Squared Up v2.3 – SCOM Dashboards – New features

December 8, 2015

Hello Everyone,

Today I am going to cover the new release of my favourite SCOM dashboarding product Squared Up.
Here are some of the new features, ordered by usefulness:

  • Open Access Dashboards
    This feature replaces read-only dashboards, and its a pretty big deal. Previously you still required SCOM permissions when logging in to read only.
    Open access allows you to share non-interactive dashboards without having to log in, ideal for sharing dashboards on TV’s. These dashboards also do not consume a named user license.
    It is also a great replacement for performance (or availabililty even)reports. As you may or may not know, creating performance reports in SCOM can be a serious pain in the behind, especially for non-scom guru’s.
    Now you can create a performance dashboard quick and easy with squared up (it literally takes 5 minutes for me to create one), and share it with your colleagues. What’s even more convenient is they can access it any time, anywhere,on any platform, and the data is near real time. Compare this to scheduled reports, where you still need to wait for it to be generated, it really is a thing of the past.
    Furthermore, open access dashboards generates a bitmap, which are then updated every 60 seconds automatically. This means that, regardless of how many people are watching the dashboard, they are watching data that is only being queried in the background once, which makes it very scalable!
    So here’s how it works:

    • You create a dashboard in Squared Up (that one is pretty obvious :))
    • As you can see, on the right you have a ‘share’ button as we all recognize from using our smartphones. Click this button to make the dashboard open access.
      ScreenHunter_231 Dec. 08 16.05
    • This gives us the choice to make it open access with or without authentication, and some view options, for fullscreen, embedded functionalities. Click Generate.
      ScreenHunter_232 Dec. 08 16.07
    • Clicking generate will show you the randomly generated URL. Previous dashboards had a certain suffix, which was easy to predict. Open access eliviates this issue.
      ScreenHunter_233 Dec. 08 16.11
    • The dashboards is generated the first time its opened, this takes about 5-10 seconds depending on the amount of data. Afterwards the dashboard will refresh by itself. The timestamp on the dashboard will show this.
      ScreenHunter_234 Dec. 08 16.14.jpg
      ScreenHunter_235 Dec. 08 16.15.jpg
    • That’s it! You can now share this URL with all your colleagues.
  • Colored lines on performance graphs.
    Maybe you’d say, why is this such a big deal? Well it really compliments the open access dashboards. In the previous release, when using the graph in read-only mode, you had no idea which was what because you had no means to hover over performance counters. The colors are also consistent for the whole dashboard, this means that server X for example will have the same color in every graph section.
    By introducing colors, they also introduced a ‘key’, here’s a screenshot to clarify this:
    ScreenHunter_237 Dec. 08 16.19.jpg
    So now open access dashboards have more contextual information of what the graphs represent. Really neat!
    Plus it adds some ‘flair’ to your dashboards :).

    • Other improvements in the performance section are things like being able to choose your resolution (or data aggreggation), for smaller scopes you might want near real time info, whereas for longer periods you would probably want the hourly or daily data. Remember, real time stuff is a lot more costly on the data warehouse. Previously you had no control over this (as far as I knew)
      ScreenHunter_238 Dec. 08 16.21.jpg
    • Here’s a screenshot of the new ‘coloring’ options of the performance sections:
      ScreenHunter_240 Dec. 08 16.26.jpg
  • Next up, the alert section has been revamped. You have a lot more control over how you want to show your alerts.
    • First new options are being able to choose between error, warning and info or any combination of this, previously this was only possible through the use of criteria. This makes the whole process more user friendly.
      ScreenHunter_241 Dec. 08 16.28.jpg
    • The colums section is also new, here you can choose which columns you want to show regarding your alerts, and shuffle them around by using drag and drop.
      ScreenHunter_242 Dec. 08 16.31.jpg
  • Improved installation user experience.
    The installation has been further simplified.To be honest, it was already very easy to install, but they made further improvements regarding this. Setting permissions on the data warehouse is a thing of the past.
    login-setup1.png

    • After installation you are also introduced to a new page, which navigates you to some very useful squaredup resources.
      ScreenHunter_243 Dec. 08 16.37.jpg

Version 2.3 is another step in the right direction to what I consider to be a console replacement. If you haven’t patched yet, you definitely should. It was a very smooth and painless process for me.

