Securing Operating Systems Ch.11
Counter example
% Processor Time counter measures the percentage of processor time that is in use by non-idle processes.
SNMP management system
A computer running management software, Sends and requests information from an SNMP agent
Handle
A resource, such as a file, used by a program and having its own identification so the program is able to access it
Templates that can be deployed from the Create new Data Collector Set Wizard:
Active Directory Diagnostics, Basic, System Diagnostics, System Performance, WDAC Diagnostics.
Microsoft operating systems and components compatible with SNMP
All versions of Windows Server OSs from Windows 2000 Server to Windows Server 2016, All versions of Windows workstation OSs from Windows 2000 to Windows 10, WINS servers, DHCP servers, Web (IIS) servers, Microsoft Remote Access servers.
Counter
An indicator of a quantity of the object that can be measured in some unit, such as percentage, rate per second, or peak value, depending on what is appropriate to the object
Data Collector Sets tool
Another vehicle that is used to monitor performance and to consolidate performance information
SNMP Agent
Any computer or network device running SNMP agent software. Responds to the management system's request for information
Threads
Blocks of code within a program
Performance monitor
Can be used to monitor components such as hard disks, memory, the processor, a network interface, a started process, and the paging file
SNMP can be used for the following:
Configuring network devices, Monitoring the performance of a network, Locating network problems, Monitoring network usage.
Performance Monitor has several predefined data collector sets that you can run at anytime without first creating them through the ____________________
Create new Data Collector Set Wizard
If you right-click an application, several active options appear in a shortcut menu, such as:
Expand, Restart, End task, Resource values, create dump file, Go to details, Open file location, Search online, Properties.
Each data collector set consists of properties that you can configure as follows:
General, Directory, Security, Schedule, Stop Condition, Task.
Non-Paged Pool
Hold the OS kernel and device drivers that cannot be paged out. These processes are always kept in physical memory or RAM to assure faster, uninterrupted service.
Server monitoring
Is performed for the following reasons: •To establish a baseline of performance so problems can be more easily identified when they occur •To prevent problems before they occur and to diagnose existing problems
You can use three view modes when monitoring objects:
Line, Histogram Bar, Report
Network performance data can be a quick diagnostic tool, not only to determine if the network is busy but also to ensure that the ___ is connected and working
NIC
Plan to gather data such as the following:
Network Interface performance counter, IPv4 and IPv6 performance counters, TCPv4 and TCPv6 performance counters.
Page Fault
Occurs whenever memory pages are called by a program or process from the paging file on disk
three basic types of data collection tools and formats
Performance counters and performance counter reports, traces and trace reports, system configuration data.
When monitoring the performance of a server, four objects are often used:
Processor, Memory, Physical Disk, Network Interface.
Benchmarks/Baselines
Provide a basis for comparing data collected during problem situations with data showing normal performance conditions
Paged Pool
Represents data that can be stored in the paging file and so can be paged in and out of the virtual memory
Performance Monitor can be opened from
Server Manager, The Windows Administrative Tools folder through the Start button, An MMC snap-in
Windows Server 2016 includes the ____ _______ tool
Task Manager
Committed memory
The number of bytes a process has designated for use and that are promised by the OS to a designated portion of the page file
Performance counter report
Tracks information using objects, counters, and instance
Data collector sets can be created in several ways:
Use a predefined data collector set, The Data Collector Sets tool also enables you to start a wizard and select a template to use for creating a data collector set
Simple Network Management Protocol (SNMP)
Used for network management on TCP/IP-based networks, Provides administrators with a way of centrally managing workstations, servers, hubs, and routers from a central computer running management software
Data collector set
a collection of diagnostic and performance information in the form of a report or log
Histogram Bar
a running bar chart that shows each object as a bar in a different color
Line
a running line chart of the object that shows distinct peaks and valleys
The processes tab shows
all the software applications, background processes, and Windows processes running from the server console
The Details tab lists the processes in use by all running ____________
applications
You can check dependencies by double-clicking a service and clicking the ___________ tab
dependencies
To view programs in use and the amount of CPU or memory occupied by an individual program, right click a user and click ______
expand
Sometimes _________ are associated with a counter
instances
Trace report contains only those instances when the events _____
occur
Hard disk bottlenecks affect the overall server ___________
performance
The __________ tab shows vital CPU and memory performance information through graphs and performance statistics.
