Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Server performance is an important issue in a mission-critical business environment. Poor performance can have a huge negative impact on the ability of workers to do their jobs, and thus on productivity and the companys bottom line. Monitoring and optimizing performance of network servers is one of the administrators most important tasks, and it is important to continually collect and analyze performance data to ensure that any problems can be taken care of before they impact end users. Security events are another important area that the administrator must stay on top of, to protect the integrity of the organizations network and data. Windows Server 2003 provides administrators with built in tools for monitoring performance issues and detecting security breaches (or attempted breaches). These include both simple monitoring tools such as Task Manager, powerful monitoring tools such as the System Monitor, and a set of useful command line utilities. For auditing security events, the security log provides vital information for tracking successful and failed breaches of security.
The System Monitor can be displayed in 3 formats. Figure 1 shows the System Monitor as a graph. We can also display the System Monitor as a Histogram or as a text report. You can alter these views by clicking on one of the three buttons in the button bar directly above the graph.(The first button is the fifth from the left of the button bar and next to the database sign) If you hover your cursor over these buttons, you will that they are labeled View Graph, View Histogram and View Report. There are three performance counters that are activated and monitored by default. These are displayed in Figure 9.2, and include the following: Memory object: Pages/sec counter Physical disk object: Average disk queue length counter
Processor object: % processor time counter You can right click on any performance counter in the lower pane and select Save As to save the log information as an HTML file (.htm) or a tab delimited file (.tsv) .
You will see the existing counters in the Counters space. When you click the Add button or click CTRL + I, you should see the Add Counters dialog box as shown in Figure 3. Figure 3 Add Counter screen
In the Add Counters dialog box, first select the machine you wish to monitor. You can monitor counters on the local computer by selecting Use local computer counters, or you can monitor counters on a remote machine by selecting Select counters from computer: and typing the UNC path to the remote system or choosing it from the dropdown box if youve monitored it from this computer previously. Next, select the performance object. A performance object is a specialized object that has performance counter information on a particular application, service or hardware device. (e.g., SQL Server has specialized performance objects that will enable System monitor to monitor their activity. There are a large number of objects from which to choose. Some of the most commonly monitored objects include: NOTE Some applications and services add performance objects and counters to the System Monitor when you install them. Thus, you might not see all of the listed objects/counters if you dont have the related applications or services installed on the computer youre monitoring. For example, if you dont have SQL Server installed, you will not see the SQLServer:Databases object. Processor Memory Logical Disk Physical Disk DNS DHCP Server Network interface Web service
Finally, select the counters you are interested in that pertain to your selected object, or select All Counters to track all counters that pertain to that object. (The counters are different from one performance object to another, and some objects have a large number of counters). Next, select the instance to which the counters apply if there is more than one instance of the object on the machine. For example, if you have dual processors installed, there will be two instances for the Processor object. If you have two logical disks (C: and D:), both of these will show up as separate instances and can be monitored individually or you can select All instances to monitor them all. TIP You can select a counter and click Explain button to get help information about it. A window will pop up beneath the Add Counters dialog box with the explanation of the counter. You can remove a counter by selecting it and clicking Remove. It is important for you to be familiar with the functions of the major performance counters and their thresholds. The performance counters we will discuss are memory, disk and process related. Table 1 discusses some of these counters and their thresholds. Some recommendations are given for thresholds values that should trigger actions on your part. There can be a myriad of reasons that the threshold is met. It is an indication that the system is not responding correctly if the counter thresholds are met, so it is important to know when this is occurring (or about to occur) and take action. System administrators should investigate the cause anytime a performance threshold is reached. You can also configure the Performance utility to notify you when a threshold is met. Table 1 Important Performance counters and thresholds
Type Memory Memory Paging File Disk Object\Counter Memory\Available Bytes Memory\Pages/ sec Paging File\% Usage Physical Disk\ Free Space Logical Disk\ Free Space Physical Disk\ Disk Time Logical Disk\ Disk Time Physical Disk\Disk Reads/sec, Physical Disk\Disk Writes/sec Processor\ % Processor Time Threshold Less than 4MB 20 Above 70% Action Check for memory leaks and add RAM if necessary Investigate paging settings The Paging File value should match up with the previous two values. A value exceeding 70% is not healthy for the system. Clear more disk space. Increase logical or physical disk space The disk is not being read quickly enough. This could be a hardware issue. It could also be that the amount of data on disk is too large. The writing the reading from the disk is slow. We may need to upgrade the disk or disk drivers Find the process intensive processes and move them to separate processors (if you have a multi-processor machine) or add more processing power (by adding another processor or by upgrading to a faster processor) If the counter value increases without additional processes, the cause could be hardware related If all your servers Bytes Total/ sec is the same and similar to the maximum network speed, you might need to increase the network
15%
Disk
90%
Disk
Processor
Processor Server
Server
We have investigated the Data tab of the System Monitor. Lets look at the other properties of the System Monitor now.
