LECTURE 4

PREPARING TO MONITOR
A WORKSTATION
PERFORMANCE
1
2

Involved Topics

• Introduction to Monitoring Server

Performance
• Performing Real-Time and Logged
Monitoring
• Configuring and Managing Counter Logs
• Configuring Alerts
3
Introduction to Monitoring Server
Performance
What is Windows Performance Monitor?
Why Monitor Performance?
Monitoring Strategies
Guidelines for Establishing a Baseline
 4
What is Monitor Performance?
 Performance Monitor (perfmon) is a powerful program found in all Microsoft servers
from NT to Windows Server 2012

 Windows Performance Monitor is a Microsoft Management Console (MMC) snap-in

that provides tools for analyzing system performance. From a single console, you can
monitor application and hardware performance in real time, customize what data
you want to collect in logs, define thresholds for alerts and automatic actions,
generate reports, and view past performance data in a variety of ways.

 Windows Performance Monitor performs data collection and logging using Data
Collector Sets
 5
What is Monitor Performance?
 Windows Performance Monitor uses performance counters, event trace data, and configuration
information, which can be combined into Data Collector Sets.

 A Data Collector Set is the building block of performance monitoring and reporting in Windows
Performance Monitor

 It organizes multiple data collection points into a single component that can be used to review
or log performance

 A Data Collector Set can be created and then recorded individually, grouped with other Data
Collector Set and incorporated into logs, viewed in Performance Monitor, configured to
generate alerts when thresholds are reached, or used by other non-Microsoft applications
6
 What is Monitor Performance?
7

 Data Collector Sets can contain the following types of data collectors:
 Performance counters
 Event trace data
 System configuration information (registry key values)

 Performance counters are measurements of system state or activity. They can be included in the operating
system or can be part of individual applications. Windows Performance Monitor requests the current value of
performance counters at specified time intervals.

 Event trace data is collected from trace providers, which are components of the operating system or of
individual applications that report actions or events. Output from multiple trace providers can be combined
into a trace session .

 Configuration information is collected from key values in the Windows registry. Windows Performance Monitor
can record the value of a registry key at a specified time or interval as part of a log file.
 8
Why Monitor Performance?
 Main reasons for Performance Monitoring:
• Examine how programs you run affect your computer's performance, both in real time and
by collecting log data for later analysis
• Detecting network bottlenecks.
• Identifying server performance problems.
• Planning the capacity of your servers and subnets.
• Setting alerts so that you can nip trouble in the bud. (stop the trouble instantly).
• Creating baselines when activity is low.
• Understanding the effect of your workload on resources.
 9
Why Monitor Performance?
 By monitoring performance, you obtain data that you can use to:
• Understand your workload and the corresponding effect on your system's resources
• Observe changes and trends in workloads and resource usage so you can plan for future
upgrades
• Test configuration changes or other tuning efforts by monitoring the results
• Diagnose system problems and identify components or processes for optimization
• Implement controls
 Analyze performance data to uncover bottlenecks
10
Why Monitor Performance?
 Benefits:
• Make the best use of resources.
(Load balancing)
• Know where the minimum investment will produce the maximum gains.
(RAM on response times)
• Understanding what components are actually doing. (Is the Disk mainly reading or
writing?)
• Knowledge is power. Set an alert when resources are running low.
(Memory: Available bytes less than 10 MB)
 11
Monitoring strategies
 Based on the goals of monitoring
 Goals of monitoring:
• To discover a bottleneck, performance monitor will unearth areas of high demand, for
example, RAM, Processor or Disk. Logging key counters can also anticipate problems,
for example imminent disk failure.
• To discover security issue, auditing the abnormal activities or suspicious activities in the
network and system
• Baseline, investigating the impact of services on system resources. What is the network
like at night when no-one is collect email or querying SQL? Linked to baseline analysis is
capacity planning. Do you know what would happen if you put another 100 users on
that subnet? No? Performance monitor will let you play 'what if..' games.
 12
Monitoring strategies
 Goals of monitoring:
• Learning about systems, is an unexpected bonus, you cannot help but learn how the
operating system works when you measure its memory counters.
• Maximizing resources, at the very least, performance monitor will give you ideas for
load balancing servers. Analysis may also unearth incorrectly configured resource, for
example network cards set at 10 Mps instead of 100 Mps. Results of monitoring may
repay by helping you with specifications for new machines.
• Testing, a double edged sword. Having a test network to try new configurations will
ultimately improve the production network. Performance monitoring may be the
catalyst to commission or strengthen a test network. Another selling point is that a top
specification test network can provide spare machines when a server on the live
network needs to be repaired.
13
Windows 2008's Performance Monitors
 Perfmon with Reliability and
performance Monitor
 The Perfmon executable displays

Start
--> Programs
--> Administrative Tools
--> Reliability and Performance Monitor
-- > Monitoring Tools
-- > Performance Monitor
14
Windows 2008's Performance Monitors
 MMC Snap-in – Reliability and
Performance Monitor (Not
recommended)
 Reliability and Performance
Monitor

