Download theGuard! ApplicationManager System Windows Data

theGuard! ApplicationManager
System Windows
Data Collector
Status: 10/9/2008
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Introduction ....................................................................................................................................................... 3
The Performance Features of the ApplicationManager Data Collector for Microsoft Windows Server ................. 3
Overview of Microsoft Windows Server.............................................................................................................. 4
Registry ......................................................................................................................................................... 6
Event Log ...................................................................................................................................................... 7
Applications on Windows Server .................................................................................................................... 8
The System Windows Data Collector................................................................................................................. 9
Monitoring Hardware and Software Resources ................................................................................................ 10
Monitoring Processors ................................................................................................................................. 11
Monitoring Memory ...................................................................................................................................... 11
Monitoring Physical Disks, Logical Disks and Mount Points .......................................................................... 11
Monitoring the Swap Files (Virtual Memory) ................................................................................................. 11
Monitoring the System ................................................................................................................................. 12
Service Monitoring ....................................................................................................................................... 12
Monitoring Processes .................................................................................................................................. 12
Status....................................................................................................................................................... 13
Events...................................................................................................................................................... 13
Performance............................................................................................................................................. 13
Service Levels and Standard Reporting.................................................................................................... 14
Monitoring Printers....................................................................................................................................... 14
Status....................................................................................................................................................... 14
Events...................................................................................................................................................... 14
Performance............................................................................................................................................. 14
Monitoring the Windows Event Log.................................................................................................................. 15
Pre-configured Monitoring Policies .................................................................................................................. 15
Appendix A: The Data Collector's Object Structure .......................................................................................... 16
Copyright © REALTECH 2008
Page 2 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Introduction
There is more to efficiently managing an application than maximizing its availability. Targeted tuning can
increase the performance and stability of business-critical applications without having to invest in additional
hardware (processors, RAM, disk space).
A number of data collectors have been developed for theGuard! ApplicationManager that provide
comprehensive monitoring and generate detailed data analyses. Data collectors do more than simply collect
events according to pre-defined rules. They deliver every performance value and the current status of each
application object in real time. They also provide insight into configuration attributes, such as the release status
or the application's parameter settings. Data collectors model an application in objects and sub-objects, enabling
a dedicated handling of alerts, monitoring or status messages. This model ensures that information is clearly
structured and that messages are easy to allocate to a problem.
Pre-defined and reusable policies for each type of application facilitate the implementation of the solution and
the adaptation of monitoring to dynamic landscapes. The ease with which thresholds are set ensures the early
recognition of potential errors. Comprehensive reaction management enables flexible alerting for more than 100
different devices and alarm consoles.
The automatic discovery of new application instances and objects, including the automatic allocation of policies,
enables automatic monitoring even in those cases in which system administrators have completely reconfigured
the application, for example, by adding new instances or objects.
Central reporting at the application instance and application object level provides for a detailed and effective
capacity management of all resources.
Integrated Service Level Management ensures that the service levels for application availability and
performance are achieved, while Operational Level Agreements (OLAs) can be easily defined at the application
object level.
The Performance Features of the ApplicationManager Data
Collector for Microsoft Windows Server
The data collector for Microsoft Windows Server provides a comprehensive monitoring of large multi-processorservers (32 and 64 bit) running Microsoft Windows Server 2003 and 2008 or Microsoft Windows Server 2000 operating system. With ApplicationManager, a number of operational parameters and application processes can
be monitored and compared in parallel.
All of the hardware and software resources of a Microsoft Windows Server, such as processors, memory, virtual
memory, physical hard disks, logical hard disks, mount points, services, processes, etc., are defined and
analyzed individually within the framework of the CIM model as Managed Objects (MO). With
ApplicationManager's event and threshold monitoring resource, bottlenecks and system overloads can be
detected and reported at an early stage.
The data collector for Microsoft Windows Server consists of a number of objects, event categories, and
performance counters. All of the information is described in the data collector's online documentation. The
present document provides an overview of the most important functions of the data collector.
Copyright © REALTECH 2008
Page 3 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Overview of Microsoft Windows Server
Microsoft Windows Server 2000 / 2003 and 2008 are the successors of the successful Microsoft Windows NT
Server operating system. Both of the Windows operating systems are designed to run on high-availability
servers, and support preemptive multitasking and/or multiprocessing as well as multiprocessor operation.
