To test a security feature, first run a WCAT test with the feature, then run the same test without the feature. It is important to run the "with feature" and "without feature" versions of the test on varying workloads. WCAT includes prepared workloads ranging from 12 files to 1600 files (211MB). You can create additional tests of workloads with 2000 or more files.
WCAT has many options for collecting data on the tests:
You can use WCAT's log of performance data. The WCAT log can be used as input to spreadsheet and charting applications. The WCAT user guide explains how to interpret a WCAT log.
You can run Internet Information Server Logging in conjunction with WCAT to count logons and file accesses.
You can run Performance Monitor with WCAT. The WCAT run command includes a -p switch that activates Performance Monitor. You can select Performance Monitor counters by entering the names of counters in a script file. WCAT even includes a sample Performance Monitor counter file, Server.pfc.
WCAT enables you to view test results in several formats. You can view the test results in a spreadsheet or charting program, or in Performance Monitor. You can use the same method to analyze the data of a WCAT test as you use to analyze other Performance Monitor data on processors, memory, disks, network, and applications. You should repeat each test several times and average the results to eliminate unintended variations of the test conditions. Then, compare the results of the "with feature" and "without feature" tests.
Consistent differences in the results of the tests are likely to indicate the overhead associated with the security feature. You can use these results to plan configuration changes to handle the security overhead.
WCAT is the primary tool used for monitoring security overhead. Performance Monitor also includes a set of counters you can use to monitor one specific aspect of security: authenticating users.