By default when you create a new management it is created as unsealed so it has a .xml extension and allows for the management pack to be edited. Within the support tools of Operations Manager there is a tool called mpseal.exe which can be used to seal the management pack so it can not be edited but still allow for customization of the applied settings with the use of overrides in seperate management packs. This can be very useful if distributing out to third parties.
To seal a management pack is relatevely straight forward and Microsoft have a "How to Seal a Management Pack" guide here, http://technet.microsoft.com/en-us/library/bb309498(TechNet.10).aspx which outlines the basic steps and options. The problem with Microsoft's guide is that the pre-requisistes state that it is possible to create a private certificate using Microsoft Windows Server 2003 Certificate Services. This is not the case and I will show you how you can create the file required and seal your MP. I have also contacted MS about there misleading prerequisites and they should be sorting it out soon :-).
Before sealing a management, or even generating the key required, there are a couple of prerequisites.
For key generation you will require .NET Framework 2.0 and any one of these:
| .NET Framework SDK |
| Micorosft Viual Studio 2005 |
| Business Intelligence Development Studio (from SQL 2005 Client Components) |
For management pack sealing you will require:
| System Center Operations Manager 2007 Support Tools (available on install media) |
Once the prereq's have been met you can now create your key and seal up your management pack. For my example I have copied the contents of the Support Tools folder to C:\Program Files\System Center Operations Manager 2007.
1. Create the key file by running this command: sn -k c:\pairkey.snk
2. Extract the public key to file: sn -p c:\pairkey.snk c:\pubkey
3. Extract public key and public key token from file: sn -tp c:\pubkey
4. With the key created, run mpseal.exe from the System Center Operations Manager 2007 Support Tools to seal a management pack:
C:\Program Files\System Center Operations Manager 2007>mpseal.exe "c:\test_mp.xml" /I "c:\program files\system center operations manager 2007" /Keyfile "c:\pairkey.snk" /Company "My Company" /Outdir "c:\newmps"
5. The new sealed management pack is successfully created !
For full deatils on the options available when running mpseal.exe, check out the MS guide here, How to seal a management pack.
You can then verify the MP by running MPVerify.exe located at C:\Program Files\System Center Operations Manager 2007:
MPverify /I "c:\newmps\test_mp.mp"
Read the complete post at http://www.aquilaweb.com/blog/index.php?itemid=85
Posted
Jul 03 2008, 12:09 PM
by
Aquilaweb - OpsMan Blog