notification subscription:
- In the Administration pane, under Notifications, click Subscriptions.
- Right-click in the Subscriptions pane, and then select New Subscription.
- On the Create Notification Subscription page, in the Subscription name field, type xMattersSubscription, and then click Next.
- On the Criteria page, use the Conditions and Criteria description boxes to create a subscription that notifies on all alerts with a resolution state of "New" and a Warning or Critical severity.
- The Criteria description field should resemble the following:
- Click Next.
- On the Subscribers page, add the “xMatters” subscriber you defined in the previous section, and then click Next.
- On the Channels page, add the xMatters command channel you already defined, and then select the Send notifications without delay option.
- Click Next.
- Click Finish, and then click Close.
To configure a "delete on close" notification subscription:
- Right-click in the Subscriptions pane again, and select New Subscription.
- On the Create Notification Subscription page, in the Subscription name field, type Delete xMatters events when alerts are closed, and then click Next.
- On the Criteria page, use the Conditions and Criteria description boxes to create a subscription that notifies on all alerts with a resolution state of "Closed" and a Warning or Critical severity (this allows xMatters to terminate alerts when they are resolved).
If the criteria other than the resolution state do not match the criteria of the xMattersSubscription subscription, xMatters may attempt to terminate events that it may not have received.
- The Criteria description field should resemble the following:
- Click Next.
- On the Subscribers page, add the “xMattersClose” subscriber you defined in the previous section, and then click Next.
- On the Channels page, add the Delete Closed Alerts From xMatters command channel you already defined, and then select the Send notifications without delay option.
- Click Next.
- Click Finish, and then click Close.
You need to make sure that SCOM has resolution state IDs that match the xMatters response options. Generally this means adding a new resolution state for the Acknowledge response and confirming that the ID in the msscom-config.js matches the Closed ID in your SCOM setup.
You might also need to configure a new resolution state for the Sent to xMatters status if the USE_XMATTERS_STATUS variable is set to true.
To add new resolution states:
- In the Administration pane, click Settings, and then double-click Alerts.
- In the Global Management Group Settings dialog box, on the Alert Resolution States tab, click New.
- In the Resolution state name field, type a name that matches the new resolution state (for example, Acknowledge).
- In the ID field, type the resolution state ID that matches the state name (for example, for Acknowledge, enter 101).
- Click Save.
- Repeat steps 2 to 5 to add any additional resolution states.
- Click OK.
How to use the integration
The example in this section uses a forced IP address conflict to illustrate how an alert is sent through xMatters to a user’s device, and how xMatters and SCOM process the user’s response, targeting an example group name "xMattersSCOMGroup" – replace this with the group you set up, making sure you have access to a device belonging to a user who is part of this group so you can receive the notification and respond.
- Using the Windows Local Area Connection Properties dialog, force an IP conflict between two computers that SCOM is monitoring. For example, assign the SCOM server’s IP address to another machine on the network.
- The alert is created in SCOM.
- SCOM passes the alert into xMatters.
- The Alert Properties dialog box displays the details of the alert, and the Status is updated to "Sent to xMatters".
On a device with the xMatters mobile app, you can respond to the message simply by tapping Respond, and then tapping one of the response choices. Other devices use similar methods.
After responding to the notification (for example, with Acknowledge), xMatters updates the event in SCOM. You can view the results of the response in SCOM:
The Active Alerts pane updates the Resolution State to Acknowledged and the History tab displays the sequence of notifications and responses.
Troubleshooting
For those familiar with previous versions of the integration, the following functionality has been deprecated and is not available in this integration:
- No FYI flag is available and the integration does not currently support FYI notifications
- No failsafe functionality has been implemented as this is not technically possible with integrations based on workflows.
You can temporarily enable low-level logging for the integration to help with troubleshooting. We recommend you turn this off after you're done troubleshooting to make sure it doesn't impact day-to-day performance.
To enable logging:
Open the <IAHOME>\integrationservices\msscom\msscom-config.js file in a text editor and set the debugLogging parameter to "true".
When set to true, debug logging information is logged into:
<IA_HOME>\integrationservices\applications\msscom\log\
Extend and optimize your integration
You can use the following tips to customize your integration to better suit your deployment.
You can change the text associated with the SCOM integer values for resolution state, severity, priority, and status.
To change the human-readable text sent to xMatters for the numeric values:
- Open the <IAHOME>\integrationservices\applications\msscom\msscom-config.js file and change the following variables to match the text you want to appear for the numeric values:
- READABLE_SEVERITY_MAP
- READABLE_PRIORITY_MAP
- READABLE_STATUS_MAP
- READABLE_STATUS_MAP[acknowledgedResolutionStateID.toString()]
- READABLE_STATUS_MAP[sentToxMattersResolutionStateID.toString()]
- READABLE_STATUS_MAP[closeResolutionStateID.toString()]
For example, to re-map "1": "Warning" to read "Caution" when it appears in xMatters, change the variable as follows:
var READABLE_SEVERITY_MAP = {
"0": "Information",
"1": "Caution",
"2": "Critical"
};
var READABLE_SEVERITY_MAP = {
"0": "Information",
"1": "Caution",
"2": "Critical"
};
- Save and close the file.
- Restart the Integration Agent.
By default, only the Acknowledge response updates an Alert's Status and Owner. In previous releases, you might have seen this happen with a "Work in Progress" resolution state as well. You can change this if needed for your implementation.
The existing "Close", "Annotate" and "Escalate" responses are handled differently and may require further customization to if you want to add these to the list.
To change which responses update an alert's status and owner:
- Open the <IAHOME>\integrationservices\applications\msscom\msscom-config.js file and add the additional status to the RESPONSE_STATUS_MAP variable.
- Save and close the file.
- Restart the Integration Agent.