The Source tab describes the data source for the System Monitor. There are three major sources. The first one is the current activity of the System. The can be selected by enabling the Current Activity option. The second option is from a log file. This can be enabled by the selecting the Log files option. Then we have to point to the correct log files by adding them by utilizing the Add button. You can also remove the unwanted log files by using the Remove button. The third option is a data base source. We need to enter the Data Source Name (DSN) and select the correct log file database by using the Log set options. We can also filer the data sources according to time ranges by using the Time Range option. Please refer to Figure 5 for details. Figure 5 : Source tab of System Monitor
Alerts All these logs and alerts can be configured, started or stopped using the Performance utility. Lets investigate the Counter logs first.
Counter Logs
The Counter logs will store the performance counter information. We can use these logs to analyze data at a later opportunity. Lets learn how to create a counter log. 1. Click Start | Run and type Perfmon.exe 2. Select Performance logs and counters from the Performance Monitor screen. 3. Right click on Counter Logs and select New Log Settings.
4. A text box will appear to enter the counter log name. We will enter Test_Memory_Log for demonstration purposes. Then you will be presented with a Properties screen for the newly created log. The image should be similar to Figure 8 Figure 8 : General tab of Counter Log
The log file name will be automatically assigned by the system. Then we can configure the counters we monitor by utilizing the Counters section. We can first add objects we like to monitor by using the Add Objects button. Then we can select the individual counters for each object by clicking on the Add Counters button. (We will select the memory counters to monitor memory activity for our demonstration purposes.) We can also configure the frequency of the log file entries by utilizing the Interval and Units option boxes. We can configure more settings by using the Log Files and the Schedule tabs. The Log Files tab is shown in Figure 9. Figure 9 : Log Files tab of Counter Logs
You can configure the log file type using the Log file type option box. Some valid types are binary format, comma separated file format, tab delimited format or database. You can configure these options by clicking on the Configure button. The End file name with option box will let us append a time stamp to the log file. We have selected month- day year format in Figure 9. We can also put a comment about the log by using the Comment field. We can also instruct the system to overwrite the existing log file by clicking on the bottom option box. Lets investigate the Schedule tab now. (Please refer to Figure 10) Figure 10 : Schedule tab for Counter Logs
You can configure the start date and the end date by suing this tab. You can either start the log manually or assign a time. This is done by the controls in the Start log group box. The Stop log group box will let you configure the end time and the subsequent operations of the termination of the log file. You can terminate log manually, after X number of day or at an exact time. Then you can use the Start a new log file command or Run this command option boxes to configure the subsequent events. 5. Click OK or Apply button to apply the changes.
the other hand, are more prone to disk and network problems. Here are some guidelines to help you with optimization methods: Make one optimization change at a time. Make the change and test the system to observe the outcome. You will not be able to determine the change if you make multiple changes simultaneously. Observe the Event Log closely when you are making modifications to the system. The Event log will display errors when the applications are unstable. Try to run the application locally on your system. (As apposed to running it on a network server). This can give you an indication of whether a network problem is present.
Memory:Available Bytes indicates the available memory capacity. We recommend that you have at least 4MB of memory available to run the server effectively. You should take immediate action if the memory falls below 4MB. Memory: Pages/sec indicates the rate at which pages are written to or read from disk, in number of pages. The recommended threshold for the Memory:Pages/sec counter is 20. It this counter exceeds 20, you should take action. (Alerts can be used to notify the system administrator of these events Refer to the Alerts section under System Monitor.). The most common memory problem is a memory leak due to incorrect application code. Following are some recommendations to remedy memory issues: Investigate the minimum memory requirement for your applications to run. This can be easily done by using the Task Manager. (Read the memory values before and after the application is loaded to the memory). Make sure the available memory exceeds this value. Add more physical RAM to the machine if it is not sufficient. Create multiple paging files on multiple disks. This will allow faster disk access between the disks. Reevaluate the paging file size. It is recommended that the paging file size be 1.5 times the physical RAM installed. If the paging file/ virtual memory used exceeds this limit, add extra physical memory or decrease the page file size. Run your most memory intensive applications on your highest performing computers. You can also reschedule such applications to run when the system work load is light. NOTE The first step in detecting a memory leak is to observe the memory data by using the Memory:Available Bytes and Memory:Committed Bytes performance counters. You should suspect a memory leak when the available memory figure declines by more than 4MBs. You need to isolate the applications and run them against these counters to determine which application is causing the memory leak. You might need to monitor the Process:Private Bytes, Process:Working Set and Process:Handle Count counters on the suspected process to confirm the memory leak. A kernel mode application can also be leaking memory. In that case, you need to use the Memory:Pool Nonpaged Bytes, Memory:Pool Nonpaged Allocs, Process (Process name):Pool Nonpaged Bytes counters. The kernel mode applications do not refer to paging mechanisms; therefore you should use nonpagesd counters.
