Chapter 13, Monitoring and Optimization

Chapter 13, Lesson 1

Disk Monitoring and Optimization

|1| 1. Check Disk

A. Check Disk allows you to check for file system errors and bad sectors on your hard disk.

B. You can access Check Disk through the Properties dialog box for the specific disk.

C. All running applications or open files must be closed.

D. For NTFS volumes, Microsoft Windows 2000 logs all file transactions, replaces bad clusters, and stores copies of key information.

2. Disk Defragmenter

|2| A. Defragmenting disks

1. Defragmenting refers to the process of finding and consolidating fragmented files and folders.

2. You can use the Disk Defragmenter snap-in to locate fragmented files and folders and then defragment them.

3. You can access the Disk Defragmenter snap-in in one of two ways.

a. Through the Computer Management snap-in

b. By creating a custom MMC console and adding the Disk Defragmenter snap-in

4. The details pane of the Disk Defragmenter snap-in is divided into three sections.

a. The upper portion lists the volumes that you can analyze and defragment.

b. The middle portion is a graphic representation of how fragmented the selected volume is.

c. The lower portion is a dynamic representation of the volume.

5. The display colors indicate the condition of the volume.

a. Red indicates fragmented files.

b. Dark blue indicates contiguous (nonfragmented) files.

c. White indicates free space on the volume.

d. Green indicates system files, which Disk Defragmenter cannot move.

6. To analyze or defragment a volume, you can choose one of the available options.

a. Analyze

b. Defragment

|3| B. Using Disk Defragmenter effectively

1. Run Disk Defragmenter when the computer will receive the least usage.

2. Educate users to defragment their local hard disks at least once a month to prevent accumulation of fragmented files.

3. Analyze the target volume before you install large applications, and then defragment the volume if necessary.

4. When you delete a large number of files or folders, your hard disk might become excessively fragmented, so be sure to analyze it afterward.

5. Consider using a disk defragmentation utility that allows you to perform a regularly scheduled network-wide defragmentation from a central location.

3. Data Compression

|4| A. Using compressed files and folders

1. Compressed files can be read by and written to any Windows-based or MS‑DOS-based application.

2. NTFS allocates disk space based on the uncompressed file size.

|5| B. Compressing files and folders

1. You can set the compression state of folders and files in Windows Explorer or by using the compact command-line utility.

2. You can compress a file or folder in the Properties dialog box for the specific file or folder.

3. You can set compression on an entire drive.

4. You must have Write permission to change the compression state.

5. The compression flag on a folder does not necessarily reflect the compression state of the files.

6. When you confirm attribute changes, you can select one of two options.

a. Apply changes to this folder only

b. Apply changes to this folder, subfolders and files

|6| C. Selecting an alternate display color for compressed files and folders

1. You can select a different display color for compressed files and folders.

2. You can change the display color by selecting Folder Options from the Tools menu.

|7| D. Copying and moving compressed files and folders

1. Copying a file or folder within an NTFS volume

2. Moving a file or folder within an NTFS volume

3. Copying a file or folder between NTFS volumes

4. Moving a file or folder between NTFS volumes

5. Moving or copying a file or folder to a FAT volume

6. Moving or copying a compressed file or folder to a floppy disk

|8| E. Using NTFS compression

1. Because some file types compress more than others, select file types to compress based on the anticipated resulting file size.

2. Do not store compressed files, such as PKZIP files, in a compressed folder.

3. To make it easier to locate compressed data, use a different display color for compressed folders and files.

4. Compress static data rather than data that changes frequently.

5. NTFS compression can cause performance degradation when you copy and move files.

4. Disk Quotas

|9| A. Managing disk quotas

1. Disk quotas track and control disk usage on a per-user, per-volume basis.

2. Disk quotas have several important characteristics.

a. Windows 2000 calculates disk space usage for users based on the files and folders they own.

b. Windows 2000 ignores compression when it calculates hard disk space usage. Users are charged for each uncompressed byte, regardless of how much hard disk space is actually used.

c. When you enable disk quotas, the free space Windows 2000 reports to applications for the volume is the amount of space remaining within the user’s disk quota limit.

3. You can use disk quotas to perform a number of tasks related to monitoring and controlling hard disk space usage.

a. Set a disk quota limit to specify the amount of disk space for each user.

b. Set a disk quota warning to specify when Windows 2000 should log an event, indicating that the user is nearing his or her limit.

c. Enforce disk quota limits and either deny users access if they exceed their limit or allow them continued access.

d. Log an event when a user exceeds a specified disk space threshold. The threshold could be when users exceed their quota limit or when they exceed their warning level.

