Windows 7 is often initiated for its performance like XP and unlike Vista. Too often the actual performance is measured by hand. By stopwatch! Please stop doing this and start reading this inventive blog post.

Microsoft provides a free tool to measure the performance automatically. An improved toolkit is coming with Windows 8. For now we can perfectly live with the current toolkit. Let’s get started.  

In this post I will explain how easy it can be to measure the performance of any Windows 7 or Windows Server 2008 R2 system. I will also provide some practical advice how to create a report that adds value.

Note: Because of the Prefetch feature of Windows 7 it is highly recommended to prepare your test machine (referred to as ‘prepsystem’).

Start measuring

Your system needs to have installed: 

• Windows Vista or higher (Windows XP does work but shows fewer results). Server system 2008 or higher.
• .NET framework 4
• Local admin priveliges

Now start with installing the magic tooling:

• Download the WPA toolkit
• Install ‘xbootmgr’ and ‘xperf’ (x86 or x64)
• Create a temporary folder (c:\temp)
• Open a CMD with admin priveliges

Copy and past the following line in the CMD window:

xbootmgr -trace boot -traceFlags DiagEasy -resultPath C:\TEMP -numruns 10 rebootCycle –prepSystem

This will happen:

• Perform a trace for the time the pc boots (-trace boot)
• Specificy the info details measured (-traceflags –diageasy)
• Copy the results to ‘c:\temp’ (the .elt files)
• Do this 10 times (reboot will go automatic, login by hand unless you specify / a number of 10 is a best practice average)
• (option) Prepare yout test system 6x (2 times 3 with a break) 

Create results

Create a XML summary file:

• For every .ETL file run this command:

xperf /tti -i c:\temp\YourFile.etl -o summary_boot.xml -a boot

Write down the values for 1) bootDoneViaExplorer, 2) bootDoneViaPostBoot and 3)

1. PreSMSS
2. SMSSInit
3. WinlogonInit
4. ExplorerInit
5. PostExplorerPeriod
6. TraceTail

All values in milliseconds, so x100 for seconds.

Time to logon

Now what is the measured value for the logon time? This is the sum of the values : WinLogonInit, ExplorerInit and PostExplorerPeriod. The value of bootDoneViaExplorer indicates the total startup time.

However, the value of WinloginInit start counting on the moment that the login screen is shown. Meaning that typing userID and password is measured too as part of logon. This is why autologon is preferrred. On a domain joined machine this can be automated too (just Google)

Summary

• Install the WPA toolkit on your Windows 7 test machine
• Run a performance test and create a report
• Give me some results!

This post is inspired on the following websites:

http://www.msfn.org/board/topic/140247-trace-windows-7-bootshutdownhibernatestandbyresume-issues (generic guide)

http://msdn.microsoft.com/en-us/library/windows/desktop/ff191001(v=vs.85).aspx (xbootmgr)

http://www.computerperformance.co.uk/windows7/windows7_auto_logon.htm (autologon)

This time, I did not have endless time to troubleshoot. So I decided to make a quick escape through an internet service. I found TeamViewer 5 to be an easy to use replacable. For home use it’s free. It uses two simple codes to identify the session. For now, I stick with this. Because there is nothing more frustrating for a helpdesk like me than not seeing what happens on the other side, I guess…

For example Cisco has announced the “connected real estate” some while ago. Your IT infrastructure roadmap should contain at least one or two chapters on this topic.

If you cannot imagine what I mean with the automation of facilities, here are some examples:

• Tourniquets with card readers with presence integration (lights go out when you are the last person to leave the building)
• Narrowcasting screens with RSS tickers from a SharePoint team site
• Wireless access points with little connectivity, because of constant room refurbishment
• Joined service desk tooling IT and facilities
• Placement of power and network (instead we always stumble over cable on the floor)
• Payment terminals in your canteen
• Remote physical security services
• etcetera, etcetera…

So the demand of ip adresses is certainly growing strong. As is your knowledge of something else than Windows

– Paul Slijkhuis

First the Azure platform. Like Windows SharePoint Services (SharePoint Portal is build on top of it) Azure delivers a platform for applications that will become geographic independent. By this I mean that we will see many more applications that do not require a specific location to run. Geo independency is a major advantage with cloud computing. You can now create multiple instances of your application anywhere in the world! Or if you are more of a green fellow, wherever the coolest datacenter is.

