IT Guys blog

Information Technology Tips & Tricks

VMware vs. Citrix vs. Microsoft

Server virtualization is no longer a one-horse race, as Microsoft, Citrix and others compete more convincingly with market leader VMware

 VMware has enjoyed a long run as king of x86 server virtualization, and the pioneering vendor remains the one to beat when tallying enterprise market share. But its competitors, particularly Microsoft and Citrix Systems, are gaining ground as IT executives begin to view server virtualization not only as a means to cut costs in the data center but also as a baseline technology for enabling cloud computing. 

VMware introduced its first x86 server virtualization products in 2001. It wasn’t until a few years later that the first commercial versions of the open source Xen virtualization hypervisor hit the market, and Microsoft’s release of Hyper-V followed in 2008. 

With its generous head start, VMware started winning customers, particularly among large enterprises looking to save money and gain efficiencies by consolidating data center assets. As interest in the technology rose, so did VMware’s marketshare. In early 2008, researchers estimated that at least 50% and as many as 80% of enterprise customers were using its hypervisor.

Despite the high numbers, the race to virtualization is by no means over. Virtualization deployments have been expanding over the past several years, but plenty of workloads remain to be virtualized. At the end of 2009, only 18% of enterprise data center workloads that could be virtualized had been virtualized, according to Gartner. The number is expected to grow to more than 50% by the close of 2012.

Vendors including Microsoft, Citrix (which acquired XenSource in 2007), Oracle (which acquired Virtual Iron in 2009), Parallels, Novell and others are gunning for new virtualized workloads, and they’re using management capabilities, automation technologies and vendor partnerships to sweeten and differentiate their offerings.

These tactics are timely. As today’s IT buyers mull virtualization technologies, they’re considering a lot more than just the hypervisor used to create virtual machines. IT teams need tools to manage virtual server technologies from x86 environments back to the mainframe, across multi-platform hypervisors and consistently alongside physical machines. They also need security and monitoring tools, and capabilities such as live migration to maintain business continuity.

Enterprises have learned they need to carefully track the configuration of virtual machines to ensure compliance with business policies and prevent virtual server sprawl – particularly as they get their IT infrastructures ready for cloud computing.

Virtualization is a critical step in the journey to the private cloud, according to Matt Eastwood, group vice president of enterprise platforms at IDC. “Customers are quickly moving beyond the core hypervisor and focusing on mobility, self-provisioning, and metering and chargeback capabilities,” Eastwood said in a statement. “As a result, IDC believes that automation tools increasingly represent the battleground in determining the winners and losers in a marketplace which is rapidly reshaping itself.”

For its part, VMware has been beefing up its management and automation capabilities, most recently by acquiring IT management technologies from EMC’s Ionix portfolio for about $200 million. It also is part of a three-way partnership with Cisco and EMC to develop a series of cloud-computing platforms, called Vblocks, that are based on servers and networking gear from Cisco, EMC’s storage, and VMware’s VSphere virtualization software.

In its latest Magic Quadrant for x86 server virtualization infrastructure, Gartner recognizes VMware as the market leader. But it also acknowledges some challenges.

“VMware’s challenge is to protect and grow its installed base and technology leadership as it expands into complementary markets that leverage virtualization, such as cloud computing,” Gartner writes in its report, released in late May.

Citrix, meanwhile, has emphasized its virtualization management offerings – both for its own XenServer hypervisor and longtime partner Microsoft’s Hyper-V platform – and made its hypervisor technology available for free to entice customers.

“Its bold move to make XenServer (including XenCenter and XenMotion) free has resulted in a large upswing of product activations. However, the vendor has not yet been able to monetize that with product maintenance agreements or its add-on Essentials management offering,” Gartner writes about Citrix in its Magic Quadrant. “Citrix is also trying to find a comfortable complementary role with Microsoft’s Hyper-V, adding extended management tools to Microsoft’s offering (which might reduce its reliance on its own offering, XenServer).”

