Coffee Break: The Big SCOM Survey 2021: Expert Analysis

Aakash Basavaraj / Bruce Cullen / Christian Heitkamp / Harold Dyck / Jonas Lenntun / Richard Benwell

We asked six SCOM experts to give their perspectives on the results of the Big SCOM Survey 2021 and how the responses differed from the 2020 survey. The results reveal some noticeable changes and trends. We covered everything from the shifting makeup of the monitoring teams to the growth of cloud in this Coffee Break session.

Watch the full webinar here:

What is The Big SCOM Survey?

81 SCOM users responded to the annual Big SCOM Survey 2021 answering 27 questions about how they use SCOM and their perspectives on the tool. Check out the full SCOM survey results here and read on to hear what the panel thought of the results.

Meet the panel

• Bruce Cullen, Director of Products, Cookdown
• Aakash Basavaraj, Program manager for SCOM product group, Microsoft
• Harold Dyck, President and CEO, Silect
• Jonas Lenntun, Technical business Developer, OpsLogix
• Richard Benwell, Founder & CEO, SquaredUp
• Christian Heitkamp, Product Manager, NiCE IT Management Solutions

SCOM and the monitoring landscape

Part one of the survey covered SCOM and the monitoring landscape.

Management groups and servers

The panel were surprised to see that there were so many responses saying they only had one Management Group as most organisations would want at least two – a test and a production environment.

On the other hand, there were several who responded with over 50 management groups. These may be service providers, which would explain the high number.
In response to ‘How many Management Servers do you have in your SCOM landscape?’, the vast majority responded with 1-5, but several responded with 11+. Christian Heitkamp suggested that those with a lot of management servers may be Linux system or AIX users as there’s a scalability issue. They are passive agents that put a lot of load on the management server.

Gateways and Agents

There is a high number of Big SCOM Survey responses this year that state they have no gateways in their SCOM landscape at all. This would be natural to see if the SCOM deployment is small and you are working with familiar on premises servers.

When asked about the number of SCOM agents organisations have, there was a wide spread of answers with the majority having 1001-2000 agents.

Richard Benwell suggested that those with under 100 agents would struggle to see the value from the overhead at such a small volume. You start to see real value at over 1000 agents because SCOM is designed to be used at scale.

SCOM versions

It’s great to see the positive changes of more people upgrading to SCOM 2019 and users of older versions decreasing.

Remember that SCOM 2016 just went out of mainstream support in January 2022 and there is a new SCOM 2022 coming in the first half of this year. So it’s worth upgrading to the latest version of SCOM to make sure you are using a version with full support and additional features.

What do you use SCOM to monitor?

This year’s survey responses were very similar to last year’s.

There’s no surprise that SCOM is best for monitoring Windows and has mature Linux monitoring capabilities too.

One notable change is the increase in monitoring more Office 365 and a continuing increase in monitoring server hardware, reflecting a shift to the cloud.

How long has your organization been using SCOM?

It was no surprise to see the majority of people responding with the fact that their organisation has been using SCOM for 7-15 years. SCOM is very sticky and does a good job of monitoring.

But it’s also great to see that there are new people picking up SCOM with several respondents in the 1-3-year bracket. SCOM just can’t be rivalled when it comes to infrastructure monitoring.

What other tools do you use for monitoring?

Monitoring is usually undertaken with multiple tools. Richard Benwell suggested the average number of tools was around 2.5, so it’s expected that the biggest response to the survey question was the ‘other’ column. This data is reflective of the diversity of tools used.

Interestingly there has been a decrease in the use of SolarWinds, Nagios, and Splunk. But this has been offset by the increased diversity of tools in the ‘Other’ list. You can see the full list here.

The SCOM Administrator

Primary responsibilities

The survey asked what the respondent’s primary responsibilities were. This multiple-choice question demonstrates that SCOM administration is no longer survey respondents’ only monitoring role.

There is a slight increase in the consultant, network monitoring, and ITSM tool admin roles included in the SCOM admin’s remit. Interestingly, cloud monitoring hasn’t increased from last year.

Jonas Lenntun recommends having more people responsible for SCOM as it’s a big role to address and admins often have multiple roles.

Richard Benwell noted that with the shifting landscape of monitoring and the adoption of the cloud comes the adoption of an SRE and DevOps model of application monitoring. There is even evolving terminology around monitoring as it moves from infrastructure and Windows monitoring to application and cloud monitoring.

Job titles

This year, we saw fewer Infrastructure Engineer and IT Admin titles and more Monitoring Engineers. There’s a notable increase in monitoring specialists. This could be, as Jonas Lenntun observed, because monitoring is becoming more prevalent and more mature. Because of this, there are more developers and business analysts getting involved in the monitoring teams, noted Harold Dyck.

