Файловый архив студентов. Файловый архив студентов.
1261 вуз, 4628 предмет.
/ Регистрация
FAQ Обратная связь Вопросы и предложения
Добавил:
Upload Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз:
Алматинский университет энергетики и связи
Предмет:
[НЕСОРТИРОВАННОЕ]
Файл:

20411B-ENU-TrainerHandbook

.pdf
Скачиваний:
237
Добавлен:
01.05.2015
Размер:
16.48 Mб
Скачать

Administering Windows Server® 2012 13-5

divide the value given by 1,048,576 for Mbps. If the value approaches the network’s maximum

MCT

potential bandwidth, you should consider implementing a switched network or upgrading to a

network that supports higher bandwidths.

 

 

• Network Interface > Output Queue Length. This counter indicates the current length of the output

 

 

packet queue on the selected network interface. A growing value, or one that is consistently higher

 

 

than two, could indicate a network bottleneck, which you should investigate.

 

 

• Network Interface > Bytes Total/sec. This measures the rate at which bytes are sent and received over

each network adapter, including framing characters. The network is saturated if you discover that

USE

 

 

more than 70 percent of the interface is consumed.

 

 

Overview of Resource Monitor

 

 

The Resource Monitor interface in Windows Server

 

 

 

 

ONLY.

2012 provides an in-depth look at your server’s

 

real-time performance.

 

 

 

 

You can use Resource Monitor to monitor the

 

 

 

use and performance of CPU, disk, network, and

 

 

 

memory resources in real time. This enables you

 

 

 

to identify and resolve resource conflicts and

 

 

 

bottlenecks.

 

 

 

By expanding the monitored elements, system

 

 

 

administrators can identify which processes are

 

 

 

using which resources. Furthermore, you can use

 

 

 

 

STUDENT

Resource Monitor to track a process or processes

 

 

by selecting their check boxes. When you select a process, it remains selected in every pane of Resource

Monitor, which provides the information that you require regarding that process at the top of the screen,

no matter where you are in the interface.

USE

Overview of Event Viewer

Windows Event Viewer provides access to the

 

 

 

 

Windows Server 2012 event logs. Event logs

 

 

 

provide information regarding system events

 

 

 

that occur within Windows. These events include

 

 

 

information, warning, and error messages about

 

 

 

Windows components and installed applications.

 

 

 

Event Viewer provides categorized lists of essential

 

 

 

Windows log events, including application,

 

 

 

security, setup, and system events, as well as log

 

 

 

groupings for individual installed applications

 

 

 

and specific Windows component categories.

 

 

 

Individual events provide detailed information

 

PROHIBITED

regarding the type of event that occurred, when the event occurred, the source of the event, and

technical detailed information to assist in troubleshooting the event.

 

 

13-6 Monitoring Windows Server 2012

MCT

 

 

 

 

 

Additionally, Event Viewer allows you to consolidate logs from multiple computers onto a centralized

 

 

computer by using subscriptions. Finally, you can configure Event Viewer to perform an action based on a

 

 

specific event or events occurring. This may include sending an email message, launching an application,

 

 

The inclusion of several new logs. You can access logs for many individual components and USE subsystems.

The ability to view multiple logs. You can filter for specific events across multiple logs, thereby makingONLY it simple to investigate issues and troubleshoot problems that might appear in several logs.

The inclusion of customized views. You can use filtering to narrow searches to only events in which you are interested, and you can save these filtered views.

The ability to configure tasks scheduled to run in response to events. You can automate responses to

events. Event Viewer is integrated with Task Scheduler. .

The ability to create and manage event subscriptions. You can collect events from remote computers, and then store them locally. STUDENT• The component or subsystem that generated the eventrunning a script, or other maintenance actions that could notify you or attempt to resolve a potential

Information, Warning, or Error status

The time of the occurrence

The user’s name on whose behalf the event occurred

The computer on which the event occurred

A link to Microsoft TechNet for more information about the event

Windows Server Logs

Event Viewer has many built-in logs, including those in the following table.

