Monitoring and Optimizing a Server Environment for Application Performance

Objective:

Monitor file and print servers. Tools might include Task Manager, Event Viewer, and System Monitor.

• Monitor server hardware for bottlenecks.

In Windows Server 2003, Microsoft has included the Configure Your Server Wizard, which tunes your server for specific roles on your network. Even though Microsoft has done a fairly good job with defining the server roles and configuring the performance options for each role, you can always do better. In this section, we examine the tools and utilities you can use to optimize your server's performance.

Exam Alert: Configure Your Server Wizard

The Configure Your Server Wizard is not included in the Windows Server 2003 Web Edition operating system, which is logical because that version is intended to be used only for web servers, and it comes optimized for that role out of the box. As an administrator, you should be familiar with the capabilities of all versions of Windows Server 2003 for the exam.

Monitoring System Resources

Although Task Manager can give you a quick overview of system performance, there are situations in which a more thorough investigation is needed. This is where the Performance tool comes in handy. The Performance tool is actually made up of two separate Microsoft Management Console (MMC) snap-ins: System Monitor and Performance Logs and Alerts.

The Performance tool is started by following the procedure outlined in Step by Step 14.4.

Step by Step 14.4 Starting the Performance Tool in System Monitor view 1. From the Start menu, click Start, All Programs, Administrative Tools, Performance. 2. As shown in Figure 14.13, the Performance tool opens with the System Monitor view displayed. Figure 14.13. The Windows Server 2003 Performance tool showing the System Monitor view.

System Monitor

The System Monitor snap-in allows you to view real-time performance data contained in the counters from your domain controllers, member servers, or workstations on your network. In addition, System Monitor allows you to review performance data that is stored in a log file created with the Performance Logs and Alerts snap-in.

Windows Server 2003 is a modular, object-oriented operating system. Each subsystem within Windows Server 2003 is an object. For example, the CPU is an object, the memory is an object, the storage subsystem is an object, and so on. As your computer performs various tasks, each of these objects generates performance data.

Each object has several monitoring functions called counters. Each counter offers insight into a different aspect or function of the object. For example, the memory object has counters that measure % Committed Bytes in Use, Available Bytes, Page Faults/sec, and more. System Monitor takes the readings from these counters and presents the information to you in a human-readable format (numbers or graphs). Each counter is displayed as a colored line. Multiple counters from the same system or from remote systems can be viewed simultaneously.

In addition, objects can be separated by instance. Instance is the terminology used to refer to multiple occurrences of the same type of object, such as in a multiprocessor server. A separate instance exists for each processor.

By default, System Monitor is started with the following counters displayed:

• Memory: Pages per Second

• Physical Disk: Average Disk Queue Length

• Processor: % Processor Time

Numerous other counters can be added to give you a more thorough view of your server's performance. To add additional counters to be monitored, perform the procedure outlined in Step by Step 14.5.

Step by Step 14.5 Adding additional performance counters 1. From the Start menu, click Start, All Programs, Administrative Tools, Performance. 2. The Performance tool opens with the System Monitor view displayed. As shown in Figure 14.14, right-click anywhere on the graph in the System Monitor view. Select Add Counters from the pop-up menu. Figure 14.14. Select Add Counters from the pop-up menu or click the + icon in the toolbar. 3. From the Add Counters dialog box shown in Figure 14.15, select Memory from the Performance Object drop-down list and then select Pages/sec from the Select Counters from List area. Figure 14.15. Select the desired Performance object and then select the counters and instance to monitor. Clicking the Explain button provides an explanation of what each counter records. 4. Click the Add button to add the object and counter to the view. Repeat for any additional counters as desired. Then click the Close button to save.

As you saw in this Step by Step procedure, the Add Counters dialog box allows you to make choices from several areas to customize your monitoring needs. The choices found on this dialog box are as follows:

• Computer This option allows you to select whether to add counters from the local computer or any remote computer on your network. You add remote computers using their Universal Naming Convention (UNC) computer name.

• Performance Object This is a drop-down list that displays all the objects available for monitoring.

• Counters This option allows you to select either all counters or individual counters from a list. Hold down the Shift or Ctrl key and click to select multiple items.