The drop off in more general roles may be due to different people responding to the survey rather that those roles not existing anymore.

How long have you been using SCOM?

There are a significant number of respondents who are SCOM veterans in the 7-15 years bracket but it’s great to see the new people joining the community too.

The panellists wanted to thank all who are taking care of all the new people in the SCOM community. You can find helpful information from TopCore, join in with the SCOMathon community, and find SCOM Coffee Break webinars every month on useful topics.

SCOM integration and Alert activity

Do you send Alerts from all monitoring tools into a single tool?

More people are saying that they send all their Alerts from all their monitoring tools to one tool than ever before. This proves the growing maturity of monitoring and increasing unification of monitoring tools.

Jira notably features as a central platform this year. It’s a platform that’s primarily used for engineering and help desk ticketing.

Akash Basavaraj was asked if Microsoft has a strategy to correlate all the different alerts coming from multiple tools into one console. He said there weren’t plans for that anytime soon, but they are looking at a couple of things – one is the DevOps model within monitoring tools and the other is integrating with Azure Monitor as the destination for all the sources.

If you’re looking for code-free integrations with SCOM, check out what Cookdown has to offer.

Second only to ServiceNow, SCOM is still being used as the central place to collect alerts.

During the webinar, a question was asked about whether there are scalability limits on the number of SCOM subscriptions. The panel weren’t aware of any but there is a limit on the number of concurrent calls you can push through at once on notification channels. Akash shared that Microsoft is setting up Teams integration channel in SCOM 2022, so keep an eye out for that.

How do you create dashboards and reports for SCOM?

Like Bruce Cullen said, dashboards and reporting are vital to providing sanity on a large list of alerts from SCOM. Larger environments will need dashboards to push out to individual teams who need visibility.

So, it was surprising to see that there were more people answering that they use no dashboards and reports for SCOM. This may be because they are monitoring fewer than 100 agents and so have fewer alerts.

Another change this year is the drop in the number of people using the SCOM Operations Console as the reporting tool.

How do you tune management packs?

There was shock among the panel at the respondents that selected ‘I don’t tune my management packs’, but that response was assumed to be selected by those who have very small environments.

It’s worth tuning your MPs to make sure you dial down the noise and make them work for you in your situation. The defaults don’t necessarily work for all cases, so tuning is the way to customise what you are alerted on.

Using the SCOM Console is still the preferred method by the vast majority despite there being several excellent third-party alternatives. This may be a reluctance to invest in third-party tools, though Visual Studio Authoring Extensions and Silect MP Studio saw some additional uptake this year with Easy Tune also being a popular choice.

Attitudes toward SCOM

Net Promoter Score

We wanted to see what the current attitudes toward SCOM are. In 2020 the Net Promoter Score (NPS) was 36 and it had slightly slipped to 31 in 2021 but the sentiment as still very positive. People are still supportive of SCOM.

The panel suggested that the downward shift in NPS may be due to companies moving to monitor more cloud resources, which SCOM wasn’t originally designed for, so they might not be actively recommending SCOM to others as much.

Someone also noted that SCOM has a steep learning curve and it’s getting more difficult to author and develop for SCOM the deeper you go into the application stack, particularly if you’re wanting to author MPs for your customer application. That can be daunting for new users so that may affect the NPS too.

How many people are involved in administering SCOM?

Although most organisations still have just 1-2 people administering SCOM, we are starting to see slightly larger teams of 3-6 people and even a small number saying 21+ people.

This largest number may be people including end users. However, the earlier question about roles may shed some light on the growing team size as developers, consultants, and analysts join the SCOM administration teams.

Plus, the team may also be increasing in size as all tools are being brought into one monitoring team.

How do you expect your use of SCOM to change over the next year?

This question delivered an exciting result with over half of the respondents saying they will grow their use of SCOM in the next year.

“This is a real endorsement of SCOM. There are always multiple monitoring tools used and SCOM is best of breed if you’re monitoring infrastructure. Data centres are growing and it’s great to see SCOM grow within that,” said Richard Benwell.

It is worth noting, however, that more people than last year say they’ll reduce their use of SCOM in the next year.

Reduction reasons

Details from respondents on why they plan to reduce their use of SCOM included weak cloud monitoring (33%), a lack of container monitoring (7%), and replacing SCOM with Azure Monitor (33%).

Jonas Lenntun of OpsLogix said, “We have recently announced that we’re working with the Kubernetes MP to integrate SCOM with your Kubernetes clusters to bring that information into your central IT. The IT and infrastructure teams are the ones who are going to make sure your cluster is up and running.”

So, if you’re frustrated with the lack of container monitoring, check out OpsLogix’s MP.

The webinar audience also posed a question about monitoring OpenShift. You can pull in alerts from OpenShift via webhooks into SCOM successfully and Cookdown has a solution for that.

