Windows Server 2019: Leverage Anomaly Detection for System Disks

A really useful feature in Windows Server 2019 is the ability to detect performance anomalies on system disks.

To use the physical disk anomaly detection feature, you will need to install the Windows Admin Center. Anomaly detection is exposed through a Windows Admin Center feature called System Insights--a tool designed to help with capacity planning by using historical data to make predictions about future hardware resource consumption.

Before I explain how to use the anomaly detection feature, it’s important to point out that it works only on Windows Server 2019. In addition, the server you are analyzing and the machine on which the Windows Admin Center is running should be fully patched and up to date before starting this process.

To use the anomaly detection feature, log into the Windows Admin Center, then establish a connection to the server in which the disk you want to analyze is installed. Next, scroll to the bottom of the list of tools until you locate the System Insights tool, as shown in Figure 1.

Anomaly Detection 1

Figure 1

Locate System Insights within the list of tools.

Click on System Insights. (If this is the first time that you have used System Insights, you will need to install it.)

As you can see in Figure 2, System Insights provides various forecasting tools. There are forecasts available for CPU capacity, network capacity, storage consumption and volume consumption. 

Anomaly Detection 2

Figure 2

System Insights consists of several capacity forecasting models.

These forecasting tools can help you to project the point at which a server’s hardware resources will be depleted. If you want to try out any of these capacity forecasting models, click on them and then click on the Invoke option that is displayed on the next screen.

It is worth noting that System Insights makes projections based on the system’s resource consumption history. As such, forecasts won’t be available right away. It takes a while for Windows to accumulate enough historical data to be able to make an accurate forecast. Until then, System Insights will simply display a message like the one that is shown in Figure 3, telling you that it does not have enough data to be able to make a prediction.

Anomaly Detection 3

Figure 3

It takes a while for System Insights to accumulate enough data to be able to make a projection.

If you look back at Figure 2, you will notice that none of the forecasting models that are listed on this screen has anything to do with anomaly detection. The reason for this is that System Insights is designed to be extensible, and anomaly detection is enabled through an add-in.

You may have noticed in Figure 2 that the name of the column header that is displayed above the various forecasting models is Capability Name. In other words, each of the forecasting names is defined as a System Insights capability. There is an option in the System Insights menu bar that allows you to add or remove capabilities. Clicking on this option prompts Windows to display a list of all of the available capabilities. As you can see in Figure 4, this list of capabilities in my testing included two different options related to physical disk anomaly detection. 

Anomaly Detection 4

Figure 4

System Insights provides two options related to physical disk anomaly detection.

One of these options is related to storage IOPS and the other is related to storage latency. Remember, System Insights tracks your server’s hardware resource consumption over time. In doing so, System Insights is able to track changes in storage latency and storage IOPS, which are treated as anomalous activity. A significant change in IOPS, for example, might indicate an increased workload, or it might indicate that the storage subsystem is failing and that there are numerous retries being attempted.

Tracking physical disk performance anomalies won’t positively identify the underlying cause of a change in storage IOPS or storage latency. What it does do, however, is highlight performance changes that you may need to investigate further.