Introduction to InTrust Connector for Operations Manager
InTrust Connector for Microsoft System Center Operations Manager (Operations Manager) 2007/2012 helps establish a single, comprehensive workflow for managing your Windows-based network.
With InTrust Connector for Operations Manager you can integrate the InTrust capabilities of tracking the business-critical security events into the existing enterprise-wide system of network operations management.
The product consists of the following components:
- InTrust Connector for Operations Manager
A bridge forwarding alerts from InTrust to Operations Manager. It optionally can forward updates to the alerts from Operations Manager back to InTrust.
- InTrust Connector Management Pack
Required for InTrust Connector's operation.
How It Works
InTrust Connector for Operations Manager allows you to forward alerts stored in the InTrust Alert database to Operations Manager so that personnel in charge can view and resolve the alerts using the Operations Manager user interface. The workflow is implemented through InTrust, InTrust Connector for Operations Manager, and Operations Manager.
- You can install these components using any deployment scheme that suits your network environment and meets the system requirements listed in this document. For example, to evaluate the solution in a test lab, you can install all required components on a single computer.
- A dedicated InTrust Connector is used to forward alerts from a single Alert database, so you must deploy a separate InTrust Connector instance for each Alert database you want to forward alerts from.
A sample deployment is shown in the figure below.
The steps in the process are as follows:
- To provide for interaction between Operations Manager and InTrust Connector, a specially developed Management Pack is installed on the Operations Manager Server.
- Alerts are generated by InTrust upon certain conditions. InTrust Server stores alerts in the InTrust Alert database.
- InTrust Connector service scans this database, applying filters to the alerts (i.e., selecting them by severity or other criteria). Selected alerts are forwarded to Operations Manager to be processed by personnel in charge.
- During alert forwarding process, the InTrust Connector Management Pack maps InTrust alert fields into Operations Manager alert record fields; then this record is stored to the Operations Manager database. Alert field mapping is described in the Alert Field Mapping topic.
Note: Alert states are adjusted after the initial synchronization completes. Until then, the original state value is kept in the alert record's custom field #9. For details, see the Working with Alerts topic.
- An authorized operator views and resolves the alert received, changing the alert's status in the Operations Manager console.
- Alert information is updated in both the Operations Manager and InTrust databases. InTrust Connector is subscribed to the alerts it has created and stored to the Operations Manager database (they are identified by the Connector GUID stored in the alert record's custom field #10). InTrust Connector service periodically scans the Operations Manager database and retrieves information about any alerts modified since the last scan.
- The information retrieved is used to adjust alert state, as follows:
- If no status changes were made by the Operations Manager operator, then the status is set to the value kept in custom field #9 (initially received from InTrust).
- Otherwise, the status is set in accordance with the value entered by the operator.
- Changes to alert states in Operations Manager are optionally synchronized back to InTrust by the Connector.
Note: If an alert is forwarded to Operations Manager by InTrust Connector and then changes were made to the alert state using InTrust Monitoring Console, these changes will not be forwarded to Operations Manager.
You can configure the alert synchronization by running InTrust Connector Configuration Wizard. In particular, it helps you to do the following:
- Specify connection settings for the Connector to access InTrust Alert database
- Select the alerts that should be synchronized by applying filters
- Set up the alert synchronization process (i.e., select whether to forward the alerts only from InTrust to Operations Manager, or to synchronize them back to InTrust)
Note: By default, the alerts displayed in the Operations Manager Console can have a state of either 'New' or 'Closed', while the InTrust alert status can be “New”, “Acknowledged”, or “Resolved”. Therefore, to properly process the alerts, you may need to assign a custom state that will present the Acknowledged InTrust alerts displayed in Operations Manager. For details, refer the Configuring InTrust Connector for Operations Manager topic.
Contents of the Package
The solution package includes the following:
- ITC4SCOM.<version>.msi—the InTrust Connector installation file
- System.Connectors.Library.InTrustIntegration.xml—InTrust Connector Management Pack
- InTrust Connector for Microsoft System Center Operations Manager User Guide—this document
- Readme.htm—last-minute product information and updates to the documentation
Using InTrust Connector for Operations Manager