Microsoft, too, has been working to emphasize virtualization management capabilities available in its Systems Center Virtual Machine Manager, and it has emphasized its multi-vendor approach to management. By making its hypervisor available for free, packaged with Windows Server 2008, Microsoft has steadily gained price-conscious users, particularly among midsize companies.

“Microsoft competes very well in midsize organizations that are just now beginning to virtualize,” Gartner writes in its market evaluation. “Microsoft’s biggest challenge is overcoming VMware’s deep market penetration in all but smaller enterprises that have been slow to virtualize. In many ways, Microsoft has been left with the late technology adopters.”

Pricing remains an important customer draw for Microsoft, Gartner says. “Microsoft’s biggest trump card is that it does not need virtualization to be a stand-alone business, so it will be able to maintain a price advantage on VMware.”

So who’s the winner? VMware’s early lead has been tough for its competitors to overcome. But in the big picture, there are plenty of widespread virtualization deployments still to be undertaken by midsize and large enterprises. As the key players compete for mindshare, enterprises get to enjoy the benefits of more mature offerings


Buy Secure SSL Certficate from SSL4ALL.com

Hello Everyone,

IT-ETC would like to share this exciting news with everyone. SSL4ALL.com has been launched as its latest addition to focus on Reselling SSL Certificates to the public.

These SSLs are through its Enterprise partner COMODO which is the leader in the SSL industry.

The SSL4ALL.com is a give back project where IT-ETC will make SSL4ALL.com for the first 5 years a low profit margin as a way of contributing to keep websites secure while still being affordable.

We certainly hope this will be a successful project and kindly ask everyone to contribute to make our project a great success by either recommedning us, trying us, or just share ideas with us on how we can be better


Enable of Windows 2008 R2–the Active Directory Recycle Bin

Even in professionally managed network environments it is still possible for mistakes to happen. If an Active Directory object such as a user or computer account is accidentally deleted  network access will be lost. Worker productivity will decline until the account is restored and IT support costs will add to the total expense incurred by the organization.

In the past the best method to restore a deleted AD object is to reboot a domain controller into Active Directory Restore Mode, logon the computer with a special administrative account, and restore the Active Directory database from a backup file. The final steps are to run the NTDSUTIL command line utility to authoritatively restore the object in question and then reboot the computer into normal mode. This procedure is cumbersome, time consuming and requires that the backup file selected contains the most current version of the object.  Many administrators have wished that an easier method was available.

With the introduction of Windows Server 2008 R2 it is possible to enable an Active Directory Recycle Bin. Deleted AD objects can be restored complete with all object related attributes intact. These attributes includes user and computer account group memberships. In order to enable the Active Directory Recycle Bin all Domain Controllers in the Domain must first be upgraded to Windows Server 2008 R2. The Domain functional level of the Domain and the Forest must be raised to 2008 R2 functional level. This can be accomplished in the Domains and Trusts administrative console. If the Active Directory Forest was created using Windows 2000 or 2003 Server it is also necessary for a member of the Schema Admins group to update the Active Directory Schema by running the ADPREP /Forest Prep command on the Schema Master domain controller and the ADPREP /DomainPrep command on the Infrastructure Master computer. Raising functional levels may affect some applications that integrate with Active Directory, therefore it is important to research possible issues before raising the levels.

Once the functional levels are raised the Recycle Bin can be enabled using the following PowerShell command: “Enable-ADOptionalFeature -Identity <ADOptionalFeature> -Scope <ADOptionalFeatureScope> -Target <ADEntity>”. This command must be run using the Active Directory Module for Windows PowerShell  by an member of the Enterprise Administrators group.  Microsoft gives us an example of how this command would look when it is used to enable the Recycle Bin for the Contoso.com domain:

“Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature, CN=Optional Features,CN=Directory Service, CN=WindowsNT, CN=Services, CN=Configuration, DC=contoso, DC=com’ –Scope ForestOrConfigurationSet –Target ‘contoso.com’”

Now that the Recycle Bin is enabled, deleted object can be recovered using either PowerShell or the ldp.exe utility. This process is described by Microsoft here: http://technet.microsoft.com/en-us/library/dd379509(WS.10).aspx

Save yourself time and aggravation by enabling the Active Directory Recycle Bin soon!