• Instance If an object has multiple instances (for example, your server might have multiple network cards), you can select each individual instance or all instances.

After selecting each counter, click the Add button to add the counter to the System Monitor display. For a description of each counter, highlight the counter and click the Explain button. When you're finished, click the Close button.

The number of objects available for monitoring varies by system. Most server services and applications, such as DNS, DHCP, and mail servers, install their own counters that can be used to monitor the performance of those functions.

Each counter can be displayed as a colored line in one of the graph views. Multiple counters from the same system or from remote systems can be viewed simultaneously. Figure 14.16 shows you an example of what one of the graph views, of which there are several, may look like on your system.

Figure 14.16. The Windows Server 2003 System Monitor showing several additional server-usage counters.

Of all the items you can monitor on a typical server, here are the objects you need to monitor closely for performance issues:

• Memory

• Processor

• Physical disk

• Network

These counters provide instant insight into the overall performance on a system. When these counters get too high, it's a good indication that you need to upgrade the system or segment the network.

The Performance Logs and Alerts Snap-In

Although System Monitor provides far more system-monitoring information than Task Manager, it still provides only a snapshot view of system performance. To perform a more thorough evaluation of system performance, you need to view the system statistics over a period of time. You can find these statistics in the Performance Logs and Alerts tool, located under System Monitor in the Performance tool MMC. The following two subsections detail the logging and alert features you can use to capture performance data over an extended time period.

Performance Logs

The Performance Logs and Alerts MMC snap-in allows you to log performance data over a period of time and save it to a log file for later viewing. Two logging options are available: Counter Logs and Trace Logs. Counter logs allow you to record data about hardware usage and the activity of system services from local or remote computers. You can configure logging to occur manually or automatically based on a defined schedule. Trace logs record data as certain activity, such as disk I/O or a page fault, occurs. When the event occurs, the provider sends the data to the log service.

Exam Alert: Trace Logs

Trace logs are commonly used for developers to trace an application's interaction with the operating system. It will probably not be covered on the exam.

The snap-in allows you to save log data in the following file formats:

• Text file (CSV) Comma-delimited format, for import into spreadsheet or database programs.

• Text file (TSV) Tab-delimited format, for import into spreadsheet or database programs.

• Binary file This is the default for use with the System Monitor snap-in. Data is logged into this file until it reaches the maximum limit. The default maximum file size is 1MB, but this can be changed when you configure settings for the file from the Log Files tab of the Log Properties dialog box by clicking the Configure button.

• Binary circular file Data is logged into this file until it reaches the maximum limit. Then the file is overwritten, starting at the beginning of the file. The default maximum file size is 1MB, but this can be changed when you configure settings for the file from the Log Files tab of the Log Properties dialog box by clicking the Configure button.

• SQL Data is logged directly into an existing SQL database.

Because the data is available in so many common formats, you have the option of analyzing the data using the default Microsoft tools or importing it into the tool of your choice.

Note: Establishing a Baseline

You should take a measurement of your system during its normal operation to establish a baseline. This baseline provides something to compare counters to when the system experiences problems. A baseline comparison provides a quick way to pinpoint problem areas.

The Performance utility allows you to log on an object basis and on a counter basis. This means you can configure a log to record all the data for an object instead of using individual counters. Therefore, after a log file is recorded, you can select any counter from an object to examine. After you determine what to record, you need to determine two time-related issues: the measurement interval and the length of time to record the log file. These issues are detailed as follows:

• The measurement interval determines how often a performance reading is taken. Too short an interval can produce spurious results and can cause an additional workload on your system. Too long an interval might hide performance changes. Although most readings are insignificant, frequent readings can cause significant performance degradations.

• The length of time over which a log file is recorded should be long enough to capture all the normal operational activities. This typically means recording a log file for at least a week. A shorter time period might not offer you a complete picture of your system's normal weekly performance.

The sample log is defined with the following basic counters:

• Memory: Pages per Second

• Physical Disk: Average Disk Queue Length

• Processor: % Processor Time

Note that these are the same counters that appear in the initial System Monitor view. You can create your own logs with the counters you specify.

To create a new counter log, perform the procedure outlined in Step by Step 14.6.