As every other operating system, Microsoft Windows is the interface between the hardware, the users, and the
applications. It conceals the complexity of the hardware by providing a comprehensive and simple access model
to the running software even in hybrid environments. In addition, it supplies services for system administration
and interfaces for applications. In contrast to many other operating systems, Microsoft Windows has a graphical
user interface that facilitates the use of operating system functionality and hence increases the users' efficiency.
To meet today's high demands on operating systems, Microsoft Windows has to manage a variety of different
tasks:
 Process Management
o
o
o
Load, start, interrupt, and end processes
Allocate processor time to processes (scheduling)
Synchronize the workload distribution on multiprocessor machines
 Memory Management
o
o
o
Allocate memory to processes.
Protect the main memory from other processes accessing them (process isolation)
Temporarily move processes (swapping) to mass storage devices (virtual memory)
 File Management
o
o
o
Manage mass storage devices such as hard disks, CDs, floppy disks, etc.
Organize and manage the data on the mass storage devices in a hierarchical file structure in the
form of files
Manage access permissions to the file system
 I/O Control
o
o
o
Manage computer peripherals such as terminals, mass storage devices, I/O ports, the network, etc.
Transfer common read/write operations to device-specific control signals
Coordinate concurrent accesses to I/O resources
 Network Management
o
o
Manage communication through the network
Gather, identify, and route incoming network packages to the processes
Copyright © REALTECH 2008
Page 4 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
 Authentication and Access Control
o
o
o
Manage users and their access permissions to system resources
Log users in to and out of the system
Protect system resources from users that do not have the correct permissions
 Log Processing
o
Record important functions and events such as error statuses in the system log
 Error Handling
o
Recognize error statuses and process them accordingly
 User Interface
o
o
o
o
Provide services for system administration
Provide a Graphical User Interface (GUI) for communication between man and machine
Provide application programming interfaces (API)
Provide a hardware abstraction for applications
To ensure the stability of the system, the Windows operating system is divided into two modes: kernel mode and
user mode. Elementary operating system processes with high privileges run in protected kernel mode. These
processes can impact the stability of the entire operating system when an error occurs (blue screen). Nonelementary operating system processes and user applications with low privileges run in unprotected user mode.
Errors generated by individual applications and/or processes have no effect on either the operating system or
any of the other processes.
Microsoft Windows combines the advantages of a monolithic kernel with those of a microkernel by enabling
some of the operating system functions to run directly in protected kernel mode (execution services and device
drivers) and moving others to separate processes that run in unprotected user mode (sub-systems). The subsystem processes are merely delegated by the microkernel. Applications generally run in user mode to
guarantee the stability of the operating system when applications are flawed.
To reduce complexity, the Windows operating system is internally divided into several layers. The individual
layers are built according to a hierarchical structure, and each performs a special task.
The lowest layer of the Windows operating system, the Hardware Abstraction Layer (HAL), maps characteristics
of the hardware (for example, the processor) to a uniform abstraction model on which the superimposed layers
(device drivers and micro kernel) are built.
The micro kernel is the core of the Windows operating system. It controls the processor and the elementary
sequences of process communication. In multiprocessor operations, it ensures that processes are evenly
distributed between the individual processors and priorities kept.
Device drivers are special small programs that control individual hardware components. They are the interface
between the operating system and the hardware.
Copyright © REALTECH 2008
Page 5 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Execution services, such as the file system and I/O manager, object management, the security monitor, process
management, memory management, power management, plug-and-play control, and the IPC manager (interprocess communication), run in the top layer of kernel mode.
Registry
The Windows registry database, or "registry," is a feature of Microsoft Windows that is not found in other
operating systems. Here, all of the configuration parameters of the operating system and applications are stored
in a hierarchical structure. Applications have an interface for adding, reading, and deleting configuration
parameters.
Copyright © REALTECH 2008
Page 6 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Event Log
Microsoft Windows records important events, warnings, and errors in the event log.
The event log is divided into three areas: application log, security log, and system log. Windows operating
system messages are recorded in the system log, and application messages are recorded in the application log.
Security messages, such as users logging in and out of the system and failed log in attempts, are recorded in
the security log.
Copyright © REALTECH 2008
Page 7 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Applications on Windows Server
In general, applications use the resources of an operating system such as Windows in terms of main memory,
disk space, and processor capacity, as well as special process procedures such as multithreading, messaging,
processor binding, or queuing. Application tuning is often coupled to operating system tuning. Reconfiguring
certain aspects of the system can increase performance and improve resource utilization. It might also be
possible to reduce the number of application licenses when, for example, licensing depends on the number of
used processors and processors can be bound (for example, as is the case with MS SQL Server).
