Preparing for operation tasks

  • Article

Updated: April 8, 2010

Applies To: Unified Access Gateway

This topic describes some of the prerequisite tasks you may need to do, in order to effectively monitor Forefront Unified Access Gateway (UAG). They include:

  • Configuring a baseline for performance monitor counters

  • Configuring Forefront UAG logging

Configuring a baseline for performance monitor counters

The Performance Logs and Alerts MMC snap-in is a tool that you can use to help with monitoring and troubleshooting. When dealing with performance management, you should continually evaluate a server’s ability to deliver the level of performance that is required to handle a specific load of concurrent users, and the published applications that they use. The performance of the Forefront UAG server can be affected by the status of hardware resources on the servers.

Regardless of what part of the system you are tuning, you should create a baseline against which to measure performance changes. You should establish a pattern of system behavior for when the system is idle, as well as when specific tasks are being executed. In this way, your first data-gathering pass is used to establish a baseline set of values for the system's behavior. The baseline establishes the typical counter values that you'd expect to see when the system is behaving satisfactorily.

The baseline creation process begins with the collecting phase. During this phase, you gather data with the collection of performance counters that you've chosen, for a specific part of the system. These counters could be for resources, such as the network, server, or CPU.

The following procedure provides an example of how to create a baseline for performance monitor counters.

To create a baseline for performance monitor counters

  1. After Forefront UAG has been installed and configured correctly, create and save a counter log over a defined period, using a time interval between collections.

  2. After you have collected your data and completed an analysis of the results, you can determine a baseline for the Forefront UAG server.

  3. A monthly counter log should be created using the same time interval. At the end of each month, the performance counter log should be analyzed against the baseline counter log. This will help you analyze the data to determine where a bottleneck is, and foresee when you will need to make changes to your environment as the company grows.

Note

A performance number is only an indicator; it does not necessarily identify the actual bottleneck, because a performance problem can be traced back to multiple sources. It is also not uncommon for problems in one system component to result from problems in another component. For example, a memory shortage can also be indicated by increased disk and processor use.

Note

After major changes have been made to an environment, you should create a new baseline counter log.

For more information on how to configure performance monitoring, see the Performance Monitoring Getting Started Guide (https://go.microsoft.com/fwlink/?LinkId=183028).

For more information on specific counter monitoring for your Forefront UAG server information, see Taking your Server’s Pulse (https://go.microsoft.com/fwlink/?LinkId=183515).

Configuring Forefront UAG logging

Forefront UAG can log Forefront UAG-related events to a variety of tools and output formats. Using event logs, you can gather information about system usage, monitor user activities, be alerted about security risks, and assist remote users if they encounter problems while accessing the internal resources that are published by Forefront UAG.

The main types of event logging used in Forefront UAG are:

  • Built-in Forefront UAG logger—Logs events to the native Forefront UAG format.

    Note

    1. It is recommended that the log files are stored on the local Forefront UAG server.

    2. When enabled, you can use the Web Monitor to query this event log, and to filter events according to type, time, and other parameters. A new event log file is saved every day. Note that the Web Monitor can be used only if the built-in reporter is enabled.

  • Event logging to a SQL server—Forefront UAG supports logging to an SQL Server database using the logging functionality provided by Forefront Threat Management Gateway (TMG). You can enable logging to a remote SQL server, or to a local SQL Server Express database running on the Forefront UAG. After SQL Server logging is enabled, Forefront UAG events that are written to the Forefront UAG built-in logging mechanism are also written to the SQL Server log.

    Note

    Forefront UAG also allows you to log to a RADIUS accounting server, Syslog server and an SMTP server.

For instructions on logging events, see Configuring event logging.