ptg6432687 220 7 Optimizing the Hyper-V Host Server and Guest Sessions FIGURE 7.5 Choosing to copy a cell as a filter. FIGURE 7.6 Sample capture with red-highlighted filtered data. as shown in Figure 7.5. Figure 7.6 shows a sample capture with a DNS capture filter applied and all RDP packets color-coded in red using a color filter. Download at www.wowebook.com ptg6432687 221 Using Capacity-Analysis Tools 7 FIGURE 7.7 Network Monitor capture of network traffic between two IP addresses. To remove a filter, just highlight the correct filter from the Filter menu and select Remove Filter, click the Remove button in the Capture Filter pane, or press the Ctrl+Shift+Enter keys simultaneously. NOTE Removing a filter does not remove it from the filter list. It just removes it from being applied. Capturing Network Traffic Between Computers As outlined previously, Network Monitor 3.1 includes the ability to capture wireless, remote, local area network (LAN), and wide area network (WAN) traffic using a remote agent. In some cases, network administrators want to diagnose or monitor a conversation between two computers. The steps necessary to monitor traffic between two different computers are outlined in the following list. To capture network traffic between two different computers using IPv4 source and destina- tion addresses, as shown in Figure 7.7, complete the following steps: 1. In Network Monitor, click the Create a New Capture Tab button on the left. 2. Click the Filter menu, select Capture Filter, Load Filter, Standard Filters. 3. Select IPv4SourceandDestination. 4. Edit the filter to specify the IP addresses that should be filtered in the Capture Filter window (for example, 192.168.1.5 and 192.168.1.2). Download at www.wowebook.com ptg6432687 222 7 Optimizing the Hyper-V Host Server and Guest Sessions FIGURE 7.8 Parsers tab of Network Monitor 3.1. 5. Click the Apply button in the Capture Filter pane. 6. Click the Play button on the main Network Monitor menu bar or press the F10 key to start the capture. Parsing Captured Network Traffic Data Parsing captured data allows the information to be converted into a format that is more legible to the naked eye. Parsing captured data makes analysis of the captured data easier—in fact, it’s almost essential. The Network Monitor parsing engine was completely rewritten to support the new functionality of Network Monitor 3.1. To parse captured data in Network Monitor 3.1, complete the following steps: 1. With a capture running or loaded from a saved file, select the Parsers tab in Network Monitor, as shown in Figure 7.8. 2. Expand the appropriate parsing category and double-click the selected criteria, such as tables, data types, protocols, and so on. For more detailed information about parsing with Network Monitor 3.1, review the online help in Network Monitor 3.1 or reference the ParserLanguage.doc file located in the C:\Program Files\Network Monitor 3.1\Help\ folder. Download at www.wowebook.com ptg6432687 223 Using Capacity-Analysis Tools 7 FIGURE 7.9 Reliability and Performance Monitor. Windows Reliability and Performance Monitor The Reliability and Performance Monitor in Windows 2008, shown in Figure 7.9, replaced the Performance Monitor that was included with Windows Server 2003. The Reliability and Performance Monitor bears a similarity to the Task Manager and previous Performance Monitor and highlights components that are critical to system performance. The Reliability and Performance Monitor is a combination of the previous Windows Server tools: System Monitor, Performance Monitor, and Server Performance Advisor. The Reliability and Performance Monitor is composed of four main components: Performance Monitor, Reliability Monitor, Data Collector Sets, and a reporting component. The Reliability and Performance Monitor can be launched from within the Windows 2008 Server Manager or from Start, All Programs, Administrative Tools. Using the Reliability and Performance Monitor, administrators can identify bottlenecks and pinpoint resource issues with applications, processes, or hardware. Monitoring these items can help to identify and resolve issues, to plan for capacity changes, and to establish baselines for use in future analysis. Upon launching the Reliability and Performance Monitor, a summary of system performance displays, showing current memory, disk, processor, and network loads. Download at www.wowebook.com ptg6432687 224 7 Optimizing the Hyper-V Host Server and Guest Sessions Reliability and Performance Monitor includes the following new features: . Reliability Monitor—The Reliability Monitor establishes and monitors a baseline of system performance and marks any errors, failures, and other problems for analysis by the administrator. . Resource Overview—Similar to the Task Manager program is the Resource Overview window, which is presented when launching the Reliability and Performance Monitor. The Resource Overview displays real-time status of processor usage, disk usage, network throughput, and memory status. . Data