You are on page 1of 40

Window Server Monitors

About Server Monitoring

Server Monitoring
Process to monitor server's system.
Fundamentally concerned with observing how a
server reacts to the operating load placed upon
it or during various types of performance

Purpose of Server

Server Health Check

Bottleneck Identification

Capacity Planning

Tools Used
Multiple licensed and open source tool exist to
generate load and retrieve server statistics.
Below tools are used by us for the monitoring
HP Load Runner

Both LR and RPT in turn draws information from

windows native tool performance monitor and
represent data / measurements in their own

Windows Built-In Tools

Windows has two built-in tools to keep tab of system
Resource Monitor
See which programs and/or services are consuming windows system
Builds on Task Manager by adding more detail in one easy-to-use
Provides quick summary of overall CPU, disk, network and memory

Performance Monitor
lets you examine a large number of counters for system
Presents performance data in real time or through the collection of
data inside log files that can be reviewed as needed.
Collects performance data based on counters, which are
measurements of system activity or the current system state.

Whats there in Server

Hardware Components

Hard Disk
Network Interface Controller
Window server performance can be altered by altering
these hardware components

Software that manages computer hardware and
software resources and provides common services for
computer programs.
Windows separates application-oriented software
from OS software.


Know First
Kernel & Hardware

Most used and most fundamental components of the OS.
Computer program that manages input/output requests
from software, and translates them into data processing
instructions for the central processing unit and other
electronic components of a computer.

Privileged mode or kernel mode.

OS software runs in this mode
software has access to system data and to the hardware.

User Mode
The remaining software, runs in user mode, has limited
access to system data.

Kernel & Hardware

The kernel's primary function is to mediate access
to the computer's resources

Basics of server monitored components

Network Interface

Different counters related to each component


Know First
Virtual Memory
Page Faults
Page Pooling

Virtual Memory
Optimization techniqueimplemented by the
operating system
Unlike RAM, doesnt physically exist on
memory chip
Functions with the help of paging
Allows an application program the impression
that it has more memory than actually exists.
Hence allows the use of programs that are
too big to physically fit in memory.
Allow for multitasking multiple programs
running at once.

Virtual Memory-Includes



Set of contiguous
addresses that
the VMM set
aside for a
Not count against
the process's
memory quota
until it is used.

VMM saves space

for process in
Pagefile.sys in
case it needs to
be written to
Commit limit is
the amount of
memory that can
be committed
expanding the
paging file.
If disk space is
available, the
paging file can
expand, and the
commit limit will
be increased.

memory includes
free memory,
zeroed memory
and memory on
the standby list,
which has been
removed from a
process's working
set but might be


Whenever the O.S. needs a block of memory thats not in RAM, the VMM
takes a block from the real memory that hasnt been used recently, writes
it to the paging file, and then reads the block of memory that the O.S.
needs from the paging file. The VMM then takes the block of memory from
the paging file, and moves it into the real memory in place of the old

Data can be stored in the paging file on the hard disk, but it is not usable
until that data is brought into the RAM.

Paging File
VMM creates a file on the hard disk
that holds the extra memory that is
needed by the O.S
The paging file combined with the
RAM accounts for all of the memory.
Blocks of memory that are swapped
are called pages.

Page Fault
Page fault occurs when a program requests a
page of code or data is not in its working set
A hard page fault occurs when the requested page
must be retrieved from disk.
Hard faults cause paging(excessive is called thrashing),
which can degrade performance as accessing the
hard disk is slow and takes time

A soft page fault occurs when then the requested

page is found elsewhere in physical memory.
Soft page faults can be satisfied quickly and relatively
easily by the Virtual Memory Manager,

Page Pooling
Pool Resources
When a machine boots up, the Memory Manager
creates two dynamically sized memory pools that
kernel-mode components use to allocate system
Paged Pool
Paged Pool is exactly what its name implies - it can be
paged out

Non Paged Pool

The Non Paged Pool cannot be paged out.
Drivers use the Non Paged Pool for many of their
requirements because they can be accessed at any
Interrupt Request Level (IRQL).

Memory Counters



Know First
Process & Threads
Some More Terms

Chip/ logic circuitry that responds to and
processes the basic instructions that drive a
Basic system instructions may include processing
mouse and keyboard input and running
Processors are associated with the operating
system and user programs support at least two
modes of execution -privileged & user mode

Process & Threads

Executing instance of an application.
A collection of one or more threads and associated system
resources such as memory, open files and devices.
A process has a virtual address space, executable code,
open handles to system objects, a security context, a
unique process identifier, environment variables, a priority
class, minimum and maximum working set sizes, and at
least one thread of execution.