Reasons for growing SCOM usage

The key reasons people gave for wanting to increase their usage of SCOM included increased depth of monitoring, monitoring more existing infrastructure, and expanding infrastructure.

Organisations are expanding their infrastructure so there is more to monitor but there is also the bringing in of existing infrastructure under SCOM. Presumably, this means that whatever tool was being used to monitor that existing infrastructure is being retired in favour of SCOM.

This year we saw the addition of application monitoring and monitoring Linux servers as reasons for SCOM usage growth. There’s an industry-wide shift to go beyond just infrastructure monitoring and people are recognising that SCOM does an excellent job in this arena.

Linux monitoring is so mature now, Jonas observed, that people are actually considering throwing out other Nagios-based monitoring systems because they want to monitor just one system.

Monitoring has grown in priority over the past couple of years and has shifted from more development to production, which has also driven a desire for monitoring in more places across organisations.

And with this, most of The Big SCOM Survey 2021 respondents said they will be using SCOM for the next five years or more.

Changes in MP adoption and MP authoring

Which third-party MPs (paid for) do you use?

As last year, ‘None’ is the runaway winner for which third-party management packs are used. That means either Microsoft has done an excellent job of providing the management packs needed or that people aren’t willing to invest in buying MPs for SCOM. The truth is probably a mix of both.

It’s great to see Veeam is still the winner, but the panel shared some frustration that we’re not seeing more of the current, actively developed MPs winning.

GripMatix’s MP for monitoring Citrix is the biggest climber from position 7 to number 3 this year since Citrix deprecated their own MP. And although F5 BigIP was number 2 last year, it didn’t feature at all this year.

We know that, outside the Microsoft stack, people are monitoring VMware, Citrix, and Oracle so this is reflected in the MPs used here

What do you use to author custom monitoring?

It’s great to see people do author some custom monitoring. This year we see more people are switching from using the SCOM Console to VSAE to author custom monitoring – a maturity switch. There’s also a lot more use of PowerShell for authoring.

These changes seem to be consistent with people going deeper with their monitoring and digging deeper into their services and applications.

What do you primarily use for SCOM application monitoring?

Distributed Applications came out on top again as the primary SCOM application monitoring use, but APM tools, like Dynatrace and AppDynamics, featured a lot more than the previous year in the ‘Other’ category.  

“When organisations focus on monitoring their applications on top of their infrastructure monitoring, that is when they really can translate that monitoring value to the business. They can look not just at the health of the servers but also the health of the applications and the workloads running on those servers. And that’s when we see a really big change in the perceived value of SCOM – what the business cares about,” said Richard Benwell.

A shift to the cloud

Where is SCOM hosted?

Almost everyone is still hosting SCOM on-prem. However, the number of organisations hosting SCOM in the cloud has gone up from 3% last year to 7% this year.

The shift to the cloud is real but on-premises isn’t going anywhere soon.

What features do you want added to SCOM?

The future of SCOM is decided by how it keeps up with growing and shifting demands. We asked what features people wanted to see in SCOM and though the top response of ‘improved dashboards (natively)’ remained the same as last year, there is a noticeable increase in people wanting more cloud monitoring and better Azure Monitor integration.

More demand for cloud monitoring and Azure Monitor backs up the shift to cloud we are seeing. There’s also still a lot of growth in the private cloud and that goes back into on-premises infrastructure which requires a lot of monitoring.

Some panel members were surprised to see people wanting network monitoring in SCOM as SCOM isn’t built for that and network monitoring is usually done elsewhere. You can find the full list of the suggestions in this Big SCOM Survey 2021 full results blog post.

Infrastructure continues to grow and there are more chefs in the kitchen now than ever before. This will lead to new opportunities and challenges for teams which changes the needs of monitoring teams using SCOM. It’s great to see the community keeps growing.

And remember that there are third-party solutions to some of these needs, like SquaredUp for powerful dashboarding.

If you want to suggest updates, do put recommendations on the forum for Aakash Basavaraj at Microsoft to see. Microsoft loves to hear directly from its users.

That’s everything!

There you have it – the full rundown of our experts’ opinions on the Big SCOM Survey 2021.

We’ve seen a growing maturity in monitoring overall and in how SCOM is being used with more custom monitoring and MP authoring. There’s also the tangible shift to the cloud that has started in earnest now, though on-premises infrastructure isn’t going anywhere.

New users joining SCOM and organisations moving to monitor more existing and additional infrastructure with SCOM paints a rosy future. SCOM is currently irreplaceable when it comes to infrastructure monitoring. And the new SCOM 2022 promises some exciting additions to grow SCOM’s capabilities in this changing monitoring landscape.

If you want just the full survey results, here is the full Big SCOM Survey 2021 results blog post.