Collector Sets—Data Collector Sets are a collective grouping of items to be monitored. You can use one of the predefined sets or create your own to group together items that you want to monitor. . Diagnosis reports—The Reliability and Performance Monitor includes an updated reporting mechanism and several template performance and diagnosis reports for use. In addition, reports can also be created manually or generated from Data Collector Sets. Performance Monitor Many IT professionals rely on the Performance Monitor because it is bundled with the operating system, and it allows you to capture and monitor every measurable system object within Windows 2008. The tool involves little effort to become familiar with it. You can find and start the Performance Monitor from within the Reliability and Performance Monitor program under Monitoring Tools in the console view. The Performance Monitor, shown in Figure 7.10, is by far the best utility provided in the operating system for capac- ity-analysis purposes. With this utility, you can analyze data from virtually all aspects of the system both in real time and historically. This data analysis can be viewed through charts, reports, and logs. The log format can be stored for use later so that you can scruti- nize data from succinct periods of time. Reliability Monitor As mentioned previously, the Reliability Monitor establishes and monitors a baseline of system performance and marks any errors, failures, and other problems for analysis by the administrator. The Reliability Monitor is quite useful for identifying how a new applica- tion, update, or system change might behave and to correlate any errors or failures with possible causes that occurred around the same time. The Reliability Monitor is shown in Figure 7.11. Download at www.wowebook.com ptg6432687 225 Using Capacity-Analysis Tools 7 FIGURE 7.10 The Performance Monitor. FIGURE 7.11 The Reliability Monitor. Download at www.wowebook.com ptg6432687 226 7 Optimizing the Hyper-V Host Server and Guest Sessions FIGURE 7.12 Data Collector Sets in the Reliability and Performance Monitor. Data Collector Sets As mentioned previously, Data Collector Sets are a collective grouping of items to be monitored. You can use one of the predefined sets or create your own to group together items that you want to monitor. Data Collector Sets are useful for several reasons. First, data collectors can be a common theme or a mix of items. For example, you could have one Data Collector Set that monitors only memory or a Data Collector Set that contains myriad items such as memory, disk usage, processor time, and more. Data Collector Sets can also be scheduled to run when needed. The Data Collector Sets section of the Reliability and Performance Monitor is shown in Figure 7.12. Reports As previously discussed, the Reliability and Performance Monitor includes an updated reporting mechanism and several template performance and diagnosis reports for use. In addition, reports can be created manually or generated from Data Collector Sets. Three system reports are included for diagnosing and assessing system performance: LAN Diagnostics, System Diagnostics, and System Performance. The following steps outline the process to view a System Diagnostics report. Figure 7.13 shows a sample System Diagnostics report. To create and view reports in the Reliability and Performance Monitor, complete the following steps: 1. Expand Data Collector Sets and System in the console tree of the Reliability and Performance Monitor. Download at www.wowebook.com ptg6432687 227 Using Capacity-Analysis Tools 7 FIGURE 7.13 System Diagnostics report in the Reliability and Performance Monitor. 2. Right-click the LAN Diagnostics, System Diagnostics, or System Performance sets and select Start. Windows will begin collecting data for the report. 3. When you have collected enough data, right-click the collection set again and select Stop. 4. Expand Reports, System and click the collection set you chose earlier. Double-click the report listed under that performance set. 5. The report will be compiled and displayed. Other Microsoft Assessment and Planning Tools Several other products and tools are available from Microsoft to assist with proper capacity analysis and performance monitoring. Some of these tools are available for purchase sepa- rately or can be downloaded for free. Selecting the right tool or product depends on the goal you are trying to accomplish. For example, the Windows System Resource Manager would be used if you want to implement thresholds for the amount of resources an appli- cation or process is allowed to consume, and System Center Operations Manager might be deployed if you want to be notified when critical processes behave abnormally on produc- tion servers. Discussing each of these tools in depth is beyond the scope of this book; however, a basic understanding and overview of their purposes will help you make an informed decision when selecting the right technologies for analyzing system resources, availability, and