Hands-On Microsoft

Windows Server 2003

Chapter 11
Server and Network
Monitoring
Objectives
• Understand the importance of server
monitoring
• Monitor Server services
• Use Task Manager to monitor processes
and performance
• Use System Monitor to monitor all types of
system elements

2
Objectives
• Configure performance logs and alerts to
monitor a system
• Use Network Monitor to monitor network
performance
• Use the SNMP Service for network
monitoring and management

3
Introduction to Server Monitoring
• Benefits of monitoring
– Prevent problems before they occur
– Diagnose existing problems
• Establish benchmarks in order to compare the
data obtained from monitoring with a
performance baseline
– Disk, CPU, memory, and network response baselines
before a release
– Slow, typical, and heavy use of server and network
resources

4
Monitoring Server Services

5
6
Accessing Server Services
• Open the Computer Management tool
• Services window contains five columns
– Name
– Description
– Status
• Started, Paused, or blank
– Startup Type
• Automatic (most services), manual, or disabled
– Log On As
• Services usually log on to the Local System

7
8
Solving a Problem with a
Service
• The Services tool can monitor problems in a
service
• Check the service status to verify that it is
started or set to start automatically
• Restart the service if necessary
• Be careful about using the Stop option
– Check the Dependencies tab of a service to see if
other services will be affected if this service is
stopped
• Pause the service to take it offline for use only
by Administrators or Server Operators
9
10
Using Task Manager
• Used to monitor and manage server
resources
– Applications
– Processes
– Real-time performance
– Network performance
– Users

11
Monitoring Applications
• Applications tab shows all applications
running from the server console
• Button options:
– End Task, Switch To, New Task
• Status bar displays process information
• Shortcut menu options:
– Switch To, Bring To Front, Minimize,
Maximize, End Task, Go to Process

12
13
Monitoring Processes
• Processes tab lists the processes in use by all running
applications
• A process can be stopped with the End Process button
• A process’s priority can be modified with the Set Priority
option

14
Setting Priorities
• The base priority class is the priority set
internally by an application
• The server administrator can change the priority
– Normal (0)
– Low (-2)
– BelowNormal (-1)
– AboveNormal (+1)
– High (+2)
– Realtime (+15)
• Use with caution because the process may take over the
server

15
16
Monitoring Real-time
Performance
• The Performance tab shows CPU and
memory performance information
– CPU usage
– Page file use
– Handles
• Resource used by a program that has its own
identification
– Threads
• Blocks of code executing within a running process

17
18
19
Monitoring Network
Performance
• The Networking tab enables the
monitoring of network performance on all
of the NICs installed in the server
– Displays total network utilization
– Monitors network performance across each
NIC adapter
– Used to determine if there is a problem with a
NIC
– Can also serve as a warning of high network
utilization (80% to 100%)
20
21
Monitoring Users
• The Users tab provides a listing of the
users currently logged on
– Log off a user using the Logoff button
• Any open files are closed before log off
– Disconnect a user if the user’s connection is
hung

22
Using System Monitor

23
Capturing System Data
• System Monitor can be used to monitor
components such as hard disks, memory,
processors, disk caching, started processes, and
page files
• Monitors a System Monitor object
• For each object, there are one or more counters
that can be monitored
– Counters have status information
• Instances can be associated with a counter
when there are different elements of the same
object type to monitor
24
25
26
System Monitor Views
• Graph
– Running line chart of the object
– Line with a unique color represents each object
• Histogram
– Running bar chart that shows each object as a bar in
a different color
– Counters are shown at the bottom of the screen with
a key to indicate a graphing color
• Report
– Provides numbers on a screen that can be exported
into a report
27
28
Monitoring System Components
• Four objects are often monitored with their
associated counters
– Processor
• % Processor Time indicates whether the server is heavily
loaded, or in need of a reduced load or increased capabilities
• % Interrupt Time can indicate a possible hardware problem
• Interrupts/sec can alert the administrator of excessive
network traffic
• Processor Queue Length can indicate a need to distribute
the processor load
– Memory
– Physical disk
– Network interface
29
30
Diskperf
• Diskperf is a command-line tool that monitors the hard
disk counters