Regards,

Jasper


Move SquaredUp directory to other location

November 25, 2015

Hi all,

Today I’ve had the need to move the directory where SquaredUp files are stored from the C:\inetpub\SquaredUp to another drive on the same server (G:\inetpub\SquaredUp).

What I initially tried was a copy paste of the folder to the new location and changing the Website properties to the new folder location and restarted IIS.

25112015_1

This seemed to work, the website was still online

Then I’ve deleted the SquaredUp folder on the previous location (C:\inetpub\SquaredUp) and when connecting to SquaredUp I received an error 500 – Internal server error.

25112015_3

After checking all settings in IIS and not seeing anything wrong I went to look in the applicationhost.config in the directory C:\windows\system32\inetsrv\config and I found out there was still 1 reference to the old directory in there.

25112015_2

Changing the C:\ to G:\  (after creating a backup of the file) and restarting IIS did the trick, SquaredUp was back online.

 

Hope this helps,

Bert

 

EDIT: I was experiencing problems when I wanted to publish changes to an existing dashboard. I received this error in the console (I could see that by using F12 tools in my browser):

pageContextId=f65e35cb-7a40-403e-9fda-8a974e29eb7e 500 (Internal Server Error) send @ jquery-1.11.2.js?squaredupbuild=50de6ac2:4ie.extend.ajax @ jquery-1.11.2.js?squaredupbuild=50de6ac2:4a @ BaseComponents?squaredupbuild=50de6ac2:2Ractive.components.GridPage.Ractive.components.Base.extend.publish @ BaseComponents?squaredupbuild=50de6ac2:2(anonymous function) @ BaseComponents?squaredupbuild=50de6ac2:2(anonymous function) @ jquery-1.11.2.js?squaredupbuild=50de6ac2:3c @ jquery-1.11.2.js?squaredupbuild=50de6ac2:3d.fireWith @ jquery-1.11.2.js?squaredupbuild=50de6ac2:3n @ jquery-1.11.2.js?squaredupbuild=50de6ac2:4t @ jquery-1.11.2.js?squaredupbuild=50de6ac2:4

Because of moving everything from C:\inetpub\squaredup to G:\inetpub\squaredup the permissions got messed up. Using the following command the permissions were reset and everything was good to go:

“G:\inetpub\wwwroot\squaredupv2\tools\config.exe” applypermissions

This resets the permissions for the application identity account (in my case that was still NetworkService). When using a custom application identity after the applypermissions the SID of the user should be added eg.:

“G:\inetpub\wwwroot\squaredupv2\tools\config.exe” applypermissions S-1-5-21-3684388899-3955262116-226316336-1130

The SID of a user can be found using wmic useraccount where (name=’username’ and domain=’domain’) get sid

This issue was quickly resolved thanks to the fast response of SquaredUp Support, thanks!

 

 

 


Setting up a high-available SquaredUp webfarm

September 1, 2015

Hello Everyone,

Today I’m going to talk about how to set-up the SquaredUp solution in a high-available manner. SquaredUp is a 3rd party product for SCOM which enables you to visualize your monitoring data on a lightweight HTML5 Website. I really love working with the product, and provides an enormous added value to your SCOM setup.

For more info, check out their website at http://www.squaredup.com

The reason I created this blog post is because SquaredUp has pieces and bits of info on their support page on how to configure SquaredUp load balanced but lacks an overview of how to accomplish this from start to finish. Furthermore some steps are not described on the website, and had to contact squaredup support to get it to work. The version I installed was 2.1.9

Here’s a list of components we’ll use for our setup:

  • 2 Windows Server 2012 R2, these will be used as our webservers.
  • 1 Citrix Netscaler for loadbalancing purposes.
  • 1 NFS share on a fileserver cluster, where we will save our dashboard configuration.
  • 1 service account for our application pool identity (which is the only one we’ll be using throughout the whole guide).
  • 1 A record for our load balanced URL.

A simple drawing of what it looks like:

Visio SquaredUp

How it works:

Web requests are coming in from the loadbalancer via https, the loadbalancer does the SSL offloading and communicates with the SquaredUp web servers via port 80. Both SquaredUp webservers have a domain account as their application pool identity, which is required for single sign on to work, more on SPN’s and constrained delegation later. The webservers have their dashboard configuration stored on the same share, so we always see the same dashboards, regardless of the webserver the loadbalancer redirects us to.
For the share to work, we need to create symbolic links to three folders.

