Administering a Windows Server 2003 network is not simply about making sure that people have access to resources and that information is secure. The question administrators ask themselves is not just, "Is it running?" but also, "Is it running well?" Of course, "well" is relative and can't really be quantified outside your individual context. This section examines the assessment of server performance using the System Monitor, a tool located within the Performance console. In addition, it discusses some tips on how to tune your server before problems occur and which devices should be monitored when they do. Periodic monitoring of your Windows Server 2003 network is important to the process of optimization. Monitoring helps to overcome the feeling-based assessment of your users. For example, by comparing current network performance against a previously established baseline, you have more information than the anecdotal "The network is slow today!" on which to base your actions. By gathering current information and comparing it against established norms for your systems (a baseline ), you can detect bottlenecks, identify those system components that are slowing down server performance, and fix them before they become a problem to your users. Although the actual procedure for creating a baseline is outlined later in this section, it is important to discuss the concept of a baseline here because it is the first thing you will do in practiceeven if it is not the first concept that is presented here. A baseline is an established norm for the operation of your server as determined by normal load. This baseline can then be used as a basis of comparison for future performance to see whether repairable problems exist. As the configuration of your server changes (when, for example, a processor is added or RAM is added), new baselines are established to reflect the new expected performance. The importance of establishing a baseline before beginning to monitor performance can't be overstated. Although there are some guidelines as to what absolute performance numbers indicate , it is as you compare current performance against past performance (the baseline) that you will really be able to evaluate how well current demand is being met and whether you require more resources on your server. In addition, it is imperative that a baseline be established before problems begin to occur. If users are already beginning to complain, "The network is slow," it is too late to establish a baseline because the statistics gathered will include whatever performance factors are contributing to the dissatisfaction. At a minimum, you must perform periodic monitoring on the following areas of your Windows Server 2003 computers: the hard disk(s), processor(s), memory, and network adapter(s). Regardless of which type of services the server is providing, these four areas interact to make your server efficient (thereby appearing fast) or inefficient. The actual speed or efficiency of each of the components varies in importance depending on the application. In some applications, memory is more important than processor speed or availability; in other applications, disk speed and availability are more important than fast network access. The Performance ConsoleRecognizing the need to be able to monitor the performance (and thus the health) of servers and client computers, Microsoft built the Performance console into Windows Server 2003. Whether you are looking for real-time graphical views or a log you can peruse at your convenience, the Performance console can provide the type of data you need to evaluate performance and recommend system modification if necessary. Monitoring performance begins with the collection of data. The Performance console, shown in Figure 6.1, allows you various methods of working with data, although all methods use the same means of collecting data. Data collected by the Performance console is broken down into objects, counters, and instances. An object is the software or device being monitored, such as the memory or a processor. A counter is a specific statistic for an object. Memory has a counter called Available Bytes , and a processor has a counter called % Processor Time . An instance is the specific occurrence of an object you are watching; in a multiprocessor server with two processors, you have three instances: , 1 , and _Total . Figure 6.1. The Performance console consists of four different tools.
The primary difference between using the System Monitor and Counter Logs or Trace Logs is that you typically watch performance real-time in System Monitor (or playback saved logs), whereas you use Counter Logs and Trace Logs to record data for later analysis. Alerts function in real-time by providing you with alerts when a user -defined threshold is exceeded. Counter Logs, Trace Logs, and Alerts are beyond the scope of the 70-293 exam; if you want to learn more about them, however, be sure to see www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_MPtopnode.asp. Introduction to System MonitorYou can access the System Monitor from the Administrative Tools folder by selecting Start, Programs, Administrative Tools, Performance. When you initially open the Performance console, it looks like the console shown previously in Figure 6.1. The System Monitor enables you to view statistical data either live or from a saved log. You can view the data in three formats: graph, histogram, or report. Graph data is displayed as a line graph, histograms are displayed as bar graphs, and text-based reports show the current numerical information available from the statistics. The basic use of the System Monitor is straightforward. You decide which object/instance/counter combinations you want to display and then configure the monitor accordingly . At that point, information begins to appear. You can also change the properties of the monitor to display information in different ways. The best way to become familiar with the System Monitor is to start using it. Step by Step 6.1 lets you do just that by configuring monitoring for some network counters.