Step by Step 14.6 Creating a new counter log 1. From the Start menu, click Start, All Programs, Administrative Tools, Performance. 2. The Performance tool opens with the System Monitor view displayed. Right-click Counter Logs under Performance Logs and Alerts in the left pane and then select New Log Settings from the pop-up menu (see Figure 14.17). Figure 14.17. Right-click Counter Logs and then select New Log Settings from the pop-up menu. 3. In the New Log Settings dialog box, enter the name for the new log and then click OK. 4. In the Log Properties dialog box, shown in Figure 14.18, click the Add Objects button or the Add Counters button to add the desired objects and counters to the log. Repeat this step for any additional counters desired. Notice that an option is available that allows you to run the logs using a different user ID and password. Figure 14.18. Adding counters and objects to the new log. The procedure is similar to adding counters in System Monitor. 5. Click the Log Files tab. 6. On the Log Files tab, enter the desired log file name, type, and location, if the defaults are not what you want. Change the maximum log file size if desired (see Figure 14.19). Figure 14.19. The Log Files tab showing counter log file configuration. 7. Click the Schedule tab. On the Schedule tab, you can select the start and stop times for logging or select to manually start and stop the log (see Figure 14.20). Figure 14.20. The Schedule tab showing the counter log schedule. 8. Click OK to save the log.

If you selected to manually start the counter log, you can start it by right-clicking the log entry in the right pane of the Performance Logs and Alerts snap-in and selecting Start. The icon for the log is green when running and red when stopped.

After you have recorded data in your log file, you can view it within System Monitor. To open your log file, use the procedure outlined in Step by Step 14.7.

A time window is a selected block of time from a log file. When a log file is used as the source of data, the System Monitor utility automatically sets every data point within the log file as activethat is, it views the data from the start to the end of the log file. Through the use of a time window, you can shorten or otherwise alter the data in use. The Source tab from the Log Properties dialog box reveals the Time Range settings. From this dialog box, you can slide the start and end points manually to select your start or stop points. Only the data in the selected time frame (between the start and stop points and shaded gray) is used by the System Monitor utility.

While a log is being recorded, don't try to view the log file from the same instance of the Performance utility that is performing the logging. If you need to view the contents of the open log file, use another instance of the Performance utility. You can view all data points up to the point when you opened the log file, and new data continues to be recorded into the file by the first instance of the Performance utility.

After a log file is recorded, you can append and resample the file to combine multiple files or to remove spurious readings. To record new data into an existing log file, just specify the path to the existing file in the Log Options dialog box.

The only limitation to log file recording is the free disk space on the destination drive; if your hard disk is full, the log file cannot record unless it is emptied or deleted.

Trace Logs

The second type of logs is trace logs. Trace logs are used to track lower level events supplied by data providers that are part of the .NET Framework. Trace logs are set up exactly like counter logs, except they will have the extension .etl. A major difference between trace and counter logs is that while counter logs take samples, trace logs track events continuously. Trace logs are used by developers and require special software tools to read them. You can find out more about trace logs at http://msdn.microsoft.com.

Performance Alerts

The Alerts container is used to define threshold alerts. These can be used with real-time measurements or with historical log files. An alert is issued when a specific counter crosses a defined threshold value. When this occurs, a trigger event is initiated.

Creating an alert is similar to configuring a counter log. To create an alert, perform the procedure outlined in Step by Step 14.8.

You can select several actions to be performed when an alert threshold is reached, as follows:

• Log an Entry in the Application Event Log If a threshold is reached, Windows Server 2003 creates an entry in this log, and you can view it in the application event log found in the Event Viewer.

• Send a Network Message To This allows you to send a message to a user via the Messenger service.

• Start Performance Data Log This starts logging to a predefined counter log. This is useful if you are trying to see what happens to system performance when a specific event occurs.

• Run This Program This can be any program that can be run from a command line. For example, it might be a program that performs some type of system maintenance, such as compressing files.

Alerts are most often used to monitor systems in real time. You can set an alert to notify you when a specific event occurs. Some of the conditions that you might want to configure an alert for are low disk space, swap file usage, and task queues for network cards and CPUs. Any of these items can point to a current or potential system problem.