Performance Monitoring on Windows 2003 server
Introduction
Server performance is an important issue in a mission-critical business environment. Poor performance can have a huge negative impact on the ability of workers to do their jobs, and thus on productivity and the company’s bottom line. Monitoring and optimizing performance of network servers is one of the administrator’s most important tasks, and it is important to continually collect and analyze performance data to ensure that any problems can be taken care of before they impact end users. Security events are another important area that the administrator must stay on top of, to protect the integrity of the organization’s network and data.
Windows Server 2003 provides administrators with built in tools for monitoring performance issues and detecting security breaches (or attempted breaches). These include both simple monitoring tools such as Task Manager, powerful monitoring tools such as the System Monitor, and a set of useful command line utilities. For auditing security events, the security log provides vital information for tracking successful and failed breaches of security.
Using the Performance Utility to Monitor Performance
Let’s try to learn about the utilities that monitor performance. The main utilities are the System Monitor and the Performance logs. These tools provide us a graphical user interface to analyze performance data. We will also investigate the command line tools available in Windows 2003 Server. Let’s start with the System Monitor
Using the System Monitor
The System monitor is the primary tool for monitoring system performance. In Windows NT, it was called the Performance Monitor; in Windows 2000, Microsoft changed the name to System Monitor, within the Performance MMC.
In keeping with its old name, The System Monitor interface can be invoked by clicking Start | Run and typing perfmon, or by clicking Start | Administrative Tools | Performance | and selecting System Monitor . The System Monitor runs as an ActiveX control inside the Performance Monitor console. Because the System Monitor is built as an ActiveX control, you can embed the System Monitor into a web page or a web form application. You can also monitor remote computer activity from your local System Monitor console. A screen shot of the System Monitor is displayed in Figure 1.
Figure 1 System Monitor.
The System Monitor can be displayed in 3 formats. Figure 1 shows the System Monitor as a graph. We can also display the System Monitor as a Histogram or as a text report. You can alter these views by clicking on one of the three buttons in the button bar directly above the graph.(The first button is the fifth from the left of the button bar and next to the database sign) If you hover your cursor over these buttons, you will that they are labeled View Graph, View Histogram and View Report.
There are three performance counters that are activated and monitored by default. These are displayed in Figure 9.2, and include the following:
· Memory object: Pages/sec counter
· Physical disk object: Average disk queue length counter
· Processor object: % processor time counter
You can right click on any performance counter in the lower pane and select Save As to save the log information as an HTML file (.htm) or a tab delimited file (.tsv) .
Adding Performance Counters
You can add performance counters by doing one of the following:
· Right click the counter pane and select Add counters
· Select the Data tab from Properties dialog box of the System Monitor, as shown in Figure 2. To open the Properties dialog box, right click within the graph area or on an item in the counter pane, and click Properties, or click CTRL+L.
· Click the Add button on the button bar, which appears as a plus sign (+).
· Click CTRL+I.
Figure 2 Properties for System Monitor
You will see the existing counters in the Counters space. When you click the Add button or click CTRL + I, you should see the Add Counters dialog box as shown in Figure 3.
Figure 3 Add Counter screen
In the Add Counters dialog box, first select the machine you wish to monitor. You can monitor counters on the local computer by selecting Use local computer counters, or you can monitor counters on a remote machine by selecting Select counters from computer: and typing the UNC path to the remote system or choosing it from the dropdown box if you’ve monitored it from this computer previously.
Next, select the performance object. A performance object is a specialized object that has performance counter information on a particular application, service or hardware device. (e.g., SQL Server has specialized performance objects that will enable System monitor to monitor their activity. There are a large number of objects from which to choose. Some of the most commonly monitored objects include:
· Processor
· Memory
· Logical Disk
· Physical Disk
· DNS
· DHCP Server
· Network interface
· Web service
Note
Some applications and services add performance objects and counters to the System Monitor when you install them. Thus, you might not see all of the listed objects/counters if you don’t have the related applications or services installed on the computer you’re monitoring. For example, if you don’t have SQL Server installed, you will not see the SQLServer:Databases object.
Finally, select the counters you are interested in that pertain to your selected object, or select All Counters to track all counters that pertain to that object. (The counters are different from one performance object to another, and some objects have a large number of counters).
Next, select the instance to which the counters apply if there is more than one instance of the object on the machine. For example, if you have dual processors installed, there will be two instances for the Processor object. If you have two logical disks (C: and D:), both of these will show up as separate instances and can be monitored individually or you can select All instances to monitor them all.
Tip
You can select a counter and click Explain button to get help information about it. A window will pop up beneath the Add Counters dialog box with the explanation of the counter. You can remove a counter by selecting it and clicking Remove.
It is important for you to be familiar with the functions of the major performance counters and their thresholds. The performance counters we will discuss are memory, disk and process related. Table 1 discusses some of these counters and their thresholds. Some recommendations are given for thresholds values that should trigger actions on your part. There can be a myriad of reasons that the threshold is met. It is an indication that the system is not responding correctly if the counter thresholds are met, so it is important to know when this is occurring (or about to occur) and take action. System administrators should investigate the cause anytime a performance threshold is reached. You can also configure the Performance utility to notify you when a threshold is met.