31
Configuring Performance Logs
and Alerts
• The Performance Logs and Alerts tool is
accessed from the Administrative tools menu
• Performance logs track performance data over a
given period of data
– Counter logs trace information on System Monitor
objects by taking a snapshot at specified intervals
– Trace logs monitor particular events and contain only
those instances when the events occur
• Alerts are used to warn specific accounts or
groups of problems when they occur
32
Creating Counter Logs
• Click the Counter Logs option under
Performance Logs and Alerts
• Name the new log and add counters
• Counter logs can occupy disk space and slow
system performance
– If monitoring for four hours or less, use 15-second
intervals
– If monitoring for more than four hours, increase the
interval and adjust the log file size
• The log can be stopped and restarted manually
• Additional objects and counters can be added
33
34
35
Creating Trace Logs
• Documents each instance of a particular
event over a specific period
• Helpful in finding intermittent problems
– Excessive load on a server or network
– Page fault monitoring
• More limited elements to monitor than in a
counter log

36
37
Creating Alerts
• Create an alert through the Alerts option under
Performance Logs and Alerts
• Enter a name for the alert under New Alert
Settings
• Select the object, counter, and instance
– Select _Total as the instance to monitor all processes
• Can send a message to an Administrator group
when a problem occurs
– For example, when CPU is at 100% utilization

38
Using Network Monitor
• Regularly monitoring a network is vital because
network conditions can change frequently
• Network Monitor is used to create trace logs of
network activity and capture frames and packets
– Installed with Add/Remove Programs tool
• Network Monitor Driver enables a server or
workstation’s NIC to collect statistics about
network performance
– Installed with Network Connections

39
Capturing Network Data
• Percentage of network utilization
• Statistics captured during a given time period,
NIC statistics, and network station statistics
– Addresses of network stations
• Frames and bytes per second
• Information concerning transmissions
– Transmissions per second
– Broadcast, unicast, and multicast transmissions
• Error data

40
41
42
Configuring Network Monitor
• Event management is configured by setting up
filters to capture a certain event
• Two property types for filters:
– Service Access Point (SAP) specifies the network
process that should accept a frame at the destination
– ETYPE is a two-byte code for the protocol type, but is
not part of the Ethernet standard
– One or both properties can be monitored
• Set network benchmarks for monitoring load
– % Network Utilization
– Frames, Broadcast, and Multicasts per second
43
44
Using the SNMP Service
• Used for network management on TCP/IP-based
networks
• Consists of management systems and agents
that can be grouped into communities for
administrative and security purposes
– The community shares the use of the service
– A community name is used to provide a rudimentary
password used among the hosts
• SNMP traffic can be monitored using Network
Monitor
45
Configuring the SNMP Service
• Configure the SMNP Service and the
SNMP Trap Service for use with Network
Monitor
• Add community names through host name
or IP/IPX address
• Configure the Traps tab
– Designates the destination of trap messages,
which are sent based on certain events

46
47
Summary
• Use system and network monitoring to
thoroughly understand the servers on your
network and the network’s typical performance
• The Computer Management tool enables you to
monitor system services to determine if they are
experiencing problems
– Restart a service
– Check dependencies

48
Summary
• Use Task Manager to monitor applications,
processes, system performance, network
performance, and logged on users
– Stop a problem application or process
– Log off a hung user connection
• System Monitor is a powerful tool that enables
you to monitor all types of system and network
activities
– Customizes display and saves information to a file

49
Summary
• Performance logs enable you to gather System
Monitor data at specific times or intervals and
record information
• Network Monitor is used to gather information
about network performance and is installed with
the Network Monitor driver
• The SNMP Service enables network agents to
gather network performance data for use by
network management software
– Manages and configures specific network devices

50