Working with CountersNow that you've seen how the System Monitor works from a high-level, let's dig in a little and examine the basic building block of performance monitoring: counters . Figure 6.6 shows a typical Add Counters dialog box. At the top of the dialog box is a set of radio buttons with which you can obtain statistics from the local machine or a remote machine. This feature is useful when you want to monitor a computer in a location that is not within reasonable physical distance from you. Under the radio buttons is a pull-down list naming the performance objects that can be monitored. Which performance objects are available depend on the features (and applications) you have installed on your server. Also, some counters come with specific applications. These performance counters enable you to monitor statistics relating to that application from the Performance console. Figure 6.6. The Add Counters dialog box contains many options you need to understand.
Under the performance object is a list of counters. When applied to a specific instance of an object, counters are what you are really after, and the object just narrows down your search. The counters are the actual statistical information you want to monitor. Each object has its own set of counters from which you can choose. Counters enable you to move from the abstract concept of an object to the concrete events that reflect that object's activity. For example, if you choose to monitor the processor, you can watch for the average processor time and how much time the processor spent doing non-idle activity. In addition, you could watch for %user time (time spent executing user application processes) versus %privileged time (time spent executing system processes). To the right of the counter list is the instances list. If applicable , instances enumerate the physical objects that fall under the specific object class you have chosen . In some cases, the instances list is not applicable. For example, no instances list is available with memory. In cases in which the instances list is applicable, you see multiple instance variables (refer to Figure 6.4). One variable represents the average of all the instances, and the rest of the variables represent the values for the first physical object (number 0, 1, and so on). For example, if you have two processors in your server, you see (and can choose from) three instance variables : _Total , , and 1 . This way, you can watch each processor individually and watch them as a collective unit. Using System Monitor to Discover BottlenecksEvery chain, regardless of its strength, has its weakest link. When pulled hard enough, some point gives before all the others. Your server is similar to a chain. When it's under stress, some component cannot keep up with the others. This results in a degradation of overall performance. The weak link in the server is referred to as a bottleneck because it's the component that slows down everything else. As an administrator responsible for ensuring efficient operation of a Windows Server 2003 computer, you need to determine the following two things:
As was mentioned previously, under normal operation, only four system components typically affect system performance: memory, processors, disks, and network adapters. Therefore, you should monitor the counters that tell you the most about how those four components affect system performance. The information from these counters is critical because you can determine the answer to the two diagnostic questions listed here. The biggest monitoring problem is not collecting the data, but interpreting it. Not only is it difficult to determine what a specific value for a particular counter means, it is also difficult to determine what that value means in the context of other counters. The biggest difficulty is that no subsystem (disk, network, processor, or memory) exists in isolation. As a result, weaknesses in one might show up as weaknesses in another. Unless you take them all into consideration, you might end up adding another processor when all you need is more RAM. Understanding how the subsystems interact is important to understanding the significance of the counter values that are recorded. For example, if you detect that your processor is constantly running at 90%, you might be tempted to purchase a faster processor (or another processor if you have a system board that can accommodate more than one). However, it is important to look at memory utilization and disk utilization as well because the problem could be originating there instead. If you do not have enough memory, the processor must swap pages to the disk frequently. This page swapping results in high memory utilization, high disk utilization, and higher processor utilization. By purchasing more RAM, you could alleviate all these problems. This one example illustrates how no one piece of information is enough to analyze your performance problems or your solution. You must monitor the server as a whole unit by putting together the counters from a variety of objects. Only then can you see the big picture and solve problems that might arise. The recommended method of monitoring is to use a counter log, which captures data over a period of time. This type of monitoring helps you eliminate questions of whether the current stress on the server is typical. If you log over a period of a week or a month and consistently see a certain component under excessive load, you can be sure the stress is typical. Baselining ServersAs we've already discussed, monitoring the present operation of your servers and network presents you with only half of the picture. You need to create a baseline of the server performance that you can use to compare against future performance statistics to locate problematic areas. If you create baselines on servers, you can compare the present-day performance to a known value. This comparison can be very useful when you're troubleshooting, and it also aids