Whether you're sleuthing server-performance problems, determining how to tune your system, or sizing a server for new applications, the first step is to learn how to leverage your OS's native performance tools. As Windows NT 4.0 became more popular and IT professionals creatively used it for more complex and larger solutions, the OS's native performance tools quickly began to show their age. Although NT 4.0's core performance tools are still available in Windows 2000 (Win2K), Microsoft has enhanced them to keep up with today's IT professionals. Win2K's primary performance tools include System Performance Monitor and Windows Task Manager. If you're familiar with NT 4.0's Performance Monitor and Task Manager, you'll quickly master Win2K's enhanced versions and enjoy taking advantage of their new features.
Performance Monitor vs. Task Manager
Which tool is best for you? Most likely, you'll use both Performance Monitor and Task Manager depending on your mission. Performance Monitor is the tool of choice for obtaining detailed information, logging data for extended analysis, and collecting performance information based on performance events that occur within your system. Task Manager provides a quick look into what is occurring on your system but doesn't provide a mechanism for logging. However, Task Manager lets you manage applications (i.e., processes) that might be adversely affecting your system.
Performance Monitor
Performance Monitor is a Microsoft Management Console (MMC) snap-in. To invoke this tool, select Start, Programs, Administrative Tools, Performance. Alternatively, you can invoke Performance Monitor by selecting Start, Run, inputing Performance Monitor in the Open text box, then pressing Enter. Win2K's Performance Monitor provides the following features to monitor and analyze your server's performance.
In addition to these monitoring tools, Performance Monitor provides enhanced functionality: Alerts let you generate an action (i.e., run a command or script) based on the counter value thresholds you set in Performance Monitor. In addition, all your settings move with you from one reporting mode to another reporting mode. When you start Performance Monitor, the tool recalls your last settings. Thus, you don't have to save your default settings to a .pwm file and recall them to begin analyzing your system. These setting are system based, so the next person who logs in will see the view that you left. The new tool offers more flexibility in how you store the data that Performance Monitor generates (e.g., you can store data as HTML, binary, .csv, .tsv, and binary circular) than previous versions offered. You can start and stop performance logging based on a date/time group. You can automatically start another copy of the tools based on Performance Monitor events that you configure on your system. Finally, the new tool has a friendlier mechanism to simultaneously collect performance data from multiple servers.
Although NT 4.0 provides some of this functionality (if you install tools from the Microsoft Windows NT Server 4.0 Resource Kit), Win2K provides these features in an integrated, friendlier tool that saves you the extra step of loading additional resource kit tools. In addition, Win2K's Performance Monitor can't read performance logs that you generate with NT's Performance Monitor.
Performance Monitor in the Real World
To find details about the basic mechanics of using Win2K's Performance Monitor, click About Performance Monitor in the tool's Help menu. This file provides helpful information and useful directions.
The following scenarios show you how to leverage Performance Monitor's capabilities. To take full advantage of Performance Monitor's functionality, you must activate all your system's performance counters. For information about how to activate these counters in Win2K, see the sidebar "Activating All Performance Counters."
General performance monitoring. When you start Performance Monitor, the tool presents you with the default Performance window, which Screen 1 shows. To add any combination of counters to the right display pane, click the addition sign (+) button in the toolbar at the top of the right display pane. Table 1 outlines the minimum counters you should monitor for general performance monitoring. When you're examining specific resources, include the appropriate counters for analyzing that area.
In the Performance window, you can quickly change between chart, report, or histogram views by selecting the appropriate icon below the Performance Monitor's menu bar. Screen 1 shows an example of the report view. You can view the performance of a remote server by clicking the + button, selecting the Select counters from computer option, and entering the remote computer's name using the Uniform Naming Convention (UNC) format. (Performance Monitor enters the name of the local computer by default.) You must have administrative rights on the remote system you want to monitor.
Long-term performance analysis. What if you want to collect performance information over time to develop a baseline? With NT 4.0, your biggest hurdle is the physical size that the performance logs might grow to. To work around this limitation, Win2K's Performance Monitor lets you schedule log collection by time or date. This enhancement lets you isolate the collection of data to times of interest, thus lowering the amount of data Performance Monitor collects. To set a schedule, expand the Performance Logs and Alerts object in the left pane of the Performance window, right-click a log, and select the Schedule tab. On the Schedule tab, you can configure start and stop times. Collecting performance data during typical operations (i.e., from 8:00 a.m. to 6:00 p.m.) is common.
Depending on your environment, you might want to collect data for several weeks at a time for trend analysis. To avoid having to perform maintenance on these files as they grow, select Counter Logs, right-click the file you want to manage, select Properties, click the Log Files tab, select Binary Circular File from the Log file type drop-down list, and input a limit in the Limit of text box, as Screen 2 shows. Leveraging this performance-collection strategy lets you limit the amount of disk space a performance file uses. If you match the sampling rate to the amount of disk you want to use for performance collection, you can monitor and access several weeks worth of performance data without worrying about performance log size maintenance.