4. After you enable disk quotas, Windows 2000 collects disk usage data for all users who own files and folders on the volume.

|10| B. Setting disk quotas

1. You can enable disk quotas and enforce disk quota warnings and limits for all users or for individual users.

2. The Quota tab includes a number of options.

a. Enable Quota Management

b. Deny Disk Space To Users Exceeding Quota Limit

c. Do Not Limit Disk Usage

d. Limit Disk Space To Set Warning Level To

e. Quota Entries

3. Windows 2000 will not allow users to create files or folders that exceed the limit.

|11| C. Determining the status of disk quotas

1. You can determine the status of disk quotas in the Properties dialog box for a disk.

2. The traffic light colors indicate the status of disk quotas.

a. A red traffic light indicates that disk quotas are disabled.

b. A yellow traffic light indicates that Windows 2000 is rebuilding disk quota information.

c. A green traffic light indicates that the disk quota system is active.

|12| D. Enforcing disk quotas

1. You can configure the disk space limit and the warning level for one or more specific users.

2. You can view a dialog box to monitor the following usage information for all users who have copied, saved, or taken ownership of files and folders in a volume.

a. The amount of hard disk space that each user uses

b. Users who are over their quota-warning threshold, which is signified by a yellow triangle

c. Users who are over their quota limit, which is signified by a red circle

d. The warning threshold and the disk quota limit for each user

3. Volume usage is tracked for all users owning files on a volume where the disk quota system is active.

|13| E. Guidelines for using disk quotas

1. If you enable disk quota settings on the volume where Windows 2000 is installed and your user account has a disk quota limit, log on as Administrator to install additional Windows 2000 components and applications.

2. You can monitor hard disk usage and generate hard disk usage information without preventing users from saving data.

3. Set more restrictive default limits for all user accounts, and then modify the limits to allow more disk space to users who work with large files.

4. Generally, you should set disk quotas on shared volumes to limit storage for users. Set disk quotas on public folders and network servers to ensure that users share hard disk space appropriately.

5. Delete disk quota entries for users who no longer store their files on a volume.

6. Before you can delete a quota entry for a user account, all files that the user owns must be removed from the volume or another user must take ownership of the files.

Chapter 13, Lesson 2

Simple Network Management Protocol Service

1. Overview of SNMP

|14| A. Introduction to SNMP

1. SNMP is a network management standard widely used with TCP/IP networks.

2. SNMP provides a method for managing network nodes from a centrally located network management station (NMS).

3. SNMP uses a distributed architecture of management systems and agents.

4. The agent reports hardware status and configuration information to the Management Information Base (MIB) database.

5. SNMP can be used in several ways.

a. To configure remote devices

b. To monitor network performance

c. To detect network faults or inappropriate access

(1) The shutdown or restart of a device

(2) The detection of a link failure on a router

(3) The inappropriate access to a network node

d. To audit network usage

6. The Windows 2000 implementation of the SNMP agent is a 32-bit service that supports computers running TCP/IP or IPX.

7. To use the information that Windows 2000 SNMP service provides, you must have at least one NMS.

8. Windows 2000 provides only the SNMP agent; it does not include SNMP management software.

|15| B. Management systems and agents

1. The NMS does not have to run on the same computer as the SNMP agent.

2. The NMS can request information from SNMP agents.

a. Network protocol identification and statistics

b. Dynamic identification of devices attached to the network (a process referred to as discovery)

c. Hardware and software configuration data

d. Device performance and usage statistics

e. Device error and event messages

f. Program and application usage statistics

3. SNMP agents provide SNMP managers with information about activities that occur at the IP network layer and respond to management system requests for information.

4. Agents do not originate messages except a trap message that is triggered by a specific event.

|16| C. Management Information Base

1. A MIB is a container of objects that represent a particular type of information.

2. All the information that a management system might request is stored in various MIBs.

3. A MIB defines values for each object it contains.

a. Name and identifier

b. Defined data type

c. A textual description of the object

d. An index method used for complex data type objects (usually described as a multidimensional array or as tabular data)

e. Read/write permissions

4. Each object in a MIB has a unique identifier that contains information.

a. Type (counter, string, gauge, or address)

b. Access level (read or read/write)

c. Size restriction

d. Range information

|17| D. SNMP messages

1. Agents and management systems use SNMP messages to inspect objects and communicate information about those objects.

2. The agent program retrieves requested information from the MIBs.

3. The management system and agent programs use a number of types of messages.

a. GET

b. GET-NEXT

c. SET

d. GET-BULK

e. NOTIFY

4. The communication process follows a number of steps.

a. A management system forms an SNMP message that contains an information request (GET), the name of the community to which the management system belongs, and the destination of the message.