The high level steps of the setup are as follows:

  1. Installing the IIS role on both web servers and creating the IIS website.
  2. Creating the necessary firewall rules.
  3. Running the squaredup setup.
  4. Changing the application pool identity.
  5. Configuring permissions on the SCOM Data Warehouse.
  6. Activating the SquaredUp licenses on both webservers.
  7. Changing the default dashboards location to our network share.
  8. Configure Windows Authentication in IIS
  9. Creating the necessary SPN records
  10. Configuring delegation in Active Directory

1. Installing the IIS role and creating the website

Normally, you can skip this step, but I don’t want SquaredUp to be installed under the default website, so I installed IIS to precreate an IIS website.

  • Open powershell on the webserver as administrator and run the following command:
    install-windowsfeature Web-Server,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Http-Errors,Web-Static-Content,Web-Health,Web-Http-Logging,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Mgmt-Tools,Web-Mgmt-Console,Web-Mgmt-Compat,Web-Metabase,NET-Framework-45-ASPNET
  • Create the new SquaredUp website in IIS.
    1
    2
  • Repeat this process for the other webserver as well

2. Install SquaredUp

  • Log on to one of the webserver and open an elevated prompt
  • Execute the following command: (ofcourse, change the EXE if you have a newer version of SquaredUp), this will install SquaredUp under our precreated IIS website.
    SquaredUpInstaller-2.1.9.218.exe –prop.installroot:”C:\inetpub\SquaredUp” –prop.websitename:”SquaredUp”
  • Go through the installer, it is fairly straight forward.
  • When asked for the management server address, use one of the management server addresses, I use webserver 1 with management server1, webserver 2 with management server 2. I tried using a DNS round robin record which refers to both management servers, but with it, I could not get single sign on to work well.
  • Ofcourse, repeat this for the other webserver too

3. Change the application pool identity

  • Create a user account in AD, domain user rights should be sufficient. This account will be used for our application pool identity
  • Log on to the webservers, and open an elevated command prompt
  • Get the SID of the account by running wmic useraccount where (name='<username>’ and domain='<domain>’) get sid. Copy the SID.
  • In the prompt, navigate to C:\inetpub\SquaredUp\SquaredUpv2\Tools 
    Execute the command:
    config.exe applypermissions <SID>
    3
  • Open IIS Manager
  • Click Application Pools -> Right Click SquaredUpV2 -> Select Advanced Settings…
    4
  • Click the next to Identity
    4
  • Select Custom Account -> Click Set…
    5
  • Fill in the username and password and click OK

4. Configuring the permissions on the Data Warehouse

  • Open a SQL Management studio and connect to the instance where your Data warehouse is located.
    Create a new login…, assign the service account of the application pool identity.
    6
  • At user mapping, select your SCOM data warehousedatabase and give the user OpsMgrReader rights.
    7

5. Activating the SquaredUp licenses on both webservers

Our webservers could not reach the internet, so in this tutorial I had to manually install the licenses.

  • Browse to C:\inetpub\SquaredUp\SquaredUpv2\tools
  • Run Microsoft.Licensing.LicAdmin.exe
  • On the File menu, select Activation Wizard…
    8
  • Select I want to request a license file
    9
  • Enter the activation key
    10
  • Copy to clipboard -> Click Finish
    11
  • Open a browser on your client and go to http://squaredup.com/manual-activation/
    Fill in your email, squaredup key and the activation request from the previous step and an e-mail will be sent with a .txt file
  • Save the attachment from the e-mail and change the rename_me.txt to license.bin
  • Log on to your primary webserver and open the licadmin.exe tool again. Click Open
    12
  • Navigate to the copied .bin file from the email attachment and click Open
  • The license is now installed, repeat this process for the secondary webserver as well.
  • Open IIS Manager again. Navigate to Sites -> SquaredUp -> SquaredUp -> Application Settings.
  • Fill in License-server-name and fill in the FQDN of the primary server12
  • Recycle the application pool on both webservers for the license to work.