Table 1 Important Performance counters and thresholds
Type / Object\Counter / Threshold / ActionMemory / Memory\Available Bytes / Less than 4MB / Check for memory leaks and add RAM if necessary
Memory / Memory\Pages/ sec / 20 / Investigate paging settings
Paging File / Paging File\% Usage / Above 70% / The Paging File value should match up with the previous two values. A value exceeding 70% is not healthy for the system.
Disk / Physical Disk\ Free Space
Logical Disk\
Free Space / 15% / Clear more disk space. Increase logical or physical disk space
Disk / Physical Disk\ Disk Time
Logical Disk\ Disk Time / 90% / The disk is not being read quickly enough. This could be a hardware issue. It could also be that the amount of data on disk is too large.
Disk / Physical Disk\Disk Reads/sec, Physical Disk\Disk Writes/sec / Depends on Manufacturer / The writing the reading from the disk is slow. We may need to upgrade the disk or disk drivers
Processor / Processor\ % Processor Time / 85% / Find the process intensive processes and move them to separate processors (if you have a multi-processor machine) or add more processing power (by adding another processor or by upgrading to a faster processor)
Processor / Processor\ Interrupts/ sec / Processor specific; 1000 is a standard / If the counter value increases without additional processes, the cause could be hardware related
Server / Server\ Bytes Total/ sec / Depends on the network / If all your servers’ Bytes Total/ sec is the same and similar to the maximum network speed, you might need to increase the network bandwidth
Server / Server\ Pool Paged Peak / Physical RAM available / Should not be greater than the physical RAM value.
We have investigated the “Data” tab of the System Monitor. Lets look at the other properties of the System Monitor now.
General tab of the System Monitor
The General tab lets you configure the System Monitor view. Figure 4 displays the General tab of the System Monitor’s properties. We can view the System Monitor as a Graph, Histogram or a report by selecting the option from the View group box. We can customize the System Monitor display by selecting the options from the Display elements group box. We can use the Report and histogram data group box to filter through the amount of data to be monitored. The maximum will display the maximum values of counters and minimum will display the minimum values. We can view the System Monitor as 3D or one dimension (The option Flat) by selecting the Appearance select box. Then we can apply a border using the Border option. The Sample automatically every X seconds box will let you configure the refresh interval of the System Monitor. We can also let duplicate counters by selecting the Allow duplicate counter instances option box.
Figure 4 : General tab of System Monitor
Source tab of the System Monitor
The Source tab describes the data source for the System Monitor. There are three major sources. The first one is the current activity of the System. The can be selected by enabling the Current Activity option. The second option is from a log file. This can be enabled by the selecting the Log files option. Then we have to point to the correct log files by adding them by utilizing the Add button. You can also remove the unwanted log files by using the Remove button. The third option is a data base source. We need to enter the Data Source Name (DSN) and select the correct log file database by using the Log set options. We can also filer the data sources according to time ranges by using the Time Range option. Please refer to Figure 5 for details.
Figure 5 : Source tab of System Monitor
Graph tab of the Systems Monitor
The Graph tab will let you configure the display format of the System Monitor graph. You can add titles and vertical axis names for the graph using this tab. We ca also display the graph as a grid using vertical and horizontal lines using this. Then finally we can configure the scale of the graph. Figure 6 displays the Graph tab of the System Monitor.
Figure 6 : Graph tab of System Monitor
Appearance tab of the System Monitor
The final tab is the Appearance tab. This controls the physical appearance of the System Monitor graph. We can change the back ground and foreground colors and font sizes using this tab. The Appearance tab is similar to Figure 7.
Figure 7 : Appearance tab of System Monitor
Using Performance Logs and Alerts
This section of the Performance utility is used to configure logging of performance related information and set up the system to alert you when thresholds are reached. Let’s look closely at the Performance Logs and Alerts section.
In the left pane of the Performance MMC, expand the Performance Logs and Alerts node, and you will see that this section has three child nodes. These are:
· Counter Logs
· Trace Logs
· Alerts
All these logs and alerts can be configured, started or stopped using the Performance utility. Let’s investigate the Counter logs first.
Counter Logs
The Counter logs will store the performance counter information. We can use these logs to analyze data at a later opportunity. Let’s learn how to create a counter log.
1. Click Start | Run and type Perfmon.exe
2. Select Performance logs and counters from the Performance Monitor screen.
3. Right click on Counter Logs and select New Log Settings.
4. A text box will appear to enter the counter log name. We will enter Test_Memory_Log for demonstration purposes. Then you will be presented with a Properties screen for the newly created log. The image should be similar to Figure 8
Figure 8 : General tab of Counter Log
The log file name will be automatically assigned by the system. Then we can configure the counters we monitor by utilizing the Counters section. We can first add objects we like to monitor by using the Add Objects button. Then we can select the individual counters for each object by clicking on the Add Counters button. (We will select the memory counters to monitor memory activity for our demonstration purposes.) We can also configure the frequency of the log file entries by utilizing the Interval and Units option boxes. We can configure more settings by using the Log Files and the Schedule tabs. The Log Files tab is shown in Figure 9.
Figure 9 : Log Files tab of Counter Logs
You can configure the log file type using the Log file type option box. Some valid types are binary format, comma separated file format, tab delimited format or database. You can configure these options by clicking on the Configure button. The End file name with option box will let us append a time stamp to the log file. We have selected month- day – year format in Figure 9. We can also put a comment about the log by using the Comment field. We can also instruct the system to overwrite the existing log file by clicking on the bottom option box. Let’s investigate the Schedule tab now. (Please refer to Figure 10)