Over the last decade, enterprise IT departments have used a wide variety of different types of technologies, including SNMP, WMI, and proprietary agents, in an attempt to tame their Windows servers and reduce the headaches associated with Windows server performance and availability monitoring.
Challenges related to Microsoft Windows monitoring include ensuring Windows servers are up and running, optimizing resource usage on Windows servers, proactively identifying Windows servers and components that are experiencing performance and availability issues before service quality degrades or downtime occurs, and cost-effectively monitoring a broad set of Microsoft applications and technologies. These technologies include:
All of the various flavors of Microsoft Windows servers (2012, 2008, 2003)
Microsoft SQL Server
Microsoft Cluster Service for Windows 2003 and Failover Clustering for Windows Server 2008
Microsoft IIS
Microsoft Active Directory
Microsoft Exchange
Zenoss has supported Microsoft Windows monitoring for several years. Microsoft has also continued releasing new technologies that support monitoring, which meant that in 2013 and continuing on into 2014, Zenoss in turn invested a significant amount of engineering time and effort in both simplifying as well as significantly enhancing our approach to Microsoft Windows monitoring.
Quick Recap of the New Microsoft Windows ZenPack
In December 2013, Zenoss released an updated Microsoft Windows ZenPack, Microsoft Windows ZenPack 2.0. This new version of our Microsoft Windows ZenPack enhanced and consolidated the capabilities of several of our previous Microsoft Windows-related ZenPacks into one new, next-generation Microsoft Windows ZenPack.
The new Microsoft Windows ZenPack 2.0 included monitoring support for all of the various flavors of Microsoft Windows Server (2012, 2008, 2003) as well as monitoring support for other important Microsoft components and technologies, including Microsoft SQL Server, Microsoft Exchange, IIS, Active Directory, and Microsoft Failover Cluster Service, all in one centralized, consolidated Microsoft Windows ZenPack.
The Zenoss engineering team has continued to work throughout 2014 on adding additional enhancements to the Microsoft Windows ZenPack.
Because the Microsoft Windows ZenPack 2.0 has been one of the most popular ZenPacks downloaded by Zenoss users over the last several months, in this article we wanted to share some information about some of the new capabilities the new Microsoft Windows ZenPack, version 2.1.2, provides, including:
Simplification and Consolidation of Multiple Windows ZenPacks
Removal of Samba Dependency
Use of WinRM for Remote Windows Monitoring Support
Per Database Monitoring for Microsoft SQL Server, Per Site Monitoring for IIS
Teamed NIC Monitoring Support
Cluster Awareness
Significant Process Monitoring Enhancements
Enhanced Remote Management Capabilities via WinRS
New Event Management Capabilities via PowerShell
Kerberos Auth/Least Privileged User
Simplification and Consolidation of Multiple Window ZenPacks
The new Microsoft Windows ZenPack replaces previous ZenPacks for Microsoft SQL Server, PySamba (no longer needed, as the new Windows ZenPack does not rely on Samba; more details below), the legacy Windows ZenPack (also known as “WindowsMonitor”), Active Directory, Exchange, and IIS.
This simplification and consolidation significantly reduces the complexity of Microsoft Windows monitoring, which means a big reduction in the amount of time and effort required to monitor all of the various Microsoft Windows components and technologies in your enterprise IT infrastructure.
Removal of Samba Dependency
The new Microsoft Windows ZenPack no longer relies on Samba under the covers. Troubleshooting issues with Samba was difficult, as was supporting newer versions of Windows, as Samba is essentially an attempt to reverse-engineer a proprietary binary network protocol, whereas WS Management (WinRM) is an open standard.
Furthermore, Microsoft is deprecating DCOM RPC because DCOM RPC is not as secure as WinRM. They have publicly stated that WS Management is the way Windows will be monitored in the future.
Use of WinRM for Remote Windows Monitoring Support
The new Microsoft Windows ZenPack from Zenoss utilizes WinRM to monitor hosts running the Microsoft Windows operating system.
WinRM is the latest Microsoft management technology, is a part of the Windows Remote Management Framework, and in essence brokers WMI calls via SOAP. Due to the use of SOAP, WinRM easily traverses NAT firewalls, which eliminates many of the infrastructure complexities related to monitoring multiple servers.
Per Database Monitoring for Microsoft SQL Server, Per Site Monitoring for IIS
One of the most exciting features now provided through the use of WinRM in the new Microsoft Windows ZenPack is per database monitoring for Microsoft SQL Server and per site monitoring for IIS.
With the new Microsoft Windows ZenPack, you can now monitor Microsoft SQL Server on a per-database basis, which gives you transactions, table sizes, and other metrics for each database. Even better, our new Microsoft Windows ZenPack allows you to monitor multiple Microsoft SQL Server instances on the same servers, with all metrics pulled directly from Microsoft SQL Server via WinRM.