How Sarah Palin Yahoo email account got hacked?

The trial of David Kernell, the alleged Sarah Palin hacker, has started, and he could face up to 20 years in prison if convicted.  In this case, the defendant is accused of hacking into Sarah Palin’s Yahoo email account.  The account was breached when the attacker was able to guess the values for the password reset.  Many online services allow you to reset passwords if you can answer several cognitive questions such as your date of birth, your zip code, where you met your spouse, or maybe what high school you attended.  While some might argue that this attack was not even a real hack, the potential jail time is. The defendant could be sentenced to many years in prison if found guilty.

The real moral of this story is the accessibility of information and how this accessibility can work for or against you. The attacker used available information to figure out the answers required to reset the email account password.  Once the hacker had access to the email account, screen-shots of the email account were posted online for everyone to see.  These screen-shots not only showed the content of the email account, but also the URL of the proxy server that was being used to hide the hacker’s true identity.  This information ended up being the hacker’s undoing as it allowed authorities to track the suspect by his IP address and tie the activity to Mr. Kernell.


Keep the “Advanced Features” view always on in Active Directory Users and Computers MMC

“Is there a way to keep the “Advanced Features” view always on?”

If you start a blank management console, add the ADUC snap-in, turn on Advanced Features view, and save the console, whenever you use *that* console file, Advanced Features will be on.

1. Launch a blank Microsoft Management Console: Start-> Run… mmc.exe

2. In the MMC menus, choose File->Add/Remove Snap-in… (or Ctrl+M)

3. Select “Active Directory Users and Computers” and hit the “Add >” button in the middle.

4. Hit OK to finish adding the snap-in.

5. Back in the console, select the Active Directory Users and Computers node under the “Console Root.”

6. Right-click on that ADUC node and choose “New Window from Here” in the menu.

7. In the MMC menus, choose  View->Advanced Features (this turns on the Attribute Editor, Security, Object, and other tabs as well as several other features in menus and makes other objects visible).

8. In the MMC menus, choose  File->Save (or Ctrl+S), specify a file name folder, file name, and hit the Save button.

9. In the MMC menus, choose  File->Options… and choose “User mode – limited access, single window,” then check the “Do not save changes to this console” checkbox, and finally hit OK.

10. In the MMC menus, choose “Save As…” and save under a different file name, and choose “Yes” when warned about the single window interface option.

11. In the MMC menus, choose File->Exit

12. Launch the second console you saved (in step 10) and use it – it should always have Advanced Features turned on.

13. If you need to make changes to other settings in the console, open the first console you saved (in step 8), adjust whatever other options you want, then repeat steps 9, 10, and 11 using a different file name in step 10 this time to distinguish the new settings.


Five Keys to Security Fundamentals

(Excerpted & condensed from the Cisco Press book Network Security Auditing, by Chris Jackson, available June 4, 2010)

To understand security, it is critical that you realize that security is a process, not a product. Security is a broad topic, and one of the few in information technology that literally touches all aspects of a business. To focus security efforts and to make them manageable, it helps to break down the various aspects of security into the five pillars of security.

1. Assessment

Assessments document and identify potential threats, key assets, policies and procedure, and management’s tolerance for risk. Assessments are not something that are done once and then forgotten. As the business needs change and new services and technologies are introduced, regularly scheduled reassessments should be conducted. Doing this gives you an opportunity to test policies and procedures to ensure that they are still relevant and appropriate.

2. Prevention

Prevention is not just accomplished through technology, but also policy, procedure, and awareness. Expect individual security controls to fail, but plan for the event by using multiple levels of prevention.