Built-In Log

Description and Use

 

 

Application log

This log contains errors, warnings, and informational events that pertain to

 

the operation of applications such as Microsoft Exchange Server, the Simple

 

Mail Transfer Protocol (SMTP) service, and other applications.

Security log

This log reports the results of auditing, if you enable it. Audit events are

 

described as successful or failed, depending on the event. For instance, the

 

log would report success or failure regarding whether a user was able to

 

access a file.

Setup log

This log contains events related to application setup.

 

 

PROHIBITED USE

By default, Windows log files are 1,028 kilobytes (KB) in size, and events are overwritten as needed. If you want to clear a log manually, you must be logged in to the server as a local administrator. If you want to centrally configure event log settings, you can do so by using Group Policy. Open the Group Policy Manage Editor for your selected Group Policy object (GPO), and then navigate to
Computer Configuration\Policies\Administrative Templates\Windows Components \Event Log Service.
For each log, you can define:
This log stores events that are collected from remote computers. To collect events from remote computers, you must create an event subscription.
Application and Services Logs
Applications and Services logs store events from a single application or component rather than events that might have system-wide impact. This category of logs includes four subtypes:
Forwarded events
System log
General events are logged by Windows components and services, and are classified as error, warning, or information. Windows predetermines the events that system components log.
Built-In Log
Description and Use
Administering Windows Server® 2012

13MCT-7 USE

Admin

.ONLY

 

Operational

 

Analytic

 

Debug

USESTUDENT

 

 

Admin logs are of interest to IT professionals who use Event Viewer to troubleshoot problems. These logs provide guidance about how to respond to issues, and primarily target end users, administrators, and support personnel. The events found in the Admin channels indicate a problem and a well-defined solution upon which an administrator can act.

Events in the Operational log also are useful for IT professionals, but they are likely to require more interpretation. You can use operational events to analyze and diagnose a problem or occurrence, and to trigger tools or tasks based on the problem or occurrence.

Analytic and Debug logs are not as user friendly. Analytic logs store events that trace an issue, and they often log a high volume of events. Developers use debug logs when they are debugging applications. By default, both Analytic and Debug logs are hidden and disabled.

The location of the log file.

PROHIBITED

 

• The maximum size of the log file.

 

Automatic backup options.

 

• Permissions on the logs.

 

• Behavior that occurs when the log is full.

 

13-8 Monitoring Windows Server 2012

Lesson 2

Using Performance Monitor

You can use Performance Monitor to collect, analyze, and interpret performance-related data about your organization’s servers. This enables you to make informed capacity planning decisions. However, to make informed decisions, it is important that you know how to establish a performance baseline, how to use data collector sets, and how to use reports to help you compare performance data to your baseline.

Lesson Objectives

After completing this lesson, you will be able to:

Describe a baseline.

Describe data collector sets.

Explain how to capture counter data with a data collector set.

Explain how to configure an alert.

Explain how to view Performance Monitor reports.

Identify the key parameters that you should track when monitoring network infrastructure services.

Identify considerations for monitoring virtual machines.

Baseline, Trends, and Capacity Planning

By calculating performance baselines for your server environment, you can interpret real-time monitoring information more accurately. A baseline for your server’s performance indicates what your performance-monitoring statistics look like during normal use, and you can establish a baseline by monitoring performance statistics over a specific period. When an issue or symptom occurs in real time, you can compare your baseline statistics to your real-time statistics, and then identify anomalies.

Trends Analysis

You should consider the value of performance data carefully to ensure that it reflects your real server environment.

Additionally, you should consider performance analysis, as well as business or technological growth and upgrade plans. It is possible to reduce the number of servers in operation after you measure performance and assess the required environment.

By analyzing performance trends, you can predict when existing capacity is likely to be exhausted. Review historical analysis with consideration to your business, and use this to determine when additional capacity is required. Some peaks are associated with one-time activities, such as extremely large orders. Other peaks occur on a regular basis, such as a monthly payroll. These peaks could require increased capacity to meet an increasing number of employees.

