Comparing OMS/Log Analytics and SCOM
updated 13 August 2018
When organizations move to the cloud, they often aren’t sure when to use their typical on-premises infrastructure tools and when to use cloud-based tools. A common misconception in the Microsoft world is that OMS (Operations Management Suite) is a replacement for SCOM (System Center Operations Manager) – it’s not. Also Log Analytics is the monitoring product; it is a misnomer to think OMS = monitoring.
In my view (*not a Microsoft statement*) OMS is positioning itself to replace the System Center Suite, but it’s not there yet. OMS includes Azure Automation (cloud option for System Center Orchestrator), Backup and Recovery (cloud option for Data Protection Manager), and Log Analytics (similar to the SCOM Data Warehouse). See /en-us/azure/operations-management-suite/operations-management-suite-overview#oms-services for more details.
Monitoring Product Comparison
Regardless, how do you know which product is best for your organization? I argue they are better together since they really fill different needs. Below is my breakdown of the key differences I see that could influence your design.
| SCOM | Log Analytics | |
| Ability to Monitor Azure Services | Limited | Robust |
| Alerting | Yes, integrates with System Center for more advanced responses | Yes (near-time, not real-time), integrates with Azure Automation for more advanced responses. |
| Application Access | Thick client or web client | Web Client or mobile application |
| Client Agent | Shared agent or Agentless (limited functionality) | Shared agent |
| Client Agent Administration | Customer responsible for updating | If installed via Azure Extension, it auto-updates; if installed via MSI, customer must update |
| Client Locations | Anywhere; in any cloud or on-premises although trust is required (SCOM gateway or certificates) | Anywhere; in any cloud or on-premises, |
| Data Latency | Generally <1min, depends on the customer’s environment | Generally 10-15min, SLA is 6hrs |
| Data Retention | No limit | Two-year limit in Azure, can be exported for longer retention |
| Disaster Recovery | All manual | Handled by Microsoft |
| High Availability | Need multiple management servers and SQL AlwaysOn for OpsDB and DW | 99.9% SLA |
| Internet Access for Agents | Not required | Required, OMS Gateway available |
| Management Packs/Solutions | 250+ Management Packs free from Microsoft, plus 3rd party management packs | 43+ Solutions free from Microsoft |
| Management Packs/Solutions Administration | Customer imports, tunes, and updates | Customer adds, no updating or tuning |
| Release Schedule | Semi-annual | Continuously |
| Querying Data | Painful, via SSRS | Easy, via the portal |
| Reporting | Basic, can create custom reports with SSRS | Advanced, can us PowerBI for further reporting |
Note: the SCOM Management Group can be integrated with Log Analytics (shows as OMS in the SCOM console).
My Summary
· Log Analytics – Easy to use, has the graphs management will love, and its security solutions are a huge differentiator
· SCOM – Takes some work to setup, perfect for real-time, granular monitoring and alerting on servers and applications
The Future
Microsoft is expanding the Azure-based monitoring options. Offerings like Azure Security Center, Application Insights, and others to come are "fleshing out" the Azure Monitoring story. Look for more to come as we work to provide a complete cloud-based offering for enterprise monitoring.
Closing
Please comment and let me know what you think! Did I leave anything out? How are you monitoring your environment?
For further reading, see https://blogs.technet.microsoft.com/msoms/2016/01/11/why-use-oms-while-scom-is-running/