3. Detection

Detection is how you identify whether or not you have a security breach or intrusion. If you can’t detect a compromise, then you run the risk of having a false sense of trust in your prevention techniques.

4. Reaction

Reaction is the aspect of security that is most concerned with time. The goal is to minimize the time from detection to response so that exposure to the incident is minimized. Fast reaction depends on prevention and detection to provide the data and context needed to recognize a security breach.

5. Recovery

Recovery is where you play detective to determine what went wrong so that you can get the systems back on line without opening up the same vulnerability or condition that caused the problem in the first place. There is also the post-mortem aspect that determines what changes need to be made to processes, procedures, and technologies to reduce the likelihood of this type of vulnerability in the future.

About the Author

Chris Jackson, Technical Solutions Architect in the Cisco Architectures and Verticals Partner Organization, has focused for the past six years on developing security practices with the Cisco partner community. During a 15-year career in internetworking, he has built secure networks that map to strong security policies for organizations, including UPS, GE, and Sprint. Chris is an active speaker on security for Cisco through TechwiseTV, conferences, and web casts. He has authored a number of whitepapers and is responsible for numerous Cisco initiatives to help build stronger security partners,. He holds dual CCIEs in security and routing and switching, CISA, CISSP, ITIL, seven SANS certifications, and a bachelors degree in Business Administration.


Top 10 Must-Have Skills for IT Pros

There are many skills that IT Pros should know about in doing their day-to-day jobs. That is one of great benefits of being in the IT industry – learning new platforms and products as they are released. The following list has many of the most common ones that most IT Pros should have. While there are ten skills listed, they are not in an ordered ranking. Depending upon the size of the IT infrastructure and environment, some of these might not be applicable.

1. Troubleshooting

Is this a skill, an art, or both? If you ask any seasoned IT professionals, they will tell you that troubleshooting skills are important, very important – and not something that can be readily taught. The difficult part is that troubleshooting is a specific skill set that many corporations simply do not have the time or money to invest. Troubleshooting skills could make or break your career. Not having the required troubleshooting skills could become a RGE (resuming generating event), or it could become a career enhancer when you are able to fix a mission-critical server. All of this being said, one would think that there would be more emphasis on teaching and sharing troubleshooting skills; unfortunately, this is not the case. This is one skill that must be learned only after mastering a particular platform or program.

2. PowerShell and Scripting

No, you don’t have to be a programmer to be a successful network engineer (or vice-versa for that matter), but you do have to know PowerShell. More platforms from Microsoft (Exchange 2007 and Exchange 2010 have some features that can ONLY be implemented with PowerShell) are managed through PowerShell – including the recently released SharePoint 2010. Being able to script many day-to-day tasks will make more time available for proactive tasks.

3. Networking and Interoperability

Interoperability is the key to networking. We live in a highly connected world, a world of disparate platforms. Networking is understanding how to make these platforms communicate. As an IT Pro (and this includes programmers to a certain extent), you must understand the communications protocols, OSI Model layers, and connectivity required for systems to communicate. This also includes understanding connecting and securing wireless networks. This is one skill that is common to almost all IT Pros, whether they are programmers, security personnel, auditors or the help desk personnel.

4. Virtualization

It doesn’t matter which Virtualization technology you use (Microsoft’s Hyper-V, VMware, or even Sun’s VirtualBox), it is the use that is important. Virtualization is being adopted by companies of all sizes as a means to reduce costs through consolidation of servers and lower cooling requirements. Application Virtualization has become very popular with businesses. Having the skill set to deploy applications that connect securely through a browser is critical for companies that have numerous offices.

Virtualization can aid in near real-time response to network conditions by providing for more disaster recovery capabilities. Another interesting area of virtualization is through the use of desktop virtualization. This involved configuring and maintaining the virtual environment whereby users can connect to their own virtual desktop remotely or through the web. Another use for virtualization is for improved instruction for IT education and elsewhere, since there is no longer a need to have large numbers of computers for classrooms.