Log Entries
Config. Parameter
I/O Commands
Network
Communikation
Print Jobs
Application Data
Logical Pages
Application
Start/Stop/Execute
Processes
Services + Processes
Application Programming Interface (API)
Process
Management
Microsoft
Windows
Operating
System
Memory
Management
Storage
Management
Print
Management
Virtual
Memory
FileSystem
Spool
Service
Network
Management
I/O
Management
Configuration
Tracing
Registry
Event Log
Processor
Physical
Memory
Harddisk
Printer
Network
Device
I/O Commands
Network Packages
Print Commands
Files
Physical Pages
Execution
Instructions
Logical Interface
Hardware Abstraction Layer
(HAL)
I/O
Devices
Physical Interface
Clients
User
Interaction
Network
Communikation
Hardware
Users
Copyright © REALTECH 2008
Page 8 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
The System Windows Data Collector
This data collector monitors the hardware and software resources of a Microsoft Windows Server. Both types of
resources are important for highly available and dynamic operations.
The below figure shows the status of all of the objects of a Microsoft Windows Server in theGuard!
ApplicationManager. Appendix A contains a complete list of all of the objects.
Hardware and software resources, such as processors, memory, virtual memory (swap file), physical hard disks,
logical disks, printers, processes (process groups), processor queues, printer queues, etc., are entered and
displayed as managed objects in the managed monitor. Managed objects are hierarchically arranged and clearly
structured, thus providing the current status of every component at a glance. Monitoring parameters can be set
individually for each component.
Copyright © REALTECH 2008
Page 9 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Monitoring Hardware and Software Resources
In order to guarantee a trouble-free function of the operating system – and the productive applications as well –
the monitoring of the hard- and software resources e.g. processors, working memory hard disks, virtual memory,
processes, printers, queues etc. is most important with it, the resources have according to sufficient capacity
and performance to be monitored. If one of the resources is overloaded or used up, the performance of the
complete system drops drastically; this may have a negative impact on the productive server operation! In many
cases, this leads to a malfunction of the productive applications. In worst case, the stability of the entire system
is endangered.
By continuously monitoring the system resources, the data collector for Microsoft Windows reports overloads
and highly used resources at an early stage. This enables the system administrator to react early to resource
bottlenecks and remove them before they impact or bring down the live system.
The system Windows DC provides numerous statistical data regarding the current utilization and performance of
the different hardware- and software resources of the monitored Windows Server. Thresholds, which are used
to trigger alerts when they are violated, can be defined for all of the statistical values. Resource bottlenecks with
it will be detected at an early stage and can be removed. Function and performance monitoring can be
performed at the same time.
All of the statistical values can be monitored and compared in the real-time performance monitor. These values
can be used to optimize the performance and the memory.
The below figure shows the current utilization of system resources such as CPU, memory, handles, threads, etc.
for the JLaunch processes of an SAP Web Application Server in the real-time performance monitor:
Copyright © REALTECH 2008
Page 10 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
The ability to compare the system resources of the different Windows servers provides useful information for
optimization tasks, such as a more efficient distribution of the load between the servers.
The statistical values can also be collected in the ApplicationManager database and evaluated using
REALTECH Reporting. This information can be used to generate trend analyses, for example, for the utilization
of system resources such as CPU, memory, disk space, etc., and used as a basis for cost and capacity
planning.
The below list of possible monitoring criteria is not exhaustive:
Monitoring Processors
 Current processor usage in percent
 Partial processor usage in user mode in percent
 Current length of the processor queue
The availability and performance of an application can be increased in bottleneck situations by upgrading
the processors or reconfiguring the application.
Monitoring Memory




Free Memory
Utilization of virtual memory
Utilization of kernel memory
Requests of memory pages moved to swap file (page faults/sec, pages input/sec, page reads/sec)
The availability and performance of an application can be increased in bottleneck situations by upgrading
the processors or reconfiguring the operating system (for example, the application cache/main memory ratio).
Monitoring Physical Disks, Logical Disks and Mount Points
 Free/used space
 Read/write operations per time
 Read/write speed
Monitoring the Swap Files (Virtual Memory)
 Current size of the swap file (these values are currently available in the System Windows 2003 / 2008
data collector)
 Current utilization rate of the swap file with regard to the defined maximum size
Copyright © REALTECH 2008
Page 11 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Monitoring the System
 Fill level of the Windows registry database with regard to its maximum size
 Context switch rate (context switches/sec)
 Number of open files
Service Monitoring
The data collector can monitor the status of all of the services installed on a Microsoft Windows server. The
monitored services can also be started and stopped from the ApplicationManager's interface.
