The performance of the Forefront UAG server can be affected by the performance of resources on the servers. As and when required, you should compare collected performance monitor information against baseline information in order to analyze the performance of the Forefront UAG servers.
Check the following:
- Performance monitor counters—The
Performance monitor can provide ad hoc monitoring information of
your Forefront UAG server resources. To fully utilize the
performance monitor, you should create a baseline and then use it
to assess the status of the Forefront UAG resources. There are many
performance monitor counters that you can use to monitor your
servers. For more information, see Taking your Server’s Pulse
(http://go.microsoft.com/fwlink/?LinkId=183515).
The following are examples of some of the counters that you should monitor on an on-demand basis. You should configure alerts based on the baselines set for Forefront UAG servers.
General resource utilization counters
Counter name Description LogicalDisk: % Free Space
Hard disks drives are a critical component of your Forefront UAG servers. Without sufficient free disk volume, neither the operating system nor Forefront UAG can function correctly. The LogicalDisk: % Free Space counter reports the percentage of unallocated disk space to the total usable space on the logical volume.
Processor : % Processor Time
The % Processor counter provides a measure of how much time the processor actually spends working on productive threads and how often it was busy servicing requests. CPU utilization provides information about how busy your CPUs processors are. You can monitor the percentage of your server's CPU utilization.
Memory : Pages/sec
The Pages/sec counter is a combination of Pages Input/sec and Pages Output/sec counters. This counter is a general indicator of how often the system is using the hard drive to store or retrieve memory associated data.
Important Forefront UAG DirectAccess specific counters
Object name Counter name IPSec DOS Protection
Current State Entries—The number of active state entries in the table. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal interface.
IPSec DOS Protection
Inbound Rate Limit Discarded ICMPv6 Packets/sec—The rate at which ICMPv6 packets are received on a public interface and discarded because they exceeded the rate limit for ICMPv6 packets per second. ICMPv6 Echo request and response packets are used to determine the closest Teredo relay that can be used to communicate with an IPv6 host.
IPSec DOS Protection
Inbound Rate Limit Discarded IPv6 IPsec Authenticated Packets/sec—The rate at which authenticated IKEv1, IKEv2, AuthIP, or ESP IPv6 packets, are received on a public interface and discarded because they exceed the rate limit for IPv6 IPsec authenticated packets per second. An authenticated packet is an IPsec packet with an associated state entry.
IPSec DOS Protection
Inbound Rate Limit Discarded IPv6 IPsec Unauthenticated Packets/sec—The rate at which unauthenticated packets are received on a public interface and discarded because they exceed the rate limit for IPv6 unauthenticated packets per second. An unauthenticated packet is a packet without an associated state entry.
Forefront UAG DNS64
Total Query Average Processing Time—The average total processing time it takes for a DNS64 query to complete.
Forefront UAG DNS64
Total Query Dropped—The total number of unsupported queries to the DNS64.
IPsec AuthIP IPv6
Failed Main Mode Negotiations per Second—The rate of failed main mode negotiations.
IPsec AuthIP IPv6
Failed Extended Mode Negotiations per Second—The rate of failed extended mode negotiations.
IPsec Driver
Packets That Failed Replay Detection per Second—The rate of packets that contained an invalid sequence number since the computer was last started. Increases in this counter might indicate a network problem or replay attack.
IPsec Driver
Incorrect SPI packets per Second—The rate of packets for which the Security Parameter Index (SPI) was incorrect since the computer was last started. A large number of packets with bad SPIs within a short amount of time might indicate a packet spoofing attack.
Teredo Server
In - Teredo Server Total Packets: Success + Error—The total packets received by the Teredo server.
- Free disk space—It is important to
monitor the amount of available storage space on your disks,
because programs might fail due to an inability to allocate space.
You can also monitor free disk space by using:
- Windows Explorer, to check for free disk
space on drives on the Forefront UAG server.
- Resource monitor Disk Storage, to see how
much disk space is being used.
- Windows Explorer, to check for free disk
space on drives on the Forefront UAG server.
If System Center Operations Manager 2007 is deployed, you can use the Forefront Unified Access Gateway (UAG) System Center Operations Manager (SCOM) Management Pack (version 4.0.1095.0) to monitor performance on Forefront UAG servers. For more information, see System Center Operations Manager 2007 (http://go.microsoft.com/fwlink/?LinkId=183514).
For more information about the Forefront UAG System Center Operations Manager (SCOM) Management Pack (version 4.0.1095.0), see Using System Center Operations Manager (SCOM).