5. Wireless

As part of our highly connected world, we expect to able to connect wirelessly from almost anywhere at any time. Those IT Pros who can install, configure, and maintain secure wireless networks have a skill that is in high demand. The key word here is secure wireless network. IT Pros with this skill set are in high demand as we expect to be able to securely connect to wireless networks in almost all locations at any time. Implementing a secure wireless environment also means being able to plan and troubleshoot interferences as well. Anyone managing wireless environments must be able to handle the calls that come in from remote users who are having problems with their wireless equipment, and different operating systems capabilities and limitations.

6. Disaster Recovery

This is as much a methodology as a skill set. IT Pros must be able plan, test, and implement a disaster recovery (DR) plan. This is critical for the survivability of a data center or network. One of the hardest tasks is being able to test disaster recovery plans. There is hardly enough time available to perform the critical tasks that need to get done while adding a yearly or semi-yearly test of the DR plan. An integral part of the disaster recovery process is implementing fault-tolerant systems and providing for redundancy in your network.

7. Security

All IT Pros must have a good understanding of both physical and electronic security. One of the most difficult tasks with IT security is educating users. Company information can be gleaned through social engineering that most companies would rather not have divulged. Training users (and IT staff) to be cognizant of and prevent social engineering is extremely difficult. IT Pros must always be aware of security issues and understand the vulnerabilities within their networks (from operating systems, servers to the lowly cable closet). This does not mean that every IT Pro must be able to perform a penetration test against his or her own network, but they must understand and prevent attacks against their network.

8. Database Administration

Corporations retain more information than ever before and are quite dependent on their databases. Regulatory compliance has had a huge impact on database management and data retention. Corporations are required to retain information for a number of years and, in some cases, emails as well. Storage space and solutions have become much cheaper, so there is more emphasis on data retention. Having the ability to create and extract information from one of these databases is critical. Many IT Projects use a SQL backend, Archiving information from Microsoft’s Office Communication Server requires a SQL backend. If you are going to deploy Microsoft Office SharePoint Server (MOSS), this will require a SQL backend. IT Pros these days do not need to be DBAs, but they must be able to administer and maintain these servers. There are several database systems commonly used: SQL, Oracle, and MySQL.

9. Desktop Imaging

Imaging of desktop systems is a critical skill as companies are shifting to standardized desktops and deployments. Part of this is done to deploy a consistent and secure platform as well as to provide ease of management. There are many imaging programs available, as well as Microsoft’s Windows Deployment Services and imaging utilities.

10. Helpdesk (People Skills)

One of the most critical skills that IT Pros need to learn is how to interact with non-technical people. The Help Desk is the first interaction most users have with the IT department, and it should be a positive experience. IT Pros are very good at their jobs, but sometimes lack the ability to relate to their non-tech colleagues. Users just want their computers fixed or their data recovered; they are not concerned with the processes behind our actions. IT Pros should have some experience working at the Help Desk.

These are some of the most important skills that an IT Pro should know. If you don’t know some of these areas, now is the time to learn them. One thing to keep in mind is that you are your own best career manager! You are the only one who can decide where you want to head your career.


Error when installing MS SQL2008 on windows x64 : The INSTANCESHAREDWOWDIR command line value is not valid. Please ensure the specified path is valid and different than the INSTANCESHAREDDIR path.

There seems to be quite a few people getting an error installing MS SQL 2008  on Windows x64 machines. The error message is
The INSTANCESHAREDWOWDIR command line value is not valid. Please ensure the specified path is valid and different than the INSTANCESHAREDDIR path.

