Monitoring vs. Accessing• Administrators have great power, so must use judiciously.• Can change permissions, change ownership etc., so can silently examine drives on remote Network Design & Administration machines while users still logged on.• Can monitor actions, usage of resources, processes.• Do not have time to watch everything! 2
Historical vs. Real-timemonitoring• Historical monitoring summarises information over a time period: • Essential for an organisation that is trying to understand and improve its performance. Network Design & Administration • Indicates need for upgrades. • Justifies spend.• Real-time monitoring looks at the current/recent situation: • Used to understand problem/issue. 3 • Generates a relatively quick action/response.
Monitoring User Machines• Monitoring may imply high level, light touch: • How much printing is a user doing? • How close are they getting to their disk quotas?• May also imply detailed management checking: Network Design & Administration • What are they actually storing on disk? • How active at the computer actually are they?• May be needed for security: • Are there a lot of failed attempts to log in at one particular machine? 4
Monitoring Servers• Need to catch potential problems before they cause delays/inconvenience.• Question: What sort of problems? • Running out of disk or disk faults. Network Design & Administration • Memory leaks we want to programs. Question: why dodue to faultymonitor servers? • Network limitations. • Dead services/daemons meaning tasks not performed. • General resource shortages. 5
How to monitor or checkmachines• There are a number of ways as: • Use Microsoft Management Console locally. • Physically log on at user machine. Network Design & Administration • Remote log in. • Use MMC addressing other machine. • Use log entries/audit trails/real-time monitoring. 6
Microsoft ManagementConsole• Already encountered this when looking at users and computers.• Provides a central point of management for different objects and resources.• Can start via “admin tools”. Network Design & Administration• Alternatively, can use the MMC (mmc.exe) and include a snap- in (e.g. gpedit.msc)• MMC can also be redirected to another machine. 7
Physically logging in• Can be inconvenient to both user and admin.• Sometimes necessary. • e.g. if network card has died. Network Design & Administration• More often used when helping a particular user.• Sometimes users prefer local presence.• Can be costly…• Is there an alternative? 8
Remote Log in• A better solution!• Use Remote Desktop to remotely log into a client machine.• Particularly used for monitoring servers, which may be in remote locations. Network Design & Administration• Uses Remote Desktop Services at target machine and client program (Remote Desktop Connection) at admin’s desktop machine.• Needs to be set up at both ends.• Question: Can you think of why this is a good thing to do?• Question: Can you think of any potential problems? 9
Client-side remote desktopaccess• Can simply be set up from System properties• By default, Network Design & Administration Administrator group members are granted remote access permission• Additional users can be added 10
Remote Desktop Services• Previously called Terminal Services in pre-Windows Server 2008 editions.• Allows clients to use server as if it were their PC.   Network Design & Administration • Questions: • Why would you want to use a single machine? • What benefits would it provide? • Are there any special considerations for the server to take into 11 account?
Configuring Server side remotedesktop services Network Design & Administration 12
Remotely accessing a Unixserver• Not all servers will be running Windows Server.• A number of companies and universities use Unix/Linux within their workplace.• Could be setup to provide roles: Network Design & Administration • DNS • Web Server • File Server • Print Server • (Pretty much everything Windows Server can offer)• Question: How do we remotely administer and maintain 13 them?
Monitoring the Server• Servers are important!• Need to constantly monitor the health of a server because of its mission critical nature.• Things to monitor: Network Design & Administration • Processor (usage & temperature) • Disk (performance, usage, throughput) • Memory (utilisation, page file etc.) • Network• To monitor server, best to start from a baseline.• Baselines can change over time with the addition of new 14 hardware & software.
Monitoring via the EventViewer• Accessed from “Administration Tools” menu.• Should be looked at Network Design & Administration regularly. This needs to be part of a procedure (come back to this in a future lecture)• Event viewer can also 15 access event logs on a remote machine.
Event Logs• Application – about specific programs, depends on what developers decided to log.• System – about components e.g. device driver fail to load, or service fail to start. Network Design & Administration• Security – e.g. failed logons, attempts to access protected resources. Entries ONLY turn up if explicitly set up – none by default.• Additionally - domain controllers, DNS servers have extra logs specific to them. 16
Real time monitoring• Task Manager gives live real-time information • Processor and memory. • Applications and processes. Network Design & Administration • Network Utilisation. • Users connected to a system.• Can only be used to view information for local system (though can use remote desktop – but what is problem then?)• Has no logging capability. 19
Performance Console• Snap ins to display real-time data, record over time, and execute actions when trigger values reached.• System Monitor displays default of: • Memory: Pages per Sec Network Design & Administration • Physical Disk: Average Disk Queue Length • Processor: % Processor Time• Do not monitor too many/too often – generate system overheads.• Do not monitor too infrequently or could miss spikes. 20
Performance Logs & Alerts• Counter Log • Capture stats for specified counters to log file for later analysis.• Trace Logs Network Design & Administration • Records information about system apps when certain events occur.• Alerts • Perform action when counter reaches specified value. 22