Most of the time through Operations Manager, you may require to monitor servers and clients that are located outside of the Active Directory environment. These servers and clients may be located in the DMZ as workgroup machines, or maybe you have a number of completely different Active Directory domains and forests that have no relation with each other but need to be monitored by a central Operation Monitor implementation.
The Operations Manager agents support two types of authentication method, Kerberos or certificate based authentication. In order to monitor servers and clients located outside the Operations Manager’s native Active Directory domain, you will need to configure certificate authentication using either an internal Certificate Authority or through a 3rd party Certificate Authority.
Following are the high-level overview of tasks involved in monitoring servers and clients located outside Active Directory domain.
- Check communication port availability
- Download the Trusted Root (CA) certificate
- Import the Trusted Root (CA) certificate
- Create a certificate template
- Request a certificate from the enterprise CA
- Import the certificate into SCOM
- Manual installation of agents and importing the SCOM certificate to the servers to be monitored
- Approve agents in SCOM console
The below links provide a detailed step-by-step guide for configuring untrusted servers to be monitored through System Centre Operations Manager:
Monitoring Untrusted Servers Using Operations Manager Part 1 of 3
Monitoring Untrusted Servers Using Operations Manager Part 2 of 3
Monitoring Untrusted Servers Using Operations Manager Part 3 of 3
Hope this post will be helful for someone by saving time in configuring servers outside the Active Directory domain.