Comparing OMS/Log Analytics and SCOM


When organizations move to the cloud, they often aren’t sure when to use their typical on-premises infrastructure tools and when to use cloud-based tools. A common misconception in the Microsoft world is that OMS (Operations Management Suite) is a replacement for SCOM (System Center Operations Manager) – it’s not. Also log analytics is the monitoring product; it is a misnomer to think OMS = monitoring.

In my view (*not a Microsoft statement*) OMS is positioning itself to replace the System Center Suite, but it’s not there yet. OMS includes Azure Automation (cloud option for System Center Orchestrator), Backup and Recovery (cloud option for Data Protection Manager), and Log Analytics (similar to the SCOM Data Warehouse). See https://docs.microsoft.com/en-us/azure/operations-management-suite/operations-management-suite-overview#oms-services for more details.

Product Comparison

Regardless, how do you know which product is best for your organization? I argue they are better together since they really fill different needs. Below is my breakdown of the key differences I see that could influence your design.

SCOM Log Analytics
Ability to Monitor Azure Services Limited Robust
Alerting Yes, integrates with System Center for more advanced responses Yes (near-time, not real-time), integrates with Azure Automation for more advanced responses.
Application Access Thick client or web client Web Client or mobile application
Client Agent Shared agent or Agentless (limited functionality) Shared agent
Client Agent Administration Customer responsible for updating If installed via Azure Extension, it auto-updates; if installed via MSI, customer must update
Client Locations Anywhere; in any cloud or on-premises although trust is required (SCOM gateway or certificates) Anywhere; in any cloud or on-premises,
Data Latency Generally <1min, depends on the customer’s environment Generally 10-15min, SLA is 6hrs
Data Retention No limit Two-year limit in Azure, can be exported for longer retention
Disaster Recovery All manual Handled by Microsoft
High Availability Need multiple management servers and SQL AlwaysOn for OpsDB and DW 99.9% SLA
Internet Access for Agents Not required Required, OMS Gateway available
Management Packs/Solutions 250+ Management Packs free from Microsoft, plus 3rd party management packs 43+ Solutions free from Microsoft
Management Packs/Solutions Administration Customer imports, tunes, and updates Customer adds, no updating or tuning
Release Schedule Semi-annual Continuously
Querying Data Painful, via SSRS Easy, via the portal
Reporting Basic, can create custom reports with SSRS Advanced, can us PowerBI for further reporting

 

Note: the SCOM Management Group and be integrated with Log Analytics (shows as OMS in the SCOM console). This will reduce the amount of duplicate data collected (i.e. Windows security events).

My Summary

· Log Analytics – Easy to use, has the graphs management will love, and its security solutions are a huge differentiator

· SCOM – Takes some work to setup, perfect for real-time, granular monitoring and alerting on servers and applications

Closing

Please comment and let me know what you think! Did I leave anything out? How are you monitoring your environment?

For further reading, see https://blogs.technet.microsoft.com/msoms/2016/01/11/why-use-oms-while-scom-is-running/

Comments (4)

  1. Nicole,

    I would be reluctant to call OMS an alerting tool. While it is a great product with a huge amount of potential going forward, it is still not (and probably never will be) capable of real time alerting. Real time alerting being the key factor here.

    For example the collection frequency determines how often the OMS agent on machines will send data to Log Analytics. If the collection frequency is 10 minutes and (assuming) there are no other delays in the system, then time stamps of the transmitted data may be anywhere between zero and 10 minutes old before being added to the repository and is searchable in Log Analytics.

    If Log analytics can’t alert in real time, then I can’t see how it can be called an alerting tool? Sure you can get some great alert management (combined with SCOM), reporting, statsitics, Dashboards etc etc but lately I have noticed Microsoft trying to sell OMS as the only monitoring/alerting tool you will need and this is clearly not the case.

    1. Nicole Welch says:

      IvorJ – I totally agree. Log Analytics can alert, but it’s timeliness makes it of limited use. I’ll update that table.

  2. Amit.Desai says:

    Nicole,
    Excellent comparison, I started with OMS to setup real time alert but it never worked. After consulting Microsoft OMS Architect, recommendation was to configure SCOM with OMS in hybrid and set real time alerts in SCOM.
    We configured as recommend and its working great. I agree OMS is not a real time and near-real time alerts.
    With tight SLA’s for server heartbeat and other resources SCOM is way to go.

    Out of curiosity, does OMS Log analytics support Windows services and TCP port to monitor/alert.

    1. Nicole Welch says:

      Hi Amit! Wire Data will show port info, but I’m not aware of any easy way to monitor services (metrics, status, etc.)

Skip to main content