b. The SNMP message is sent to the agent.

c. The agent receives the packet and decodes it. The community name (Public) is verified as acceptable.

d. The SNMP service calls the appropriate subagent to retrieve the session information requested from the MIB.

e. The SNMP takes the session information from the subagent and forms a return SNMP message that contains the number of active sessions and the destination.

f. The SNMP message is sent to the management system.

|18| 2. Defining SNMP Communities

A. You can assign groups of hosts to SNMP communities for limited security checking of agents and management systems or for administration.

B. You can define communities logically to take advantage of the basic authentication service provided by SNMP.

1. Agent 1 can send traps and other messages to Manager 2 because they are both members of the Public 2 community.

2. Agent 2, Agent 3, and Agent 4 can send traps and messages to Manager 1 because they are all members, by default, of the Public community.

C. Community names are managed by configuring SNMP security properties.

Note There is no relationship between community names and domain names. Community names represent a shared password for groups of network hosts, and they should be selected and changed as you would change any password.

3. Installing and Configuring the SNMP Service

|19| A. Managing the SNMP Service

1. The SNMP agent is not installed by default on a Windows 2000 Server computer.

2. You can install the SNMP agent by using the Add/Remove Programs utility in Control Panel.

3. Once the SNMP service is installed, you can configure the SNMP services by using the Services snap-in.

|20| B. SNMP service properties

1. You can configure how the SNMP service starts, logs on to the system, and recovers from an abnormal termination of the service or operating system.

2. You can specify a display name, description, startup type, and start parameters.

3. The Dependencies tab provides a list of services that depend on the SNMP service and those that the SNMP service depends on.

|21| C. Windows 2000 SNMP agent properties

1. The SNMP agent provides the related management system with information on activities that occur at the IP network layer.

2. You can configure the agent properties on the Agent tab of the SNMP Service Properties dialog box.

3. The Agent tab lists the services that you can select.

a. Physical

b. Applications

c. Datalink and subnetwork

d. Internet

e. End-to-end

|22| D. Trap properties

1. SNMP traps can be used for limited security checking.

2. You can configure trap destinations on the Traps tab of the SNMP Service Properties dialog box.

|23| E. Security properties

1. Send authentication traps

2. Accepted community names

3. Community rights

4. Accept SNMP packets from any host

5. Only accept SNMP packets from these hosts

4. Troubleshooting SNMP

|24| A. Event Viewer

1. SNMP error handling has been improved in Windows 2000.

2. Improved error handling is integrated with Event Viewer.

3. Use Event Viewer if you suspect a problem with the SNMP service.

|25| B. WINS service

1. When querying WINS server MIBs, you might need to increase the SNMP time-out period.

2. If some WINS queries work and others time out, increase the time-out period.

|26| C. IPX addresses

1. An Error message occurs when the IPX address has been entered incorrectly.

2. The SNMP service does not recognize an address with a comma or hyphen between the network number and Media Access Control (MAC) address.

3. The address used for an IPX trap destination must follow the IETF defined 8.12 format.

|27| D. SNMP service files

1. Wsnmp32.dll, Mgmtapi.dll

2. *.dll

3. Mib.bin

4. Snmp.exe

5. Snmptrap.exe

Chapter 13, Lesson 3

Performance Console

|28| 1. Introduction to the Performance Console

A. The Performance console is a built-in utility that you can access through the Administrative Tools program group.

B. The Performance console contains two snap-ins.

1. System Monitor allows you to collect real-time data about memory, disk, process, network, and other activity.

2. Performance Logs and Alerts allows you to configure logs to record performance data and set system alerts.

C. You can use performance data for a number of reasons.

1. To understand your workload and its effect on your system’s resources

2. To observe changes and trends in workloads and resource usage so that you can plan for future upgrades

3. To test configuration changes or other tuning efforts by monitoring the results

4. To diagnose problems and target components or processes for optimization

D. The Performance console provides detailed data about the resources used by specific components of the operating system.