during periods when you are modifying configurations. A baseline is a set of typical readings that define "normal" for your servers, client computers, or network under various operating conditions, such as no load, moderate load, and heavy load. Of course, what is normal is obviously open to interpretation, but you could say that normal is a server providing users with what they want in a time frame that they think is reasonable. By creating baselines early on, you have something that you can later look back at and compare current server operating conditions to. If your system is already to the point where you are seeing system degradation, it is really too late to establish a baseline. EXAM TIP Creating a monitoring station Most administrators recommend that you do not perform performance monitoring locally from the server on which you are attempting to monitor and collect data. When you run the System Monitor directly on a server, you can skew the results because, of course, the actual act of monitoring consumes system resources. It's generally better to run System Monitor on a workstation pointed at the server you want to monitor (in addition to being able to monitor multiple servers from a single console). To establish a baseline, you pick a time (or duration of time) that represents typical user interaction with the server. Then you create a log of important counters for the duration you have determined. Some of the more commonly used (and recommended) counters are summarized in Table 6.1. For a complete reference to these counters, be sure to see www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/deployguide/counters1_lkxw.asp. Table 6.1. Counters to Monitor for Baselining and Bottleneck Troubleshooting
EXAM TIP Performance counters Don't worry too much about memorizing all the different counters and their uses. The 70-293 exam is looking more for your ability to use the tools available to identify, troubleshoot, and correct problem situations. Don't be tricked ! When taking the 70-293 exam, carefully read each question especially those that deal with performance monitoringto ensure that you select the correct answer. You might find several very similar answers presented, but only one of them is correct. The log you create should be stored in a safe place to ensure that you can refer to it in the future. Every time you perform a major hardware upgrade (such as increasing RAM or adding a processor), you should create a new set of baselines and consider deleting the old ones. Which actual counters you want to monitor are based on the particular applications running on your server and the requirements you have for the server. Although some recommendations are given in Table 6.1, you might want to watch other objects as well if you have specific applications installed. Creating Baseline Counter LogsTo create a baseline, you create a counter log from the Counter Logs option of the Performance Logs and Alerts node of the Performance console. The creation of a counter log is outlined in Step by Step 6.2.
When creating log files, you have several different file formats available to you. Table 6.2 outlines the available file formats. Table 6.2. Counter Log File Format Options
When creating log files, you have several different numbering formats available to you. Table 6.3 outlines the available numbering formats. Table 6.3. Counter Log Numbering Systems
Daily Monitoring for UsageOn a daily basis, you may not want to monitor the full group of counters that were listed previously in Table 6.1. The counters in Table 6.4 present a smaller, and thus easier-to-manage, group of counters that you might consider monitoring on a daily basis to get a quick snapshot of your system and network performance. Table 6.4. Counters to Monitor on a Daily Basis
As they pertain to Table 6.4, the following are descriptions of the counters:
System Monitor Tips and TricksMicrosoft provides some helpful tips and tricks that you should keep in mind when working with the Performance console to solve performance-related problems. Through careful analysis of data, you might be able to determine problems with the network that are not otherwise seen, such as excessive demands on resources that result in bottlenecksand therefore slow network performance to the degree that users begin to notice that something is wrong. EXAM TIP Saving time by saving your configuration No one wants to reinvent the wheel over and over. This holds true when you are configuring System Monitor with a set of counters. You can save a good amount of time and effort by setting up the System Monitor with the counters and options you want on one server and then saving the configuration file and distributing that file to each of your other servers instead of re-creating the configuration each time. Don't forget about the Task Manager Even though the Task Manager is a very simple tool, don't underestimate its usefulness . You can quickly launch the Task Manager to get a real-time look at network utilization (and process performance) without having to open the System Monitor and configure counters. The following are some of the most common causes of bottlenecks that you might encounter while troubleshooting your network:
After you have identified a problem, you should take care to avoid creating new problems while correcting the old one. You should make one change at a time to avoid masking the impact of changes. After each change, you should perform additional monitoring to determine the result and the effect of the change and reevaluate the status and condition of the previously identified problem(s). In addition, you can compare the performance of applications that are run over the network to their performance when run locally to determine how the network is affecting performance. With our discussion of performance monitoring and baselining out of the way, let's move forward and examine the second topic of this chapter: disaster recovery operations. |