6. Add firewall rules

Make sure to allow inbound TCP Port 80 on the windows firewall. You can easily configure this by running the following powershell command on both webservers:

  • New-NetFirewallRule -DisplayName “SquaredUp WebSite” -Direction Inbound –LocalPort 80 -Protocol TCP -Action Allow –profile “Domain”

Or you could only allow the loadbalancer IP’s to allow incoming port 80 requests, that is up to you to decide.


7. Change the dashboard configuration location to a network share

  • Create a share, preferably clustered, and give the application pool identity user account full permissions on this share.
  • Log on to the webserver.
  • Navigate to C:\inetpub\SquaredUp\SquaredUpv2
  • Move the folders Configuration, UserContentStorage and Userprofiles to your share.
  • Open an elevated prompt and create the symbolic links as follows:
    mklink /D “C:\inetpub\SquaredUp\SquaredUpv2\Configuration” \\<share>\Configuration
    mklink /D “C:\inetpub\SquaredUp\SquaredUpv2\UserContentStorage” \\<share>\UserContentStorage
    mklink /D “C:\inetpub\SquaredUp\SquaredUpv2\UserProfiles” \\<share>\UserProfiles
  • Repeat this for the other webserver as well.

8. Configure Windows Authentication in IIS

  • Open IIS manager on the first webserver
  • In the left pane : select the Website where Squared Up is installed and select the Squared Up application
    13
  • Click Authentication in the right hand pane
    14
  • Disable all authentication methods except Windows Authentication15
  • Right Click Windows Authentication and choose Advanced Settings
  • Turn off extended protection and Enable kernel-mode authentication. Ensure negotiate is above NTLM
    15
  • Go to Sites -> SquaredUp -> Click the Configuration Editor
    16
  • Fill in section: system.webServer/security/authentication/windowsAuthentication
    17
  • Set UseAppPoolCredentials to true
  • On the right hand side click Apply
    16
  • Open an elevated command prompt, run c:\inetpub\wwwroot\squaredupv2\tools\config.exe windows
  • Repeat this for the other web server as well

9. Create SPN Records

  • Open an elevated command prompt on a webserver (can be any domain joined server really), this requires domain admin rights.
  • run the following commands:
    setspn -s HTTP/<NETBIOSNAMEWEBSERVER1> <SERVICEACCOUNTAPPLICATIONPOOL>
    setspn -s HTTP/<NETBIOSNAMEWEBSERVER2> <SERVICEACCOUNTAPPLICATIONPOOL>
    setspn -s HTTP/<FQDNWEBSERVER1> <SERVICEACCOUNTAPPLICATIONPOOL>
    setspn -s HTTP/<FQDNWEBSERVER2> <SERVICEACCOUNTAPPLICATIONPOOL>
    setspn -s HTTP/<LOADBALANCEDURL>:443 <SERVICEACCOUNTAPPLICATIONPOOL>
    Examples to clarify:
    setspn -s HTTP/webserver1.contoso.local contoso\squaredup_webaccount
    setspn -s HTTP/webserver2.contoso.local contoso\squaredup_webaccount
    setspn -s HTTP/webserver1 contoso\squaredup_webaccount
    setspn -s HTTP/webserver2 contoso\squaredup_webaccount
    setspn -s HTTP/squaredup.contoso.com:443 contoso\squaredup_webaccount

10. Configure delegation in Active Directory Users and Computers

  • Open Active Directory Users And Computers
  • Search for our application pool user account, right click it and open the Properties. Click the tab delegation17
  • Click Trust this user for delegation for specified services only, and click Add.
    Select the MSOMSdkSvc service type, it should have the management server names next to them. Add all SCOM Management servers that the SquaredUp webservice will connect to (as described in step 2, during the installation of SquaredUp). It should look something like this:
    18

That should wrap up the installation, the part of the load balancer is not described as this was not done by myself, but this is fairly straightforward.

Some things to take into consideration when upgrading to a newer version:

  • You will have to recreate the symbolic links, as the installer creates new local directories.
  • You will have to reapply security on the SquaredUp folders, as described in step 3, with the config.exe command.
  • If you are running into a permission issue during the logon, try giving the service accounts rights within SCOM, but this should not be needed.

Should you run into some issues, feel free to leave a comment!

Kind regards,

Jasper