6. maintain and monitor Flashcards
WSUS (Windows Server Update Services)
a role that allows a local server on the network to function as the back end for the windows update client. allowing it to supply updates to all the other servers and workstations on your network.
uses a sql database
Single wsus server
downloads updates from microsoft update website and all the other computers on the network download their updates from the wsus server. a single wsus server can support as many as 25,000 clients.
replicas wsus server
one central server downloads updates from the microsoft update site and wsus servers at remote locations obtain approved updates from the first server and distribute them to the clients.
autonomous wsus servers
the remote servers download all the updates from the upstream wsus server and an admin at each site approves certain updates for their clients.
low bandwidth wsus server
remote sistes only download the list of approved updates from the central server without downloading the full update.
disconnected wsus servers
administrators download the updates and save them to removable media to be deployed at remote sites.
upstream server
where servers get their updates
synchronize from microsoft update
configure the server to download all update information and updates from Microsoft servers
synchronize from another WSUS server
configures the server to download all update information from another wqsus server on your network.
server-side targeting
manually selecting which computers go into which groups for updates
Client-Side Targeting
allows clients to automatically add themselves to a group for updates
windefend
windows defender, the built-in anti-malware solution for windows 10 and windows server.
Real-time Protection
allows windows defender to continuously scan the system for malware. windows defender will try to turn this feature back on if you turn it off.
cloud-based protection
allows windows defender to send information about its findings to Microsoft servers in the cloud.
sample submission
allows windows defender to send samples of infected files to Microsoft servers.
exclusions
enables users to specify files and folders and file types that should be excluded from window’s defender scans.
Windows Server Backup
a windows server backup is intended to back up entire server volumes on external drives.
windows server backup requires you use either an internal or external disk and it require the drive to be reformatted for backups only
does not support tape drives
Authoritative restore
forces the newly restored domain controller settings on all other active directory domains.
you cannot use an authoritative restore to restore group policies that you have accidentally deleted.
Performing a restore
administrators should perform test restores at regular intervals to ensure the the backups are completing correctly.
nonauthoritative restore
restores the active directory domain controller and syncs it with the other domain controllers for them to push their settings on it.
group policy management console
allows you to backup group policy objects
backing up hyper-v
You need to back up the host and the guests. when restoring you need to restore the host and recreate your vms before restoring their roles.
volume shadow copy service
a service for backing up vms that backs up the virtual machine config files, the virtual hard disks, and any checkpoints associated with the vm.
appcmd.exe
a utility used to backup xml files for iis servers these xml files are the configuration files.
Performance monitor
a tool that displays system performance statistics in real time. can display hundreds of different statistics called performance counters.
performance counter
a measure of the current activity in one specific hardware or software component.
Performance object
specifies the hardware or software component in the computer you want to monitor
baseline
a set of readings captured under normal operating conditions which can be saved to compare to at a later date
data collector set
organizes data collection points like performance counts and event trace data into a single collection. these sets are stored in a log file. you can create custom data collector sets or used premade ones.
Bottleneck
a component that is not providing acceptable levels of performance compared to the other components in the system.
%processor time
specifies the percentage of time that the processor is busy. below 85% is acceptable anything over that you can consider a bottleneck.
processor queue length
specifies the number of program threads waiting to be executed by the processor. if the value is greater than 10 you should consider upgrading your processor.
queue length
specifies the number of requests waiting to use a specific processor. values greater than 4 should be considered a bottleneck and you should either add a processor or upgrade it.
interupts/sec
specifies the number of hardware interrupts the processor is servicing each second. is significant when compared to an established baseline. processor interrupts are generally caused by other components so try and root out the evil and squash it or replace it.
page faults/sec
specifies the number of times per second that the code or data needed for processing is not found in memory. this value should be bellow 5
hard fault
soft fault - the data is in memory but it was not found in the expected place
hard fault - the data was not found in memory and must go out to disk to get it
excessive hard faults mean you should downloadmoreram.com
pages/sec
specifies the number of times per second that required information was not in ram and had to be accessed from disk.
this data set should be lower than 20 if greater figure out what application is causing it or install more ram.
available mbytes
specifies the amount of available physical memory in megabytes are available. this value should be as high as possible and should not fall below 5% of the systems total memory. limited memory availability may be an indicator for a memory leak.
committed bytes
specifies the amount of virtual memory that has space reserved on the disk paging file. could indicate a memory leak if this number is greater than the installed ram.
pool non-paged bytes
specifies the size of an area in memory used by the operating system for objects that cannot be written to disk. this number should be stable and it should not grow unless you have modified your server workload.
disk bytes/sec
Specifies the average number of bytes transferred to or from the disk each second. this value should be equal to the baseline value and if not it could mean a disk is going to fail.
avg. disk bytes/transfer
specifies the average number of bytes transferred during read and write operations should be even to the baseline.
current disk queue length
specifies the number of pending disk read or write activities. this value should be as low as possible with values less than 2 being acceptable per disk spindle.
% disk time
specifies the percentage of time that the disk drive is busy. a high value means that the disk is unable to keep up with activities demanded of it. additionally it could mean that a memory problem is causing increased paging.
%free space
specifies the percentage of free space on the disk.
network interface: bytes total/sec
specifies the number of bytes sent and received per second by the selected interface adapter this number should either be higher or equal to the baseline.
output queue length
specifies the number of packets waiting to be transmitted by the network interface adapter. this value should be as low as possible even 0 if possible.
server: bytes total/sec
specifies the total number of bytes sent and received by the server overall its network interfaces. this value should be no more than 50% of the total bandwidth capacity.
performance counter alert
monitors the values of specific counters and performs a task such as sending an email to an administrator.