Monitoring Processes
Processes that are relevant for the live system, such as the processes of important services or applications, can
be monitored by freely definable process groups. Processes are assigned to process groups using process
patterns. The filter principle is used to add active processes to the process with a matching process pattern. The
status of a process group indicates if at least one process that matches the group's process name pattern is
currently running.
Example: Configuration of a process pattern for the JLaunch processes of SAP Web Application Server.
A list of all of the running processes that match the process group's pattern can be viewed in the properties of
the respective process group.
Copyright © REALTECH 2008
Page 12 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Example: List of current Disp+Workprocesses of an SAP R/3 system.
Processes that belong together, for example, because they belong to the same service or application, can be
combined into process groups. This enables applications to be monitored as an entity in real time:
Status
 The status of a process group indicates if at least one process that matches the process pattern is
running
Events
 Notification when a new process is started that matches the process pattern of a process group (also
applies to extremely short-lived processes)
 Notification when a process that was assigned to a process group is ended (also applies to extremely
short-lived processes)
Performance






Number of processes currently assigned to a process group
Memory allocated by the processes of a process group
Virtual memory allocated by the processes of a process group
CPU time consumed by the processes of a process group
Handles used by the processes of a process group
Threads used by the processes of a process group
An analysis by process group in Reporting provides a comparison of the resource utilization of the different
application processes that can be used for activity allocation.
Copyright © REALTECH 2008
Page 13 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Service Levels and Standard Reporting
 Availability of an application in terms of the process and/or process group
 Load and resource utilization of an application's process and/or process group by the above-mentioned
parameters
Process groups are managed objects that can be used in business maps to map distributed applications and
business processes in theGuard! ServiceCenter.
Monitoring Printers
The data collector can monitor the local printer and/or the print jobs of a Windows print server according to the
following criteria:
Status
 Status of the individual local printers
Events
 Notification of events such as low paper, paper jam, low toner, print job error, etc.
Performance




CPU, handle, and thread utilization of the process started by the spool service
Size of the spool directory
Size of the spool directory in relation to the available disk space
Number of print jobs in the print queue
This enables you to react to printer problems at an early stage and analyze and optimize printer utilization
via the connected network printers.
Printers can be monitored with the data collectors for Microsoft Windows Server 2000 / 2003 / 2008.
Copyright © REALTECH 2008
Page 14 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Monitoring the Windows Event Log
With the Managed Object Type "EventLog", the monitoring of all events in the Windows event log can be
automated. The security log, the system log, the application log, and the user-defined event logs can be
monitored.
Pre-configured Monitoring Policies
The data collector for Microsoft Windows contains a number of pre-configured policies for each object type,
such as processor, logical disk, process group, Win32 service, printer, etc.
For more information about
REALTECH’s software solutions:
www.realtech.com
REALTECH AG
Industriestr. 39c
69190 Walldorf  Germany
Tel
+49.6227.837.880
Fax
+49.6227.837.837
[email protected]
http://www.realtech.com
Copyright © REALTECH 2008
Page 15 of 16
Product name
theGuard!
ApplicationManager – System Windows Data Collector
Appendix A: The Data Collector's Object Structure
The collector is structured in object types, which among other things, is essential for the configuration and
allocation of events as well as for all of the other functions:
Object Type
Computer System
Sub-object Type
Network Adapter
Physical Disk
Processor
Metrics
1 Computer System
object
Topic
Network Adapter
3 to n event logs
1 to n logical drives or
mount points + total
object
1 to n network adapters
Network Interface
1 to n network interfaces
Monitoring the event logs
Capacity, file rate and
throughput of logical
drives
Availability of the network
adapters
Monitoring the network
interfaces
Memory monitoring, file
system-cache,
System objects
EventLog
Logical Disk
Operating System
Page File
Physical Disk
Printer
Process Group
Processor
Server Work Queue
Service
EventLog
Logical Disk
Network Interface
Page File
Printer
Process Group
Server Work Queue
Service
1 Operating system
object
1 to n page files + Total
object
1 to n physical disks +
Total object.
n Printers + "Print
Queues Total“
n Process Groups
1 to n processors + Total
object
1 queue per processor +
"Blocking Queue"
n Windows services
Monitoring page files.
Capacity, fill rate and
throughput of physical
disks
Printer and print job
monitoring
Monitoring of processes
Processor monitoring
Queue monitoring
Service monitoring
Copyright © REALTECH 2008
Page 16 of 16