Sampling rates. How often do you need to sample your system for performance data? The answer depends on your goals. If you sample more often than every 5 seconds, you place a slightly higher load on your system (i.e., 1 to 3 percent) and your performance log files require more disk space than if you sample at a usual rate (i.e., less often than every 5 seconds). If you don't sample often enough, you risk not monitoring the system when it experiences a problem.
Win2K provides a much broader range of objects and counters than previously available. If you collect all possible performance data on a system with one disk and one network connection, each sample you collect requires more than 200Kb per sample. Most administrators don't need to monitor every possible performance object and its associated counters. If you collect performance data from the counters that Table 1 list, each sample consumes approximately 2Kb. Using this information as a baseline, Table 2 provides general guidelines about performance collection rates.
Which Process Is the Bottleneck?
Has a customer complained about poor system performance, but when you investigated everything looked fine? Performance Monitor's alert feature comes to the rescue in this type of situation. First, monitor using the counters that Table 1 lists and set performance thresholds on each counter. This setup will provide you with your system's general performance baseline, but you'll need more data to determine which application or process is swamping your system. To obtain this information, use Performance Monitor's alert feature to start any action based on an event you define (e.g., when your counters reach their maximum performance thresholds).
For this example, set an alert to start a copy of the Performance Monitor counter logs when CPU usage exceeds 98 percent. (Occasional peaks in CPU usage might trigger this alert even when a problem doesn't exist. You can use third-party tools to start additional performance collection based on more advanced logical sequences—e.g., when CPU usage exceeds 90 percent for 5 minutes, start additional performance data collection. For more information about these tools, see the sidebar "Third-Party Monitoring Tools.") To configure this alert, start Performance Monitor, expand Performance Logs and Alerts, and select Alerts. Right-click in the right pane, and select New, Create New Alert Settings and a name. Add the counters you want to monitor and their threshold for triggering an action; select the Action tab, the Start performance log option, a counter log to start, and the Schedule tab; and fill in the times you want to run the monitor. Use a counter log that collects data from at least the counters that Table 1 lists and all the counters and instances under the Process object.
With this setup, Performance Monitor will alert you when your system has a performance problem, and the software will provide you with quantifiable and empirical data that illustrates which process is causing the problem. (Performance Monitor will provide this information in the detailed counter logs that the tool started only after your system reached a certain threshold.)
Performance Monitor's alert feature is flexible. You can tell the alert function to start any script or application. You can have the system send you an email message or start a batch file that pings (i.e., ping.exe), then trace routes (i.e., tracert.exe ) the network path to a distant system with which you want to interact. In this manner, you can measure the network response time to determine whether your network has problems.
Task Manager
Performance Monitor helps you track problems over time, but what can you do about problem processes in realtime? Task Manager provides mechanisms to monitor in realtime and resolve performance problems. For example, say you have a hunch that cpustres.exe is your system's CPU hog. To activate Task Manager, press Ctrl+Alt+Del and click Task Manager. Alternatively, you can run taskmgr.exe from the command line. After you start this tool, you can view numerous columns of performance data on the Processes tab. The amount of data available on Win2K's Task Manager Processes tab is much greater than on NT 4.0's Task Manager Processes tab—particularly finer grain I/O information is available on a per-process basis (e.g., I/O reads, I/O writes). Within the Processes view, you can quickly determine what amount of CPU, memory, and disk resources each process is consuming. The Applications tab lets you see which processes or applications are not responding.
To find out whether cpustres.exe is your system's CPU hog, select the Processes image name column to place the process list in alphabetical order. This action simplifies finding cpustres.exe. After you find the filename, highlight it by clicking it, then right-click it. Task Manager presents you with several system control options, which Table 3 defines. You can lower cpustres.exe's priority by selecting Set Priority, BelowNormal, as Screen 3 illustrates.
In the unlikely event that an application has gone astray and you must terminate it, some applications won't terminate when you select this Task Manager option—even if you have administrator privileges. In this situation, you can use the Microsoft Windows 2000 Resource Kit kill.exe f process ID command to terminate the application. You can add the process ID column that corresponds to the application you want to kill to Task Manager. However, this command is powerful and can crash your system.
Use Your Imagination
You can use the primary Win2K performance monitoring and tuning tools to manage the performance of systems in your enterprise. The new functionality these enhanced tools provide lets you be more proactive in tuning your enterprise's systems. You now know how to take advantage of new features such as Performance Monitor alerts and Task Manager information resources. However, don't limit your monitoring and tuning to these features—be creative. With a little experimenting, you'll be surprised at how helpful these enhanced tools can be.
