SCOM: (Un)sealing a Management Pack

System Center Operations Manager (SCOM) uses Management Packs to discover, monitor and collect data about product. Usually a Management Pack is used per product such as Exchange 2003, Exchange 2010, SQL 2008, etc. Commercial management packs are sealed, which means you can’t edit the content of the management pack

Unsealing a management pack

In some cases it might me necessary to change a sealed management pack to suit your needs. Before the sealed management pack can be changed it needs to be unsealed.

This can easily be done with a PowerShell script (run on a SCOM server):

SYNTAX: MptoXml.ps1

Example: .\MpToXml.ps1 C:\Software\MPs\sealed C:\Software\MPs\unsealed

param($mpFilePath,$outputDirectory)

$MPs = Get-ChildItem $mpFilePath -recurse -include *.mp

$assembly = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.EnterpriseManagement.OperationsManager")| out-null

foreach ($mp in $MPs){

    $mgmtpack = new-object Microsoft.EnterpriseManagement.Configuration.ManagementPack($mp)

    $mpWriter = new-object Microsoft.EnterpriseManagement.Configuration.IO.ManagementPackXmlWriter($outputDirectory)

    $mpWriter.WriteManagementPack($mgmtpack)

}

Source: Pete Zerger

 

Downside of unsealing a management pack is you can’t reference objects of an unsealed management pack, for instance in a distributed application. So after changing the contents of the management pack it needs to be sealed again. Sealing a management pack is done with a certificate. Since you don’t own the certificate of the vendor you need to supply your own.

Keep in mind that this is not recommend from the perspective of the vendor and that updates of the management packs are not installed. Try to use ovverride’s as much as possible.

 

Sealing a management pack

If you created your own management pack, of customized a vendor management pack, you can seal the management pack using basic tools.

In order to seal a management pack there are a couple of prerequisites:

For key generation (one of the following):

  • Business Intelligence Development Studio (2005);
  • Microsoft Visual Studio 2005;
  • .NET Framework SDK, link.

For sealing a management (one of the following):

  • MPSeal.exe (part of SCOM support tools);
  • SCOM 2007 R2 Authoring Console (recommended).

 

Creating the key(for signing) is done in three easy steps

1) Create a key pair : sn.exe –k <path>\KeyPair.snk

KeyGenerationStep1

2) Extract the public key : sn.exe –p <path>\KeyPair.snk <path>\PublicKey

KeyGenerationStep2

3) Create a key pair : sn.exe –to <path>\PublicKey

KeyGenerationStep3

 

The next step, sealing the management pack, is a lot easier. Open the management pack in the SCOM 2007 R2 Authoring Console and follow these (again) three easy steps:

1) Select File > Save As > Sealed and Signed Managemend Pack

SealAndSignManagementPack1

2) Give the Management Pack the suggested name (this is important!)

3) Specify the name of the company, copyright and the KeyPair you created earlier.

SealAndSignManagementPack2

 

Ingmar Verheij