Process & Threads

Entity within a process that can be scheduled for
All threads of a process share its virtual address space and
system resources.
Each thread maintains exception handlers, a scheduling
priority, thread local storage, a unique thread identifier,
and a set of structures the system will use to save the
thread context until it is scheduled.

The Idle Process

When not executing the thread of an active user or system
process, processor execute a thread of a process
It has such a low base priority that it runs only when
nothing else is scheduled to run.

Ability of aprogramto manage its use by
more than one user at a time and to even
manage multiple requests by the same user
without having to have multiple copies of the
programming running in the computer.
For example, word processor that prints a document
using a background thread, but at the same time
another thread is running that accepts user input, so
that you can type up a new document.

Some more Terms

Threads aren't allowed to run until done.
Instead, precious time with the processor is
allowed for a pre-set amount of time, called
a time slice, and then the thread is "preempted" to allow other threads to run.
The system scheduler controls multitasking
by determining which of the competing
threads receives the next processor time
slice. The scheduler determines which
thread runs next using scheduling priorities.

Thread Priority
Threads are scheduled to run based on
theirscheduling priority. Each thread is assigned a
scheduling priority. The priority levels range from zero
(lowest priority) to 31 (highest priority).
As time passes and a thread doesn't get CPU time then
its priority will be dynamically adjusted upward to
ensure that eventually it will get time on the processor

Context Switches
The scheduler maintains a queue of executable
threads for each priority level. These are known
asready threads.
When a processor becomes available, the system performs
acontext switch as below:
Save the context of the thread that just finished executing.
Place the thread that just finished executing at the end of
the queue for its priority.
Find the highest priority queue that contains ready threads.

The most common reasons for a context switch are:

The time slice has elapsed.
A thread with a higher priority has become ready to run.
A running thread needs to wait.

Privileged Mode Vs User

Privileged or kernel mode
Processing mode that allows code to have direct
access to all hardware and memory in the
I/O operations and other system services run in
privileged (kernel) mode
User mode
User applications run in user mode.
Unless they are graphics-intensive or I/Ointensive (such as file and print services), most
applications should not be processing much
work in kernel mode.

Processor Counters
% Processor Time_Total Instance
Percentage of elapsed time a CPU is busy executing a non idle
thread (An indicator or processor activity).
Processor % Time of sustained at orover 85%may indicate that
processor performance (for that load) is the limiting factor.

% Privilege Time
Percent of threads running in privileged mode (file or network I/O,
or allocate memory)
Processor % Privilege Time consistentlyover 75 percentindicates a

Processor Queue Length

Number of tasks ready to run than the processors can get to.

High values many not necessarily be bad for % Processor Time. However, if the other
processor-related counters are increasing linearly such as % Privileged Time or Processor
Queue Length, high CPU utilization may be worth investigating.
Less than 60% consumed = Healthy
51% 90% consumed = Monitor or Caution
91% 100% consumed = Critical or Out of Spec

Processor Counters
System\Context Switches /sec.
Occurs when higher priority threads preempts lower priority
threads that are currently running, and can indicate when too
many threads are competing for processor time.
If much processor utilization is not seen and very low levels of context
switching are seen, it could indicate that threads are blocked
As a general rule, context switching rates ofless than 5,000 per
secondper processor are not worth worrying about. If context
switching ratesexceed 15,000 per secondper processor, then there
is a constraint.


Know First
Disk storage is a general category of storage
mechanisms where data are recorded by various
electronic, magnetic, optical, or mechanical
changes to a surface layer of one or more rotating
Disk drive is a device implementing such a
storage mechanism and is usually distinguished
from the disk medium
Different types like HDD, FDD

Know First
Physical Disk
Actual physical HDD
Collection of disk partitions used to store all server

Logical Volume
Logical Disk refers to a Volume that has been
created on that disk.
Presents a user with a contiguous address space;
that is, a logical volume simulates one large
contiguous storage space by using regions of
different disks
A logical volume manages physical volumes by

Disk Counters
Perfmon has two objects related to disk
The Physical Disk performance object
Monitors disk drives on the computer.
Identifies the instances representing the physical
Counters are the sum of the access to all
partitions on the physical instance.

The Logical Disk Performance object

Monitors logical partitions.
Performance monitor identifies logical disks by
their drive letter or mount point.

Disk Counters

Disk Counter

Quiz Time