<%NUMBERING1%>.<%NUMBERING2%>.<%NUMBERING3%> PRTG Manual: Monitoring via WMI

Windows Management Instrumentation (WMI) is Microsoft's base technology for monitoring and managing Windows based systems. PRTG uses this technology to access data of various Windows configuration parameters and status values. However, sensors using the WMI protocol generally have a high impact on the system performance. In addition to strict WMI sensors, there are sensors which use another approach to monitor Windows systems with less influence on the system performance.

Monitoring Windows Systems: Performance Counters

Besides sensors which monitor Windows systems only via WMI, PRTG provides sensor types which use a hybrid approach. These sensors first try to query data via Windows Performance Counters using Remote Registry Service. Querying Performance Counters needs less system resources than monitoring via WMI. These Windows sensors use WMI as a fallback if Performance Counters are not available or cannot be read out. When running in fallback mode, PRTG re-tries to connect to Performance Counters after 24 hours. This is the default approach and can be changed in the Windows Compatibility Options in the Device Settings. Though, it can be the case sometimes that these Performance Counters differ from the direct method.

Note: You can identify these hybrid sensors by looking at their categories, for example, in the add sensor dialog. Search directly for "windows" and select "Performance Counters" as Technology Used. Among them are various sensors with "Windows" in the name, as well as some Hyper-V sensors.

How WMI Works

WMI allows accessing data of many Windows configuration parameters, as well as current system status values. Access can be local or remote via a network connection. WMI is based on COM and DCOM and is integrated in Windows 2000, XP, 2003, Vista, 2008, Windows 7, and Windows 8 (add-ons are available for Windows 9x and NT4). PRTG officially supports WMI for Windows Vista or later.

In order to monitor remote machines, PRTG's WMI sensor needs Active Directory account credentials to have access to the WMI interface. You can enter these credentials in PRTG for the parent device or group, or in the Root group. The sensor will then inherit these settings.

Note: Sensors using the Windows Management Instrumentation (WMI) protocol generally have high impact on the system performance! Try to stay below 200 WMI sensors per probe. Above this number, please consider using multiple Remote Probes for load balancing.

For an overview and details about all WMI sensors, please see the List of Available Sensor Types section.

Limitations of WMI on Windows Vista and Windows Server 2008 (R1)

You should be aware that performance of WMI based monitoring is drastically limited when the monitoring station or the monitored client runs on Windows Vista or Windows Server 2008 (R1). When it comes to network monitoring via WMI, Windows Server 2008 R2 is many times faster than Windows Server 2008 (R1) or Vista.

Note: These are not limitations of PRTG, but arise from the WMI functionality built into the Windows operating systems mentioned.

The results of our tests are:

  • On Windows Server 2008 R2 or Windows 7 you can run about 10,000 WMI sensors with one minute interval under optimal conditions (such as running the core and the target systems exclusively under Windows Server 2008 R2 and being located within the same LAN segment). Actual performance can be significantly less depending on network topology and WMI health of the target systems - we have seen configurations that could not go beyond 500 sensors (and even less).
  • On Windows Vista/Windows 2008 R1 you can run about 300 WMI sensors with one minute interval.
  • The more Windows Vista/Windows 2008/Windows 7 client systems you have in your network, the more WMI monitoring performance will be affected.
  • System performance (CPU, memory etc.) of virtualization does not strongly affect WMI monitoring performance.

If you want to use WMI for network monitoring of more than 20 or 30 systems, please consider the following rules:

  • Do not use Windows Vista or Windows 2008 R1 as monitoring stations for WMI-based network monitoring.
  • If possible use Windows Server 2008 R2 for WMI based network monitoring (or Windows 7).
  • If you cannot run PRTG on Windows Server 2008 R2, consider setting up a remote probe for the WMI monitoring. (You still get far better WMI monitoring performance with a remote probe on a virtual machine running Windows Server 2008 R2 than on any bare metal system running Windows Vista/Windows 2008.)
  • Consider switching to SNMP-based monitoring for large networks. Using SNMP you can easily monitor 10 times as many nodes as with WMI (on the same hardware).
     

More

Knowledge Base: General introduction to WMI and PRTG

Knowledge Base: Which WQL queries are used by PRTG's WMI sensors?

Tool: Paessler WMI Tester. A useful freeware tool to test WMI connections. Tests the accessibility of WMI (Windows Management Instrumentation) counters in a quick and easy manner.

CEO's Blog: Don't Use Windows Vista And Windows 2008 R1 for Network Monitoring via WMI!

 

 

Keywords: WMI,WMI Technology