Monitoring IIS with the new Microsoft Windows ZenPack gives you visibility into each virtual website. This includes requests per second and throughput. Even better, if you add a new site, Zenoss will automatically pick it up on the next modeling cycle, so you don’t have to remember to do it!
Teamed NIC Monitoring Support
Based on some of the new performance monitoring now available in our updated Microsoft Windows ZenPack, we recognized the need to monitor teamed NICs. Teamed NICs utilize IEEE 802.1ad to aggregate multiple NICs into a single group, enabling failover as well as bandwidth sharing.
The new Microsoft Windows ZenPack is aware of and will monitor teamed NICs for failover, and can alert you when one of the NICs fails.
Cluster Awareness
Along with support for teamed NICs, the new Microsoft Windows ZenPack is also cluster aware. If you add a cluster IP address, it will iterate through each server in the cluster, add the server for monitoring if it doesn’t exist, or link the server to the cluster organizer if it does.
Significant Process Monitoring Enhancements
As all Windows server administrators know, process monitoring in Windows can be pretty tricky.
The older versions of our Microsoft Windows ZenPack really didn’t do much in the way of process monitoring, mostly due to challenges with the way Windows names processes. For example, if a process automatically starts as a Windows Service, often it simply displays as SVCHOST.EXE. When a lot of processes all display using the same string, it can be really hard to tell which one is doing what.
Differentiating between a service you care about (the printer spool), and something you don’t care about (like Windows Image Acquisition) is very difficult when everything starts with SVCHOST.EXE.
Java and Java applications also present very similar challenges in terms of process monitoring. Each process has a long and complex Java command line, which starts with Java and ends (maybe!) with the application name you care about.
With the new Microsoft Windows ZenPack, new process monitoring capabilities can expand SVCHOST.EXE processes to something more meaningful, as well as monitor sets of processes and alert based on the total number of processes. This not only allows more comprehensive process monitoring, but also more useful event details. For a much more detailed explanation of the new process monitoring capabilities the new Microsoft Windows ZenPack provides, as well as how you can automate process monitoring with Zenoss, see “Use Process Sets to Monitor More Efficiently and Reduce Monitoring Costs“.
Enhanced Remote Management Capabilities via WinRS
Our new Microsot Windows ZenPack also includes enhanced remote management capabilities via WinRS.
For years, monitoring Linux, Unix, and even routers like Cisco and Juniper, was relatively simple because, if you needed to monitor a parameter that isn’t included in the SNMP MIB, you could simply write a script that would run via SSH or Telnet and return the data you need. However, there wasn’t really a good way for writing a script to collect parameters on the Windows side of the house.
To fix this Windows monitoring issue, Zenoss now utilizes WinRS to run remote windows shell, or PowerShell commands, and pull back the resulting information via SOAP.
Since the new Microsoft Windows ZenPack utilizes the new capabilities provided by Microsoft WinRS, you can now pull back any set of data from a remote Windows host. Leveraging the new WinRS capabilities makes managing Windows applications and other more arbitrary and site specific aspects of a Windows Server possible.
New Event Management Capabilities via PowerShell
The new Microsoft Windows ZenPack also includes new event management features, including powerful new PowerShell event filtering logic. The new PowerShell event filtering logic allows specific event log entries, classes of entries, or arbitrary groups of entries to be returned to Zenoss as an event. This reduces the number of event log entries sent to Zenoss for processing, which in turn reduces hardware cost and complexity.
Kerberos Auth/Least Privileged User
Microsoft’s implementation of the Kerberos authentication system isn’t compatible with the MIT Kerberos software or the corresponding RFCs. This means that even products like Chef cannot authenticate against Windows today using Kerberos. The old Windows ZenPack used NTLM v2, which is not as secure as Kerberos, which is an industry standard, to authenticate with Windows devices.
The new Microsoft Windows ZenPack leverages the txwinrm library under the hood to support Kerberos and allow secure authentication and least privileged users.
Next Steps
The new Microsoft Windows ZenPack is included as a part of the 4.2.5 package for both Zenoss Core, and Zenoss Service Dynamics. If you are using Zenoss for your Windows monitoring, we strongly encourage you to check out the new capabilities provided in the latest Windows ZenPack.
New to Zenoss?
If you are new to Zenoss, check out the following links, which provide more information about Zenoss and the Zenoss Service Dynamics platform:
Watch a quick two-minute tour that gives you an overview of Zenoss and how Zenoss can help your more efficiently and cost-effectively monitor your environment.
Read Unified Service Insight from Zenoss to get a quick overview of how Zenoss Service Dynamics provides Unified Service Insight into the end-to-end operation of IT infrastructures and supports service delivery, improves service quality, and reduces your IT operational costs.
Read Zenoss Service Dynamics: Technical Feature Overview to learn more about the technical features available in Zenoss Service Dynamics.
Request a free trial! See how you can use Zenoss more in your environment to more effectively and cost-effectively monitor and manage your environment using a single, unified monitoring view and unified monitoring processes.