performance
The Details tab also shows information about each started _______
process
Report
provides numbers on a screen, which you can capture to put in a report
The task manager tool can be used to monitor applications and processes running on a ______
server
Servers are always running a number of ________
services
Base priority class
the priority at which a process runs is set in the program code of the application.
A _____ monitors particular events
trace
- Windows Server 2016 does not come with a full-fledged SNMP network management system application.
true
After you create a report, you can go back to it by finding that report under Reports in the tree within the Reliability and Performance Monitor tool
true
An instance exists when there are different elements to monitor, such as individual processes when you use the Process object
true
By using the details tab within task manager, you can increase the priority of a process (or processes) in the list so that it has more CPU priority than what is set as its default
true
For diagnosing system and network problems, the predefined System Diagnostics data collector set is valuable
true
If the base priority class is not set by the program, a normal (average) priority is set by the system
true
If you need to stop a process, simply highlight it and click End task
true
If you want to manage services using more management options, use Server Manager or the Computer Management tool
true
Memory bottlenecks can be caused by insufficient memory or inefficient programs
true
Monitoring the network is one of the monitoring tasks you should set out to do early on as it provides a way to determine baselines and later to compare baseline data with current system performance statistics to locate a problem source
true
Network performance information shows real-time send and receive throughput on the network.
true
One should gather benchmarks on typical network error levels so one knows at what point an increase in network errors signals a problem
true
Pausing a service takes it offline to be used only by Administrators or Server Operators
true
Processes or services running on a server are displayed according to CPU, memory, disk and network
true
Resource Monitor shows disk I/O and the highest active time
true
Resource monitor is very useful for a first quick analysis of a problem
true
SNMP provides network management services through agents and management systems
true
The Create new Data Collector Set Wizard steps you through deploying one of these templates
true
The Services tab in Task Manager shows the services that are started, stopped, or paused
true
The Windows Management Instrumentation (WMI) Software Development Kit (SDK) enables SNMP applications to access SNMP data
true
The default view in performance monitor is in the line mode, showing a grid that you use for graphing activities on the server
true
Using a predefined data collector set helps to take the guesswork out of what to monitor
true
When you experience a problem on a server that is associated with a service, check the status of the service to make sure that it is started or set to start automatically.
true
With network bottlenecks, problems to look for include a problem with a server NIC or a network that is saturated with traffic
true
You can access server services through Server Manager or the Computer Management tool
true
You can monitor one or more objects at a time as a way to get a better understanding of how particular objects interact
true
You can sign out a user by clicking that user and clicking the Disconnect button (this ensures that any open files are closed before the user is signed out)
true
You can start, stop, pause, resume, or restart a service by right clicking on it and clicking any of these options.
true
You can use Task Manager to view applications running on the server by pressing CTRL+ALT+DEL while logged on as Administrator or as a member of the Administrators group
true
The _____ tab provides a list of the users currently signed in
users
Resource Monitor provides a real-time snapshot for monitoring the following resources:
•CPU •Memory •Disk •Network
Sample benchmarks that you might establish include the following
•Test benchmarks of disk, CPU, memory, and network response before releasing a new operating system, server hardware, or a complex application to users •Slow, typical, and heavy usage of disk, CPU, memory, and other server resources for each server •Slow, typical, and heavy usage of the combined network and server resources •Growth of use of network and server resources at specific intervals, such as every six months to a year
Processor(s) in a server can be a bottleneck for several reasons:
•The processor does not have enough processing speed •One or more applications are inefficient or poorly programmed
