Dude, what happening to my Windows server?

The successful administration of every server for the great part depends on your capability to have an insight into the server’s daily operations. We may have a general picture about the status of a particular service, like an e-mail or database, and still be missing crucial signs of the improper operations on a daily level.

The simplest way to monitor any server, including Windows servers, is the SNMP monitoring of the essential parameters – CPU load, RAM usage or free disk space. Mikrotik Dude can assist us in this task.

Mikrotik Dude don’t have all the necessary functions and probes for thorough monitoring of all the vital parameters. However, the basic out-of-the-box set of the probes will give us enough information for a heads-up. In addition, we can add our own functions and probes to increase monitoring capabilities.

 

Step one – add the SNMP service

What do we need for this recipe? Not too much; a working Dude server and the SNMP enabled Windows server. In addition, you can use any other NMS solution.

The SNMP service is not installed by default on any Windows server. So, we must add it manually. We can do that either from the GUI or using the command line. As the installation process is very simple and straight forward, I will not describe it here.

03 - SNMP feature

 

Step two – Configure the SNMP service

After the successful installation of the SNMP service, we need to configure it. The first step is to configure a special identifier named community name and the destination hosts which will receive the SNMP network packets.

The community name is an identifier for the subset of available configuration parameters that are available for manipulation. Depending on the identifier, the remote machine can access the data only in read-only or read/write mode.

The most common community name is public. This name is always used for the read-only access. However, if you want a higher level of security, you should assign the different name here.

Although we can send the trap to any available host in the network, it’s strongly advised that you send them only to the host containing the NMS software. We can have more than one machine with such software.

08 - Trap destination and community string

We need to configure the Security tab – we need the community name (public is most commonly used) and we should limit access only to those servers where the NMS software installed.

09 - SNMP security

In most cases, we will use the SNMP version 1 and we don’t need authentication in the trap messages. However, we can protect the SNMP access to our devices with the authentication mechanism. Some devices will not just return their running values but entire configuration over the SNMP queries.

Therefore, I will provide a few more tweaks in the SNMP service configuration. You should always configure the SNMP service to restart on every failure, not only the first two occurrences. It’s really inconvenience that our SNMP monitoring failed just because something stopped the SNMP service.

07 - Postaviti Restart the service

These settings are the bare minimum of the security configuration for the SNMP service. You should not omit any of them. After you reconfigure the service, you must restart it to activate these new settings.

 

Step three – add server on the Dude map

The best way to add any device in the monitoring tool is to add it manually on the map. Although every NMS solution has the auto discovery option, I’m strongly against it. Yes, it will find any device in the network and place it on the map, but… Such map will be overcrowded with device icons, links, networks, etc. Therefore, take my advice and don’t use any auto discovery feature.

We will right-click somewhere in the white space (where we want to place our new device) and choose to add new device in the context menu. The new dialog will open. We need to add at least the device’s IP address. Alternatively, we can use the DNS name, if it’s registered with our DNS server.

11 - add address

The fields User Name and Password are useful only for the Mikrotik RouterOS device. In which case, tick the box in the front of the label Router OS.

The second dialog is more important. We will define all available services on the device. You should click on the button Discovery to begin the discovery process.

12 - add services

During this process, Dude will check the device against every available probe that exists on the server. We can use the basic set of the probes that comes with the installation or we can add our own probes, as well. Also note; the button Discovery is now named Cancel.

After a few minutes, depending on the number of probes, we will see all probes that are associated with our device. We can remove all the probes that are inadequate for our device. Eventually, our list of probes will look similar to this one.

16 - finish

The previous image shows some advanced services that I defined. The probe such as free RAM or free disk space on disk X are not part of the Dude installation set. I’ll leave the explanation of these probes for another article.

Click on the button [ Finish ] and the new icon will appear on the map. In some cases, Dude will not draw any icon, only the name and optional line with basic device parameters. These parameters may include CPU load, occupied disk space or used RAM.

We can add an alternate display name for the device and change the device class. I will only add the name and the type. Moreover, you can define your own device types and associated icons.

18a - add device info

Our configured device will look like this on the map.

19 - server on the map

We can also add the network link between this device and any other network device; like the network switch. In case you’re using virtual machines, you can add the new network icon on the map, named it according your server’s or cluster’s name and then connect VMs to it.

24 - select link type

We should define which side of the link we will be checking. In our case, this is our server. Then we will choose the SNMP monitoring and appropriate interface. We can monitor every interface on the device. This is useful when we have more than one interface, like LAN and WAN or DMZ connections.

The parameters Speed and Type are optional. If we define only type, then we will have different line styles and link speeds associated with it. For example, Fast Ethernet link is defined as a solid line with thickness of 4 pixels and speed of 100,000,000 bits per second (100 Mbps). Then Dude will change the color of the link from black to red if the link speed is near its capacity.

On the other hand, when we have the link of some type, but lower speed, like the fiber optic link with software limit of 30 Mbps and hardware limit of 100 Mbps or 1 Gbps, then, we can type that value in the field named Speed. We can add 30,000,000 in that field and Dude will indicate if the link is near its capacity. A very handy feature for a fast overview of the network links.

25 - new link on the map

 

The SNMP service unlocked Dude’s potentials

Dude can monitor some services out of the box, but these basic services are not enough. Therefore, we may need to define more services to geta clearer understanding of everyday operations of our devices.

The key to successful monitoring of many network devices is in the SNMP protocol. By enabling this protocol on the Windows servers, we can track many parameters. These parameters cover everything from the device’s uptime, over the OS name and version, different network parameters to the disk usage, available partitions, installed services, etc.

In addition to standard SNMP parameters (or MIBs) that every device must have, Windows devices have a few more MIBs that will cover specific areas, like the DHCP or IIS servers. Although we can’t read every possible parameter for these services, we can acquire enough information to build a picture of how our server or specific service works.

We must define our own functions and probes for this purpose. It will take some time, but at the end of the day, we will have a set of powerful functions that will read and alarm on crucial parameters, like CPU load, occupied disk or RAM over 90%; less than 10 free IP addresses in the DHCP pool or too many connections to our IIS server.

Furthermore, reading the network bandwidth, we can capture increased volume of the network traffic. Such behavior can be connected with DDoS or virus attacks. Depending on the server’s role, that also can mean that the capacity of the server is not adequate for its task.

Contrary to other network devices, the Windows servers (and Linux as well) have more computing power. Therefore, you can freely define a larger number of services (or probes) for every server. They are capable of reporting all that data without utilising valuable resources.

I opened some new frontiers and new journeys with this article. We will see in my upcoming articles how to define our own functions and probes for successful monitoring of the Windows servers. Additionally, I will show you how to track the Microsoft DHCP or IIS servers.

Stay tuned.

Advertisements

2 thoughts on “Dude, what happening to my Windows server?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s