 It is a bug with the SQL 2008 installer when installed on windows x64 bit machines. the work around is to specify the path when running the installer by doing it from a command prompt or create a shortcut to the setup.exe on the CD and add the following line next to the setup.exe from the command prompt.

e:\setup.exe /action=install /INSTALLSHAREDDIR=”C:\SQLshared\x64″ /INSTALLSHAREDWOWDIR=”C:\SQLshared\x86″ setup proceeds without issues
Assuming e: is your CD-ROM or where the setup files are located. also here we assume you will be installing it on the C:

If you run into any issues please let us know, this worked for every client we that checked in with us. If it does work for you please still let us know so we know that our tips are useful and we would post more tips as we see them work.

Thank you

ITAhmed


Setup Windows 2008 Server Core – Networking Commands

When you install windows core server, you first need to configure the network component so that it can talk to the network and then managed remotely which would simplify your administration and reduce your frustration.

I have gathered a lot of these commands for you so you do not have to try to reinvent the wheel like I did.

Here is the start of you Networking and Firewall related commands for Server Core.  To configure the IP address you will have to remember (or learn) Netsh.  In my example I use “Local Area Connection”  The quotes are needed due the spaces.  If you renamed your connection name then you will want to use the new name in its place.

Configure a Static IP Address on Server Core:
Netsh int ipv4 set address Local Area Connection static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver Local Area Connection static 10.1.1.5 primary
Netsh int ipv4 set winsserver Local Area Connection static 10.1.1.6 primary

Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address Local Area Connection source=dhcp

Change the name of the network interface on Server Core:
Netsh int set interface name = Local Area Connection newname = Primary Network 

The Windows Firewall is a blessing to some and a curse to others. Either way it is installed by default and you have to understand the commands that are needed to configure the basics and in some cases some advanced commands.

Disable firewall:
netsh firewall set opmode disable

Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely.  The first thing to note here is how to translate the MMC Snap-in to Windows Firewall Rule Group.

Event Viewer – Windows Firewall Rule Group – Remote Event Log Management
Services – Windows Firewall Rule Group – Remote Services Management
Shared Folders – Windows Firewall Rule Group – File and Printer Sharing
Task Scheduler – Windows Firewall Rule Group – Remote Scheduled Tasks Management
Reliability and Performance – Windows Firewall Rule Group – Performance Logs and Alerts and Windows Firewall Rule Group – File and Printer Sharing
Disk Management – Windows Firewall Rule Group – Remote Volume Management
Windows Firewall with Advanced Security – Windows Firewall Rule Group – Windows Firewall Remote Management

To enable all of these rules follow use this command:
Netsh advfirewall firewall set rule group=remote administration new enable=yes


Use Perfmon to monitor servers and find bottlenecks

What and When to Measure

Bottlenecks occur when a resource reaches its capacity, causing the performance of the entire system to slow down. Bottlenecks are typically caused by insufficient or misconfigured resources, malfunctioning components, and incorrect requests for resources by a program.

There are five major resource areas that can cause bottlenecks and affect server performance: physical disk, memory, process, CPU, and network. If any of these resources are overutilized, your server or application can become noticeably slow or can even crash. I will go through each of these five areas, giving guidance on the counters you should be using and offering suggested thresholds to measure the pulse of your servers.

Since the sampling interval has a significant impact on the size of the log file and the server load, you should set the sample interval based on the average elapsed time for the issue to occur so you can establish a baseline before the issue occurs again. This will allow you to spot any trend leading to the issue.

Fifteen minutes will provide a good window for establishing a baseline during normal operations. Set the sample interval to 15 seconds if the average elapsed time for the issue to occur is about four hours. If the time for the issue to occur is eight hours or more, set the sampling interval to no less than five minutes; otherwise, you will end up with a very large log file, making it more difficult to analyze the data.

Hard Disk Bottleneck

Since the disk system stores and handles programs and data on the server, a bottleneck affecting disk usage and speed will have a big impact on the server’s overall performance.