Planning for future server capacity is a requirement for all organizations. Business planning often requires additional server capacity to meet targets. By aligning your IT strategy with your business strategy, you can support business objectives.

PROHIBITED USE STUDENT .ONLY USE MCT

A computer suffering from a severe resource shortage might stop processing user requests, which requires immediate attention. However, if your computer experiences a bottleneck, but still operates within acceptable limits, you might decide to defer any changes until you resolve the situation or you have an opportunity to take corrective action.
Analyzing Key Hardware Components
After you identify a bottleneck, you must decide how to remove it. Your options for removing a bottleneck include:

 

Administering Windows Server® 2012

13-9

 

 

 

 

MCT

Furthermore, you should consider virtualizing your environment to reduce the number of physical servers

that you require. You can consolidate servers by implementing the Hyper-V® role in the Windows Server

2012 environment.

 

USE

Capacity Planning

 

Capacity planning focuses on assessing server workload, the number of users that a server can support,

and the ways to scale systems to support additional workload and users in the future.

 

New server applications and services affect the performance of your IT infrastructure. These services

 

 

 

 

could receive dedicated hardware although they often use the same local area network (LAN) and wireless

area network (WAN) infrastructure. Planning for future capacity should include all hardware components

and how new servers, services, and applications affect the existing infrastructure. Factors such as power,

.ONLY

cooling, and rack space are often overlooked during initial exercises to plan capacity expansion. You

should consider how your servers can scale up and out to support an increased workload.

 

Tasks such as upgrading to Windows Server 2008 R2 and updating operating systems might affect your

 

 

servers and network. An update can sometimes cause a problem with an application. Careful performance

monitoring before and after you apply updates can identify problems.

 

 

 

An expanding business requires you to provide support for more users. You should consider business

 

 

 

requirements when purchasing hardware. By doing this, you can meet future business requirements by

 

 

increasing the number of servers or by adding capacity to existing hardware.

 

 

 

Capacity requirements include:

 

STUDENT

More servers

 

Additional hardware

 

Reducing application loads

 

Reducing users

 

Understanding Bottlenecks

A performance bottleneck occurs when a computer is unable to service the current requests for a specific resource. The resource might be a key component, such as a disk, memory, processor, or network. Alternatively, the shortage of a component within an application package might cause the bottleneck.

By using performance-monitoring tools on a regular basis, and comparing the results to your baseline and

to historical data, you can identify performance bottlenecks before they affect users.

USE

 

Running fewer applications

Adding resources to the computer

By understanding how your operating system uses the four key hardware components—processor, disk, memory, and network—and how they interact with one another, you begin to understand how to optimize server performance.

PROHIBITED

13-10 Monitoring Windows Server 2012

Processor

Processor speed is one important factor in determining your server’s overall processor capacity. Processor

MCT

speed is determined by the number of operations that are performed in a measured period. Servers with

 

multiple processors, or processors with multiple cores, generally perform processor-intensive tasks with

 

greater efficiency, and typically are faster, than single processor or single-core processor computers.

 

Processor architecture also is important. 64-bit processors can access more memory and have a significant

effect on performance. However, it is important to note that both Windows Server 2012 and Windows

USE

Server 2008 R2 are available in 64-bit editions only.

.ONLY

Disk

Hard disks store programs and data. Consequently, the throughput of its disks affects the speed of the

workstation or server, especially when the workstation or server is performing disk-intensive tasks. Most

hard disks have moving parts, and it takes time to position the read/write heads over the appropriate disk

sector to retrieve the requested information.

By selecting faster disks, and by using collections of disks to optimize access times, you can alleviate the

potential for the disk subsystem to create a performance bottleneck.

 

You also should remember that information on the disk moves into memory before it is used. If there is a surplus of memory, the Windows Server operating system creates a file cache for items recently written to, or read from, the disks. Installing additional memory in a server can often improve the disk subsystem performance, because accessing the cache is faster than moving the information into memory.

Memory

Programs and data load from the disk into memory before the program manipulates the data. In servers that run multiple programs, or where datasets are extremely large, increasing the amount of memory installed can help improve server performance.