performance. Download at www.wowebook.com ptg6432687 228 7 Optimizing the Hyper-V Host Server and Guest Sessions FIGURE 7.14 Windows System Resource Manager. Windows System Resource Manager Windows System Resource Manager (WSRM) is included in the feature set of Windows 2008 and provides an interface that enables you to configure how processor and memory resources are allocated among applications, services, and processes. Having the ability to control these items at such a granular level can help ensure system stability, thus improv- ing system availability and enhancing the user experience. Assigning thresholds to services, applications, and processes can prevent issues such as high CPU consumption. WSRM is installed as a feature in Server Manager. WSRM can manage multiple items on the local system and remote computers (if Terminal Services is installed). The WSRM inter- face is shown in Figure 7.14. To install WSRM, complete the following steps: 1. Launch Server Manager by choosing it in the Administrative Tools folder. 2. Click Features in the Scope pane on the left. 3. Click Add Features in the central Details pane; the Select Features window opens. 4. Scroll down and select Windows System Resource Manager. 5. If it isn’t already installed, a notification window opens stating that the Windows Internal Database feature must also be installed. Click the Add Required Features button to accept the addition of the feature. 6. Click Next. Download at www.wowebook.com ptg6432687 229 Using Capacity-Analysis Tools 7 7. Click Install to install WSRM and required components. 8. Click Close when the installation completes. NOTE A warning appears in Ser ver Manager if the WSRM ser vice is not star ted. This ser vice must be running to use WSRM. After WSRM is installed, you can start fine-tuning the Windows 2008 server’s processes, services, applications, and other items to ensure CPU cycles and memory usage are allo- cated appropriately. WSRM provides administrators with a means of adjusting the system to meet the demands of those accessing it. WSRM can allocate CPU time and memory usage through the use of the included resource allocation policies or a customized one. Observed system usage and data obtained from tools such as the Reliability and Performance Monitor can be applied directly to WSRM policies. For example, if system monitoring reveals that a particular application is in high demand but the same server is busy providing other services, making the application sluggish, the WSRM can allocate enough resources to both items to ensure that neither the system nor the items being used are negatively impacted. Resource-allocation policies are used in WSRM to divide processor and memory usage among applications, services, processes, and users. Resource-allocation policies can be in effect at all times, or they can run on a scheduled basis. If certain events occur or the system behaves differently, WSRM can switch to a different policy to ensure system stabil- ity and availability. Resource-allocation policies can be exported and imported between Windows 2008 servers, and the policies can also contain exclusions when something doesn’t require specific resource assignments. When accounting is enabled in WSRM, administrators of the servers can review data collected to determine when and why resource allocation policies were too restrictive or too loose. Accounting can also help identify problems with the items in the policy and peak access times. Administrators can use the information obtained by the accounting component of WSRM to make adjustments to the policies. WSRM resource-allocation poli- cies can manage local and remote computers as well as Terminal Services sessions. WSRM comes packaged with four predefined policies. These templates provide administra- tors with a way to quickly allocate resources, leaving room for fine-tuning later. The prede- fined resource allocation policy templates are as follows: . Equal per Process—Allocates resources equally among all running processes, preventing one process from consuming all available CPU and memory resources. . Equal per User—Allocates resources equally among all users, preventing one user from consuming all available CPU and memory resources. . Equal per Session—Allocates resources equally among all Terminal Services sessions, preventing one session from consuming all available CPU and memory resources. Download at www.wowebook.com . fine-tuning the Windows 2008 server s processes, services, applications, and other items to ensure CPU cycles and memory usage are allo- cated appropriately. WSRM provides administrators with. granular level can help ensure system stability, thus improv- ing system availability and enhancing the user experience. Assigning thresholds to services, applications, and processes can prevent issues. Monitor can be applied directly to WSRM policies. For example, if system monitoring reveals that a particular application is in high demand but the same server is busy providing other services, making