Monitoring network objects involves tracking the overall network traffic. You also need to track the servers process and memory data in conjunction with the network traffic. Server memory problems can be initiated by malfunctions of the network architecture. You should monitor network counters in conjunction with Processor:Processor Time, Physical Disk:% Disk Time and Memory:Pages/sec . Most network resources (network adapters and protocol software) use nonpaged memory. If the computer is doing excessive paging, this might be due to the fact that networking activities are consuming the resources and the applications are being swapped to the disk. This is indicated by an increase in Memory:page/sec and a decrease in Processor:Total Bytes performance counters. Please check the event viewer in this case to confirm that you are running out of paged or non paged memory. NOTE The paging capabilities of a system should be approximately 1.5 times the amount of installed RAM. This is automatically set by the operating system. The system will be unstable if you exceed the 1.5 limit (A common cause is a network issue that causes excessive swapping of applications.) There are specialized performance counters that can be used to optimize network usability. The following are important network related performance counters: Network Interface\:Bytes Total/sec, Bytes Sent/sec, and Bytes Received/sec These counters will describe how the network adapters are performing against the network traffic. You should investigate any Bytes received or Send abnormalities indicated by these counters. (the recommended threshold depends on the network adapters and network topologies). Protocol_layer_object: Segments Received/sec, Segments Sent/sec, Frames Sent/sec, and Frames Received/sec The Protocol_layer object will be TCPv4, TCPv6, IPv6 etc.. These are based on a single protocol at a time. This will provide you with information on how the protocols perform against the network availability. A frame is a unit of data sent to a machine over the network. You should be concerned if the frames received or sent do not correspond to your preferred settings for the organization. Server: Bytes Total/sec, Bytes Received/sec, and Bytes Sent/sec These counters indicate how the server is using the network to receive and send data. This data is closely coupled to protocol layer and Network Interface layer data. The protocol and network activity should be high if these counters are high. We should investigate if the protocol activity and the network activity do not follow the server trends. (e.g. It could be a hardware malfunction that consumes the resource of the server. Therefore network and protocol activity will be slow in face of a high server utilization rate) You need to constantly monitor network traffic and make sure it does not exceed your Local Area Network (LAN) capacity. You should be using the Network Monitor tool to manage large network traffic situations. (This is not installed by default in the Windows Server 2003 installation. You might need to install it via Add/Remove Programs in Control Panel in order to use it). Here are some recommendations to optimize your network performance: Unbind unwanted and infrequently used network adapters. They will put an extra burden on the system that has to manage them. Try to place all domain users in one subnet to prevent unwanted replication traffic on the network. The order in which network/transport protocols are bound makes a difference if you are using multiple protocols for network communications. For example, if you have both TCP/IP and IPX/SPX installed and bound to your NIC, put the most used protocol at the top of the protocol list. Some protocols are optimized for specific network topologies, so you should spend some time identifying the protocols you need and configuring the protocols for maximum throughput.
LogicalDisk: % Free Space This counter indicates the amount of free space available on the disk, as a percentage of the total disk capacity. Paging problems can occur if you have little disk space to which the system can swap data out of memory, and operating system errors can occur if the partition on which the OS is installed becomes too full. NOTE Log the performance data onto another drive when you are testing the disk speed of a particular logical disk. Otherwise the logging process will interfere with the statistics. Logical Disk sec/Transfer This counter describes how long the disk is taking to fulfill the requests. The more time it spends on fulfilling the requests, the slower the disk controller is. It is recommended that this value be less than .3 second for most disk controllers. NOTE The following are recommendations for optimizing disk activity on the server: When you upgrade a disk, upgrade the disk controller and bus associated with it. It does no good to install a fast disk if the controller and bus dont support the faster speed. Try to distribute applications across multiple disks. That is, place different applications on different disks, However, you should also ensure that each individual application is not cross referencing to multiple disks, so as to minimize disk activity. Use Disk Defragmenter on a regular basis (especially after deleting large amounts of data) to rearrange the data on each partition so that data belonging to a specific file is contiguous on the disk; this minimizes disk access time. Physical Disk Bytes/sec This will give you the throughput of the disk activity.
Acknowledgements
The information contained in this article is based on Chris Peiris' new book MCSA/ MCSE Exam 70-290 Study Guide : .Windows 2003 Server . The book provides sample exam questions for all the Windows 2003 server topics.
Technology degrees. He is currently under taking a PhD on Web Service Management Framework. He lives with his family in Civic, Canberra ACT. He can be reached at www.chrispeiris.com