Windows Server uses a memory model in which excessive memory requests are not rejected, but handled

 

by a process known as paging. During paging, data and programs in memory not currently being utilized

by processes are moved into an area on the hard disk, known as the paging file. This frees up physical

STUDENT

 

memory to satisfy the excessive requests, but because a hard disk is comparatively slow, it has a negative effect on workstation performance. By adding more memory, and by using a 64-bit processor architecture that supports larger memory, you can reduce the need for paging.

Network

USE

 

It is easy to underestimate the effect of a poorly performing network, because it is not as easy to see or to

measure as the three other workstation components. However, the network is a critical component for

PROHIBITED

performance monitoring, because network devices store so many of the programs, the data that is

processing, and applications.

 

Administering Windows Server® 2012

What Are Data Collector Sets?

A data collector set is the foundation of Windows

Server performance monitoring and reporting in

Performance Monitor.

You can use data collector sets to gather performance-related information and other system statistics, on which you can conduct analysis with other tools within Performance Monitor, or with third-party tools.

Although it is useful to analyze current performance activity on a server computer, you might find it more useful to collect performance data over a set period, and then analyze and

compare it with data that you gathered previously. You can use this data comparison to determine resource usage to plan for growth and to identify potential performance problems.

13-MCT11

ONLY USE .

Performance counters. This data collector provides server performance data. STUDENT

Event trace data. This data collector provides information about system activities and events, which often is useful for troubleshooting.

System configuration information. This data collector allows you to record the current state of registry

keys and to record changes to those keys.thePerformanceYou

Demonstration: Capturing Counter Data with a Data Collector Set

This demonstration shows how to:

Create a data collector set.

Create a load on the server.

Analyze the resulting data in a report.

Demonstration Steps

Create a data collector set

1.Switch to LON-SVR1, and sign in as Adatum\Administrator with the password Pa$$w0rd.

2.Open Performance Monitor.

3.Create a new User Defined data collector set with the following key counters: o Processor > % Processor Time

o Memory > Pages/sec

o PhysicalDisk > % Disk Time

o PhysicalDisk > Avg. Disk Queue Length

PROHIBITED USE

13-12 Monitoring Windows Server 2012

o System > Processor Queue Length

o Network Interface > Bytes Total/sec

4.Start the data collector set.

Create a disk load on the server

1.Open a command prompt, and then use the fsutil command to create a large file.

2.Copy the file to the LON-DC1 server to generate network load.

3.Create a new copy of the large file on the local hard disk by copying it from LON-DC1.

4.Delete all the newly created files.

Analyze the resulting data in a report

1.Switch to Performance Monitor, and then stop the data collector set.

2.Select the Performance Monitor tool, and then select View Log Data.

3.Add the data that you collected in the data collector set to the chart.

4.Change the view to Report.

Demonstration: Configuring an Alert

With alert counters, you can create a custom data collector set that contains performance counters for which you can configure actions that occur based on the measured counters exceeding or dropping below the limits that you define. After you create the data collector set, you must configure the actions that the system will take when the alert criteria are met.

Alert counters are useful in situations where a performance issue arises periodically, and you can use the actions to run programs, generate events, or a combination of these.

This demonstration shows how to:

Create a data collector set with an alert counter.

Generate a server load that exceeds the configured threshold.

Examine the event log for the resulting event.

Demonstration Steps

Create a data collector set with an alert counter

1.Create a new User Defined data collector set.

2.Use the Performance Counter Alert option, and then add only the Processor > % Processor Time counter.

3.Set the threshold to be above 10 percent and to generate an entry in the event log when this condition is met.

4.Start the data collector set.

Generate a server load that exceeds the configured threshold

1.Open a command prompt, and then run a tool to generate a load on the server.

2.When the tool has run for a minute, stop it.

PROHIBITED USE STUDENT .ONLY USE MCT

Administering Windows Server® 2012

MCT

13-13

 

Examine the event log for the resulting event

 

 

Open Event Viewer, and examine the Diagnosis-PLA log for performance alerts.