Please note that if the disk objects have not been enabled on your server, you need to use the command-line tool Diskperf to enable them. Also, note that % Disk Time can exceed 100 percent and, therefore, I prefer to use % Idle Time, Avg. Disk sec/Read, and Avg. Disk sec/write to give me a more accurate picture of how busy the hard disk is. You can find more on % Disk Time in the Knowledge Base article available at support.microsoft.com/kb/310067.

Following are the counters the Microsoft Service Support engineers rely on for disk monitoring.

LogicalDisk\% Free Space This measures the percentage of free space on the selected logical disk drive. Take note if this falls below 15 percent, as you risk running out of free space for the OS to store critical files. One obvious solution here is to add more disk space.

PhysicalDisk\% Idle Time This measures the percentage of time the disk was idle during the sample interval. If this counter falls below 20 percent, the disk system is saturated. You may consider replacing the current disk system with a faster disk system.

PhysicalDisk\Avg. Disk Sec/Read This measures the average time, in seconds, to read data from the disk. If the number is larger than 25 milliseconds (ms), that means the disk system is experiencing latency when reading from the disk. For mission-critical servers hosting SQL Server® and Exchange Server, the acceptable threshold is much lower, approximately 10 ms. The most logical solution here is to replace the current disk system with a faster disk system.

PhysicalDisk\Avg. Disk Sec/Write This measures the average time, in seconds, it takes to write data to the disk. If the number is larger than 25 ms, the disk system experiences latency when writing to the disk. For mission-critical servers hosting SQL Server and Exchange Server, the acceptable threshold is much lower, approximately 10 ms. The likely solution here is to replace the disk system with a faster disk system.

PhysicalDisk\Avg. Disk Queue Length This indicates how many I/O operations are waiting for the hard drive to become available. If the value here is larger than the two times the number of spindles, that means the disk itself may be the bottleneck.

Memory\Cache Bytes This indicates the amount of memory being used for the file system cache. There may be a disk bottleneck if this value is greater than 300MB.

Memory Bottleneck

A memory shortage is typically due to insufficient RAM, a memory leak, or a memory switch placed inside the boot.ini. Before I get into memory counters, I should discuss the /3GB switch.

More memory reduces disk I/O activity and, in turn, improves application performance. The /3GB switch was introduced in Windows NT® as a way to provide more memory for the user-mode programs.

Windows uses a virtual address space of 4GB (independent of how much physical RAM the system has). By default, the lower 2GB are reserved for user-mode programs and the upper 2GB are reserved for kernel-mode programs. With the /3GB switch, 3GB are given to user-mode processes. This, of course, comes at the expense of the kernel memory, which will have only 1GB of virtual address space. This can cause problems because Pool Non-Paged Bytes, Pool Paged Bytes, Free System Page Tables Entries, and desktop heap are all squeezed together within this 1GB space. Therefore, the /3GB switch should only be used after thorough testing has been done in your environment.

This is a consideration if you suspect you are experiencing a memory-related bottleneck. If the /3GB switch is not the cause of the problems, you can use these counters for diagnosing a potential memory bottleneck.

Memory\% Committed Bytes in Use This measures the ratio of Committed Bytes to the Commit Limit—in other words, the amount of virtual memory in use. This indicates insufficient memory if the number is greater than 80 percent. The obvious solution for this is to add more memory.

Memory\Available Mbytes This measures the amount of physical memory, in megabytes, available for running processes. If this value is less than 5 percent of the total physical RAM, that means there is insufficient memory, and that can increase paging activity. To resolve this problem, you should simply add more memory.

Memory\Free System Page Table Entries This indicates the number of page table entries not currently in use by the system. If the number is less than 5,000, there may well be a memory leak.

Memory\Pool Non-Paged Bytes This measures the size, in bytes, of the non-paged pool. This is an area of system memory for objects that cannot be written to disk but instead must remain in physical memory as long as they are allocated. There is a possible memory leak if the value is greater than 175MB (or 100MB with the /3GB switch). A typical Event ID 2019 is recorded in the system event log.