2. System Monitor Snap-In

|29| A. Introduction to the System Monitor snap-in

1. Performance Monitor has been replaced by System Monitor.

2. The System Monitor snap-in allows you to perform a number of tasks.

a. Collect and view real-time performance data on a local computer or from remote computers

b. View data collected either currently or previously in a counter log

c. Present data in a printable graph, histogram, or report view

d. Incorporate System Monitor functionality into Microsoft Word or other applications in the Microsoft Office suite by means of Automation

e. Create HTML pages from performance views

f. Create reusable monitoring configurations that can be installed on other computers that use MMC

3. You can collect and view extensible data about the usage of hardware resources and the activity of system services.

4. You can define the data that you want the graph to collect.

a. Type of data

b. Source of data

c. Sampling parameters

B. System Monitor interface

|30| 1. Overview

a. Graph area

(1) You can choose to have data updated automatically or on demand.

(2) The movement of the timer bar across the graph indicates the passing of each update interval.

(3) You can define a number of attributes of the graph.

(4) To draw attention to a particular counter, use the highlight feature.

b. Legend

(1) The names and associated information for the counters that you select are shown in the legend.

(2) An object is a logical collection of counters associated with a resource or service that can be monitored.

(3) A counter is a data item associated with an object.

(4) An object instance is a term used to distinguish between multiple occurrences of the same counter on a computer.

c. Value bar

(1) The value bar is located beneath the graph area and above the legend.

(2) The values are calculated over the time period and number of samples displayed in the graph, not over the time that has elapsed since monitoring was started.

|31| 2. Monitoring system and network performance

a. Network activity can influence the performance not only of your network components but of your system as a whole.

b. System Monitor enables you to track network and system activity by using a single tool.

c. You should use specific counters as part of your normal monitoring configuration.

(1) Cache\Data Map Hits %

(2) Cache\Fast Reads/sec

(3) Cache\Lazy Write Pages/sec

(4) Logical Disk\% Disk Space

(5) Memory\Available Bytes

(6) Memory\Nonpaged Pool Allocs

(7) Memory\Nonpaged Pool Bytes

(8) Memory\Paged Pool Allocs

(9) Memory\Paged Pool Bytes

(10) Processor(_Total)\% Processor Time

(11) System\Context Switches/sec

(12) System\Processor Queue Length

(13) Processor(_Total)\Interrupts/sec

d. Monitoring network activity with System Monitor involves examining performance data at each network layer, as defined by the OSI model.

(1) Application, Presentation Session

(2) Transport

(3) Network

(4) Data Link, Physical

e. When monitoring performance data, you should begin with the lowest-level components and work your way up.

f. Establish a baseline for network performance.

|32| 3. Disk objects and the Diskperf utility

a. Two primary disk objects contain counters in System Monitor.

(1) PhysicalDisk

(2) LogicalDisk

b. The physical disk performance counters are enabled, and the logical disk performance counters are disabled.

c. Use the Diskperf utility to enable and disable the counters.

d. There is a small performance cost for running these counters.

3. Performance Logs and Alerts Snap-In

|33| A. Collecting performance data

1. Collect performance data automatically from local or remote computers

2. View logged counter data or export the data

|34| B. Using the Performance Logs and Alerts snap-in

1. Collect data in a comma-delimited or tab-separated format for easy import to spreadsheet programs.

2. View counter data during collection and after collection has stopped.

3. Define start and stop times, file names, file sizes, and other parameters for automatic log generation.

4. Manage multiple logging sessions from a single console window.

5. Set an alert on a counter, thereby stipulating that a message be sent, a program be run, or a log be started when the selected counter’s value exceeds or falls below a specified setting.

|35| C. Recording performance data

1. Start and stop logging—either manually on demand or automatically based on a user-defined schedule.

2. Create trace logs. Using the default system data provider or another provider, trace logs record data when certain activities such as disk I/O operations or page faults occur.

3. Define a program that runs when a log is stopped.

4. Configure additional settings for automatic logging, such as automatic file renaming, and set parameters for stopping and starting a log based on the elapsed time or the file size.

|36| D. Performance Logs and Alerts interface

1. You can define settings for counter logs, trace logs, and alerts.

2. You can define multiple logs or alerts to run simultaneously.

3. Summary information is provided in the details pane.

a. Name

b. Comment

c. Log File Type

d. Log File Name

4. To see the parameters defined for a log, open the Properties dialog box for that log.

5. The color of the icon next to the log indicates the status of the log.

a. A green icon means that the log is currently running and collecting data.

b. A red icon means that the log has been defined but is not running.