Next federation. Microsoft is aiming to become a federation trusted party. It is like the TTP in certificate world. The federation platform v2 has codename Geneva. When this product evolve we will see websites where you automatically will become recognized. Just because your system admin and the web application developer were able to combine efforts. The result is stunning. As a consumer you get a personal experience, without noticing you have logged on through the federation trust *).

*) Technical note: a federation trust is one of the the basics of cloud computing. It is not a Active Directory trust. It is more like exchanging public certificates.

The very first application that will become available in the could (it actually already is) is EMAIL ! You didn’t see this coming, right? Then you are probably an Exchange administrator. Your work will shift towards provisioning. Cloud providers can deliver the exact same email experience at virtually no costs. Beat that. You cannot. Migration is easy and so is reversing the migration *).

*) Technical note: email is using a mature protocol. RPC over HTTPS is reliable, secure and open. It is geo independent. Your Outlook will not notice the difference. And your mailbox size will become 5 GB +.

Finally provisioning using ILM v2. The new policy engine is very powerful yet complex. My personal experience is that provisioning is not a technical challenge, We solve input issues with technical tricks, that’s for sure. So actually the problem is at the input processes. This maybe your register desks and user admins. Provisiong is a crucial activity.The true challenge is getting the technical and the business specialist to allign. Cloud computing will otherwise never be a successful hype.

Question: when do you plan to migrate to Microsoft Live Mail , Google Apps Mail of like?

- Paul

- Paul

No, really. Security is very important in the DMZ. The DMZ is typically the area of interest for washing application functionality and washing data transfer. Most of us already do this for email and internet traffic. And of course the firewall is delivering our basic security needs. But there are still many holes!

First hole: SSL websites.
Very few proxy servers are able to ”wash” SSL secure websites. And HTTPS is moving up. I suspect it will not take long for bad websites to abuse this hole too. I came by a solution called Clearswift Cleartunnel that extends the common ISA server with a SSL proxy. Hopefully Microsoft will put this feature into there ForeFront ISA 2008 version by default.

Second hole: XML messages
Open standards are promoted. XML is the major spin-off. So we protect HTTP and a lot of web protocols too, but XML is allowed blindly. What are we doing?!?! XML meta information is very, very useful for hacking purposes. We should mask our internal resources more carefully. Read this hacking example. So watch out for Web services applications that exists in the DMZ zone. These are commonly the applications that talk the XML protocol. As a solution I propose to accept only appliations that are designed by the WS-Security protocol principles. Otherwise look out for a XML firewall solution. Examples are: ForumSystems Xwall (also available as an ISA add-on), Cisco ACE XML Gateway, Vordel and Layer7.

Third hole: encrypted email messages
Email is the equivalent for SPAM (90-95% true). No wonder that email encryption is increasing popularity. Again, scanning there email messages is not an out of the box activity. Ideally you already have a mail security gateway supporting the common standards PGP (OpenPGP too), S/MIME and webmail. Some secure email gateways even support PDF mail. If you wish to be as flexible as possible you should support all common encryption technologies, I think. Multi functional solutions to consider are Exedra IQ suite, PGP Universal Gateway or the Utimaco Safeguard Mailgateway.

Fourth hole: FTP
Ancient technology. That is what FTP is. The HTTP protocol is much better to scale, load balance and secure. So my advice is to move to HTTP as fast as you can. Windows SharePoint Services is free to use on a Windows Server. So why not use it? 

Want more answers? Do you know of more holes to explore? Please post a reaction.

- Paul

I also noticed Microsoft Spider on the ForeFront ground. New? Yes, very! An agent-less compliancy tool that delivers true compliancy reports. SCOM auditing services does not deliver truly useful compliancy reports. You can even create your own company template in regards to industry of company specific rules. It is developed by Microsoft IT. No dates given yet.

Back to the living room. So everything is wireless distributed, stored and personally designed. But where does Windows Home Server fit in here? I couldn’t discover it anywhere. This is a missed opportunity, I think. So I have to believe it will not be adapted at large, at least not in Europe. Vista, Media Center and XBOX 360′s where commonly integrated by other vendors. Microsoft should make Windows Home server the director platform of home automation. Microsoft: Please plug Windows Home Server on my continent too.   

Please?

 - Paul

- Paul

Screenshot seen at bink.nu

Download: Vista Boot Logo Generator

• TOR
• hamachi.cc

Also, you may want to extend your ISA proxy server to extend with SSL offload / content scanning to secure your browsing community.  The best add-in I know off is the SSL proxy web filter from Collective software. You need work with certificates, so have a PKI in place. So far I haven’t heard of SSL websites with malicious content, but that will be a matter of time…

- Paul