Demonstration: Viewing Reports in Performance Monitor

This demonstration shows how to view a performance report.

USE

 

 

 

Demonstration Steps

 

 

View a performance report

 

 

1.

In the navigation pane, expand Reports/User Defined/LON-SVR1 Performance.

 

 

2.

Expand the folder beneath LON-SVR1 Performance. The previous collection process of the data

 

 

 

collector set generated this report. You can change from the chart view to any other supported view.

3.

Close all open windows.

ONLY.

 

 

 

 

 

 

 

 

Helps optimize network infrastructure server

 

STUDENT

 

performance. By providing performance

 

 

 

 

 

 

baseline and trend data, you can help

 

 

 

 

your organization to optimize network

 

 

 

 

 

 

 

 

infrastructure server performance.

 

 

Enables troubleshooting of servers. Where server performance degrades, either over time or during

 

 

 

USE

 

periods of peak activity, you can help to identify possible causes and take corrective action. Thereby,

 

you can bring the service back within the limits of your Service Level Agreement (SLA).

 

 

Enables you to use Performance Monitor to gather and analyze the relevant data.

 

 

General DNS server statistics, including the number of overall queries and responses that the DNS

 

 

 

server is processing.

 

 

User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) counters for measuring DNS

 

 

 

queries and responses that the DNS server processes respectively by using either of these transport

 

 

 

protocols.

 

 

Dynamic update and secure dynamic update counters for measuring registration and update activity

 

that dynamic clients generate.

PROHIBITED

 

 

 
When you create a virtual machine, you configure characteristics that define the available resources for that guest. These resources include memory, processors, disk-configuration and storage technology, and network-adapter configuration. These virtual machines operate within the boundaries of the resources that you allocate to them, and can suffer from the same performance bottlenecks as host servers. As a result, it is important that you monitor virtual machines in the same way, and with the same tools, that you monitor your host servers.
Considerations for Monitoring Virtual Machines
Server virtualization has only been a part of the Windows Server operating system since the release of Windows Server 2008 and the introduction of the Hyper-V role. Many
organizations have migrated some or all of their server workloads to virtual machines that are running on the Hyper-V platform. From a monitoring perspective, it is important to remember that servers running as guest virtual machines consume resources in the same way as physical host server computers.
With Hyper-V server virtualization, you can create
separate virtual machines, and run them concurrently by using the resources of a single server operating system. These virtual machines are known as guests, while the computer running Hyper-V is the host.

13-14 Monitoring Windows Server 2012

Memory usage counter, for measuring system memory usage and memory allocation patterns that are created by operating the server computer as a DNS server.

Recursive lookup counters for measuring queries and responses when the DNS Server service uses recursion to look up and fully resolve DNS names on behalf of requesting clients.

Zone transfer counters, including specific counters for measuring the following: all zone transfer (AXFR), incremental zone transfer (IXFR), and DNS zone-update notification activity.

Monitoring DHCP

The Dynamic Host Configuration Protocol (DHCP) service provides dynamic IP configuration services on your network. You can monitor the Windows Server 2012 DHCP server role to determine the following aspects of your DHCP server:

The Average Queue Length, which indicates the current length of the DHCP server’s internal message queue. This number represents the number of unprocessed messages that the server receives. A large number might indicate heavy server traffic.

The Milliseconds per packet (Avg.) counter is the average time in milliseconds that the DHCP server uses to process each packet that it receives. This number varies depending on the server hardware and its I/O subsystem. A spike could indicate a problem, either with the I/O subsystem becoming slower or because of an intrinsic processing overhead on the server.

USE STUDENT .ONLY USE MCT

Virtual machine guests function as normal computers. Virtual machine guests that are hosted on the same hypervisor remain independent of one another. You can run multiple virtual machines that are using different operating systems on a host server simultaneously, as long as the host server has enough resources.

PROHIBITED

Соседние файлы в предмете [НЕСОРТИРОВАННОЕ]
Помощь Обратная связь Вопросы и предложения Пользовательское соглашение Политика конфиденциальности