On Channel9 India, Vij Rajarajan speaks about MOM
MOM is a product I love. It is an amazing technology. Back then it was already, and Microsoft saw it.
Saying “back then” I am referring to some years ago; in fact, I have been working with MOM a long time ago, actually before it got the first “M” in its name: I was working for a Microsoft Partner company, and we were the distributors for Italy of “missioncritical software” at that time – I “discovered” those products and have been one of the first people in Italy using them….. I saw Sentry EEM (Enterprise Event manager) 2.x becoming Operations Manager 3.0 through all its beta versions and first (badly unstable – but cool) releases, and then saw that sold to Microsoft by NetIQ which had acquired missioncritical before.
Sentry EEM 2.x was COM technology, while Operations Manager had been written to be based on COM+ (one of the first applications ever to adopt the new technology, because we are talking of the time when WindowsNT 4.0 was the standard, and Windows2000 was being awaited. Operations manager was amazingly more scalable than its predecessor.
It was a difficult sell at that time to companies, who did not realize the power of LOG CONSOLIDATION – and not everybody does now, either.
Anyway, times change, so I have not really been working with MOM anymore for the last three years – I changed company and I did loads of other things: I found myself doing other jobs, more focused on security, still having a lot to do with log analysis. The analysis of logfiles in the market eveloved, and it passed from being “pure” system management (with an eye to reliability) to security management and intrusion detection (btw one of my favourite blogs lately is http://www.trustpath.com/logmatters – if it wasn’t for the fact that its RSS feed does not want to work with SharpReader…. but that’s another story….).
There are some indipendent (=non Microsoft) papers at the SANS institute about using MOM to do Intrusion Detection, anyway:
www.sans.org/rr/papers/30/1127.pdf – Assignment One: Intrusion Detection with MOM – Going Above the wire
www.sans.org/rr/papers/10/786.pdf – Using MOM 2000 to Secure Servers
Back to my early time with it tough, I was just trying to figure out who accessed what using the known Event IDs for the security log. http://search.microsoft.com/search/results.aspx?st=b&View=en-us&s=1&c=0&qu=security%20event%20description
In this time when I was being “multiplatform”, “Microsoft-classic” people were “discovering” Operations Manager.
Now of course is nothing new anymore, and a lot of people know it better than I do.
And for the purpose of security auditing, Audit Collection Services will take care of this specifically.
But, going back to MOM, back then I was among those “finding out” about this great product, and taking it out of the “underground”! I was young and unexperienced, very ingenuos (yes even more than now), and also much sillier than now, but I felt that that was just a piece of software that rocked! I’ve got great memories of that time.
Same story applies to ADMT, also originally developed by missioncritical software (I remember showing/demoing the “domain migrator” in 1999 to some italian people of Microsoft Consulting Services at SMAU that year). Since then the word of mouth spread, someone else more influencial than I was eventually understood what was clear to me in 1999: that such a migration technology was simply AMAZING and badly useful.
This was eventually going to lead to the ADMT deal the year after……. now pretty much everybody who’s had to do with migrating domains has used ADMT….
I feel a sort of “affection” to those products I once mastered, they’re something I really liked in the past – it was “love at first sight” so to say – so now that I find myself using it again since I am in Microsoft, I am very happy of being able to use them. It is like having found an old companion….. but being a rather new Microsoft’s employee I did not know of all the new stuff that appeared lately, like the SDK for example http://www.microsoft.com/mom/downloads/previous/sdk/default.mspx for MOM 2000) and then the new MOM 2005, of course (and there’s an SDK for MOM2005 too, of course).
Of course I don’t master them anymore, but some stuff is like riding a bike: once you’ve learned you don’t really forget it – you knees might get a bit old and “rusty”, but you get back on track pretty soon anyway.
Oh, and mentioning MOM 2005, among several other changes, my favourite one: I am so glad we replaced that MS Access “toy” that used to be there for reporting and replaced it with SQL Reporting Services! That is so much better, so much nicer, so much more professional and scalable!