You might want to set a security boundary for some agents so that data from an agent fails over only to specify management servers within the Operations Manager 2007 management group.

By default, if the management server that an agent is attempting to send data to is not available, the agent attempts to connect to other management servers in the management group. An additional layer of security can be created by limiting the management servers that an agent is allowed to use for failover.

When deploying an agent using a push install or when manually deploying the agent where you specify the management server, the agent automatically uses any available management server within the management group for failover.

However, you can use the Set-ManagementServer Command Shell command to specify which management servers can be used by an agent for failover purposes. For example, in the following illustration, RMS is the root management server, MS-1 through MS-4 are management servers, C1 through C4 are agent-monitored client computers, and S1 through S4 are agent-monitored server computers. As shown in the illustration, you can restrict all the agent-managed client computers to fail over to MS-1 and MS-2 and restrict all the agent-managed server computers to fail over to MS-3 and MS-4.

Failover Assignment Fig1

Management Group

You can orphan an agent so that it no longer connects to any management server. For example, if an agent is currently connecting to MS-1 and MS-2 and you change it to connect to MS-3 and MS-4, and the change occurs on servers MS-1 and MS-2 before the agent gets configured, MS-1 and MS-2 will stop communicating with the agent before the agent receives the instructions to communicate with MS-3 and MS-4. Ensure that you configure the agent to communicate with MS-3 and MS-4 before you sever the connection to MS-1 and MS-2.

See Also

Did you find this information useful? Please send your suggestions and comments about the documentation.