Memory\Pool Paged Bytes This measures the size, in bytes, of the paged pool. This is an area of system memory used for objects that can be written to disk when they are not being used. There may be a memory leak if this value is greater than 250MB (or 170MB with the /3GB switch). A typical Event ID 2020 is recorded in the system event log.

Memory\Pages per Second This measures the rate at which pages are read from or written to disk to resolve hard page faults. If the value is greater than 1,000, as a result of excessive paging, there may be a memory leak.

Processor Bottleneck

An overwhelmed processor can be due to the processor itself not offering enough power or it can be due to an inefficient application. You must double-check whether the processor spends a lot of time in paging as a result of insufficient physical memory. When investigating a potential processor bottleneck, the Microsoft Service Support engineers use the following counters.

Processor\% Processor Time This measures the percentage of elapsed time the processor spends executing a non-idle thread. If the percentage is greater than 85 percent, the processor is overwhelmed and the server may require a faster processor.

Processor\% User Time This measures the percentage of elapsed time the processor spends in user mode. If this value is high, the server is busy with the application. One possible solution here is to optimize the application that is using up the processor resources.

Processor\% Interrupt Time This measures the time the processor spends receiving and servicing hardware interruptions during specific sample intervals. This counter indicates a possible hardware issue if the value is greater than 15 percent.

System\Processor Queue Length This indicates the number of threads in the processor queue. The server doesn’t have enough processor power if the value is more than two times the number of CPUs for an extended period of time.

Network Bottleneck

A network bottleneck, of course, affects the server’s ability to send and receive data across the network. It can be an issue with the network card on the server, or perhaps the network is saturated and needs to be segmented. You can use the following counters to diagnosis potential network bottlenecks.

Network Interface\Bytes Total/Sec This measures the rate at which bytes are sent and received over each network adapter, including framing characters. The network is saturated if you discover that more than 70 percent of the interface is consumed. For a 100-Mbps NIC, the interface consumed is 8.7MB/sec (100Mbps = 100000kbps = 12.5MB/sec* 70 percent). In a situation like this, you may want to add a faster network card or segment the network.

Network Interface\Output Queue Length This measures the length of the output packet queue, in packets. There is network saturation if the value is more than 2. You can address this problem by adding a faster network card or segmenting the network.

Process Bottleneck

Server performance will be significantly affected if you have a misbehaving process or non-optimized processes. Thread and handle leaks will eventually bring down a server, and excessive processor usage will bring a server to a crawl. The following counters are indispensable when diagnosing process-related bottlenecks.

Process\Handle Count This measures the total number of handles that are currently open by a process. This counter indicates a possible handle leak if the number is greater than 10,000.

Process\Thread Count This measures the number of threads currently active in a process. There may be a thread leak if this number is more than 500 between the minimum and maximum number of threads.

Process\Private Bytes This indicates the amount of memory that this process has allocated that cannot be shared with other processes. If the value is greater than 250 between the minimum and maximum number of threads, there may be a memory leak.

Wrapping Up

Now you know what counters the Service Support engineers at Microsoft use to diagnose various bottlenecks. Of course, you will most likely come up with your own set of favorite counters tailored to suit your specific needs. You may want to save time by not having to add all your favorite counters manually each time you need to monitor your servers. Fortunately, there is an option in the Performance Monitor that allows you to save all your counters in a template for later use.

You may still be wondering whether you should run Performance Monitor locally or remotely. And exactly what will the performance hit be when running Performance Monitor locally? This all depends on your specific environment. The performance hit on the server is almost negligible if you set intervals to at least five minutes.

You may want to run Performance Monitor locally if you know there is a performance issue on the server, since Performance Monitor may not be able to capture data from a remote machine when it is running out of resources on the server. Running it remotely from a central machine is really best suited to situations when you want to monitor or baseline multiple servers.


Next Posts »

Archives


Categories


Meta

IT Guys blog

This work is licensed under a Creative Commons 3.0 License.

Sade Theme - Created by o-kahn