MMC
--> Add Remove Snap-in
--> Reliability and
Performance Monitor
15
Guidelines for Establishing a Baseline
Baseline is data collected over time during varying but typical
types of workloads and user connections

When determining your baseline, understand the types of work

being done and the days and times when the work is being done

Establish a baseline early in deployment, and then measure

actual performance against the baseline during deployment

Establishing a baseline early helps to quickly identify and resolve

system bottlenecks
16
Performing Real-Time and Logged
Monitoring
• What Is Real-Time and Logged Monitoring?
• What Is Task Manager?
• What Is the Performance Console?
• How to Perform Real-Time Monitoring
• How to Perform Logged Monitoring
• Why Monitor Servers Remotely
• How to Monitor a Remote Server
 17
What Is Real-Time and Logged Monitoring?
Real-Time Monitoring
Involves processing and updating data counters as soon as data is
received from the operating system
Establishes the current state of the four subsystems: memory, processor,
disk, and network
Tool used is Monitoring Tools

Logged Monitoring
Involves collecting and storing data over time for analysis later
Detects bottlenecks and determines whether the system changes
Use Data Collector Sets
 What Is Task Manager?
Displays information about:
 Programs and processes
running on your computer
 Status of running programs
 Your computer’s
performance – a dynamic
overview
 Network status
 Number of users connected
to the computer, what they
are working on, and allows
administrators to send a
message
19
What Is the Performance Console?
The Performance console contains
Monitoring Tools, Data Collector Sets and Reports
With Monitor Tools:
 You can collect and view real-time
data of a local computer or several
remote computers
 You can create graphs, histograms, and reports of the
performance counter data
Data Collector Sets:
 Provides logging and alert capabilities
 Defines settings for counter logs, trace logs, and alerts
20
What Is the Performance Console?
 From the Console Root you can see the
Reliability and Performance Monitor, and
underneath, the Data Collector Sets. You
can launch the Reliability and Performance
Monitor from the Administrative Tools, or
alternatively click Run, Perfmon (Type),
Enter
 Once you launch the Reliability and
Performance Monitor, you get a graph with
a trace
 Why Monitor Servers Remotely?

To prevent Task Manager and Performance from adding to the

load on the server, which can misrepresent the collected data
Also, administrators are often responsible for hundreds of servers,
which makes it impractical to monitor each server individually
22
Configuring and Managing
Counter Logs
What Is a Counter Log?
How to Create a Counter Log
Counter Log File Formats
How to Set File Parameters for a Counter Log
Why Schedule Counter Logs?
How to Schedule a Counter Log
23
What Is a Counter Log?
 Each performance object provides performance counters that represent
data about specific aspects of a system or server
 Counter logs define what data is stored in the log file
24
Counter Log File Formats
Log File Format Description When to use
Text File Comma-delimited log file (with a .csv extension) To export log data into a spreadsheet
(Comma delimited) program

Text File (Tab delimited) Tab-delimited log file (with a .tsv extension) To export log data into a spreadsheet
program

Binary File Sequential, binary-format log file (with a .blg To record data instances that are
extension) intermittent

Binary Circular File Circular, binary-format log file (with a .blg To record data continuously to same log
extension) file
SQL Database Name of an existing SQL database and log set To collect performance data at an
within the database where performance data enterprise level rather than a per-
will be read or written computer basis
25
Why Schedule Counter Logs?
Schedule counter logs to:
Create a performance baseline
Determine the overall system impact when replication occurs
between domain controllers
Determine whether a bottleneck occurs when users log on in the
morning or when users connect remotely in the evening
Determine whether backup causes a bottleneck when it runs in
the evening
Determine whether a bottleneck is causing the network to slow
down during certain times of the day
26
Configuring Alerts

What Is an Alert?
How to Create an Alert
How to Configure an Alert
27
What Is an Alert?
▪ Feature that detects when a predefined counter value rises above or falls below a
specified setting
▪ Specified setting on the counter is called alert threshold
▪ Set an alert on a counter when:
• Entry is made in application event log
• Selected counter’s value exceeds or falls below alert threshold
• Message is sent
• Program runs
▪ Set alerts based on established performance baseline values
▪ Use alerts to be notified when a counter threshold value exceeds or falls below a
specified value
 28
How to Create and Configure an Alert?
 In the Windows Performance Monitor navigation pane, expand Data Collector Sets , right-click User Defined , point to New ,
and click Data Collector Set . The Create new Data Collector Set Wizard starts.
 Enter a name for your Data Collector Set.
 Select the Create manually option and click Next .
 Select the Performance Counter Alert option and click Next .
 Click Add to open the Add Counters dialog box. When you are finished adding counters, click OK to return to the wizard.
 Define alerts based on the values of performance counters you have selected.
 From the list of Performance counters, select the counter to monitor and trigger an alert.
 From the Alert when drop-down, choose whether to alert when the performance counter value is above or below the
limit.
 In the Limit box, enter the threshold value.
 When you are finished defining alerts, click Next to continue configuration or Finish to exit and save the current
configuration.
 After clicking Next , you can configure the Data Collector Set to run as a particular user. Click the Change button to enter
the user name and password for a different user than the default listed.