Chapter 13, Lesson 4

Network Monitor

1. Overview of Network Monitor

|37| A. Introduction to Network Monitor

1. Network Monitor tracks network throughput in terms of captured network traffic.

2. Network Monitor monitors the network data stream on the local network segment.

3. Each frame contains information.

a. The source address of the computer that sent the message

b. The destination address of the computer that received the frame

c. Headers from each protocol used to send the frame

d. The data or a portion of the information being sent

e. A trailer that usually contains a CRC to verify frame integrity

4. Capturing refers to the process that is used by Network Monitor to copy frames.

5. Network Monitor can capture all local traffic or a subset of frames.

6. After you have captured data, you can view it in Network Monitor.

7. Network Monitor captures only those frames sent to or from the local computer.

8. When Network Monitor detects other Network Monitor installations running on the network, it displays information.

a. The name of the computer

b. The name of the user logged on at the computer

c. The state of Network Monitor on the remote computer (running, capturing, or transmitting)

d. The adapter address of the remote computer

e. The version number of Network Monitor on the remote computer

9. Your network architecture might prevent one installation of Network Monitor from detecting another.

10. Network Monitor uses a network driver interface specification (NDIS) feature to copy all frames to its capture buffer.

|38| B. Installing Network Monitor Tools

1. Network Monitor Tools include the Network Monitor snap-in and the Network Monitor driver.

2. These tools are not installed by default.

3. You can use the Add/Remove Programs utility in Control Panel to install the Network Monitor Tools.

2. Capturing Frame Data

|39| A. Overview

1. Network Monitor and the Network Monitor driver must be installed to capture frame data.

2. The driver enables Network Monitor to receive frames from a network adapter and supports the Network Monitor provided with SMS.

3. Network Monitor displays session statistics from the first 100 unique network sessions it detects.

|40| B. Using capture filters

1. A capture filter functions like a database query.

2. You can use a capture filter to specify the types of network information that you want to monitor.

3. To design a capture filter, specify decision statements in the Capture Filter dialog box.

4. You can use a capture filter to filter by protocol.

a. You can specify a protocol on the SAP/ETYPE= line of the capture filter.

b. By default, all the protocols that Network Monitor supports are enabled.

5. You can use a capture filter to filter by address.

a. You can capture frames from specific computers by specifying one or more address pairs in the capture filter.

b. An address pair consists of several components.

(1) The addresses of the two computers you want to monitor traffic between

(2) Arrows that specify the traffic direction you want to monitor

(3) The INCLUDE or EXCLUDE keyword, indicating how Network Monitor should respond to a frame that meets a filter’s specifications

c. EXCLUDE statements are evaluated first.

6. You can use a capture filter to filter by data pattern.

a. You can perform specific actions by specifying a pattern match in a capture filter.

(1) Limit a capture to only those frames containing a specific pattern of ASCII or hexadecimal data

(2) Specify how many bytes (offsets) into the frame the pattern must occur

b. You must specify where the pattern occurs in the frame.

3. Displaying Captured Data

|41| A. Overview

1. Network Monitor interprets raw data collected during the capture filter and displays it in the Capture window.

2. You can display the Capture window by opening a .cap file.

|42| B. Using display filters

1. You can use a display filter to determine which frames to display.

2. A display filter does not affect the contents of the Network Monitor capture buffer.

3. You can filter a frame by specific information.

a. The source or destination address of the frame

b. The protocols used to send the frame

c. The properties and values contained in the frame

4. The Capture window must have the focus for the Display Filter dialog box to appear.

5. You can design a display filter by specifying decision statements in the Display Filter dialog box.

6. Display filters are not limited to four address pairs.

7. Display filters allow you to use AND, OR, and NOT logic.

8. Protocol properties define a protocol’s purpose.

|43| 4. Network Monitor Performance Issues

A. Network Monitor creates a memory-mapped file for its capture buffer.

B. Although you cannot adjust the frame size, you can store only part of the frame.

C. You can run Network Monitor in the background to reduce the amount of system resources necessary to operate the program.

Chapter 13, Lesson 5

Task Manager

|44| 1. Overview of Task Manager

A. Task Manager provides information about programs and processes running on your computer.

B. You can use Task Manager to monitor key indicators of your computer’s performance.

C. The Task Manager interface contains three tabs: Applications, Processes, and Performance.

D. You can update Task Manager by clicking Refresh Now on the View menu.

|45| 2. Applications Tab

A. This tab shows the status of the programs running on your computer.

B. You can start a new program, end a program, or switch to another program.

C. Using Task Manager to start a program is the same as using the Run command on the Start menu.

|46| 3. Processes Tab

A. This tab shows information about the processes running on your computer.

B. You can sort the list of processes and display other process counters.

C. You can end any process, except those critical to the operation of Windows 2000.