Screensavers,
managing from the console, real-time security scans and certain Windows Server
power options can all undermine virtual machine performance. Here's how to
avoid VM performance killers.
Ah, how I love the
easy ones. In many cases, the easiest mistakes cause some of the biggest
performance problems in virtualization environments. In my consulting, I've
seen a few major errors that are worth sharing. Some of these may seem obvious,
but consider checking your settings. You may be surprised at what you find.
Easy Mistake 1:
Virtual machine screensavers
Screensavers are an
absolute requirement for desktops in the hallways of our brick-and-mortar
offices. They ensure that a user who walks away from his computer returns to
one that has been secured against prying eyes. Screensavers can also provide
protection in data centers. If screensavers on servers activate and lock the
console after a few minutes of inactivity, they can protect that environment
from an intruder who gains physical access.
But screensavers are
a quiet consumer of processor resources. No matter how insignificant that screensaver
seems, the processor power required to draw the pipes crawling across the
screen or to scroll your favorite company slogan consume a percentage points of
overall processor power. While that might not seem like much, consolidated
virtual environments might have 10 or 15 virtual machines (VMs) running on a
single virtual host. These percentage points add up when they are multiplied by
the number of VMs. Even worse, if your environment uses hosted desktops through
a virtual desktop implementation, this practice likely costs even more.
So turn them off.
Remember that many environments enforce screensavers through group policies,
which may mean an exclusion from existing group and corporate security
policies.
Easy Mistake 2:
Managing from the console
This second mistake
is one of my favorites, because it is common among IT administrators
everywhere. Do you manage your infrastructure components by remoting and
logging into their individual servers? Do you run the Exchange Management
Console from your Exchange server? Do you check domain name server (DNS) settings
from the server's console? Do you manage Active Directory by remoting your
domain controllers?
If you are, stop.
As with screensavers,
this practice is a big no-no in virtualized environments because of the level
of resources required to create and maintain an instance of the Explorer shell.
Just logging into a virtual machine is hard on that VM's processor utilization.
The process of creating a shell for the console can spike processor utilization
during the login and logout process. Actually using any of the consoles on that
server further consumes valuable resources. Logging in and accomplishing
activity on your VMs' desktops increases the amount of memory they consume.
Microsoft provides
the Remote Systems Administration Toolkit, PowerShell and VBScript, as well as
many other tools for efficient virtual machine management. All these
lightweight tools require much less VM capacity than a traditional login. So
use them, and avoid wasting processing power and memory like an amateur.
Easy Mistake 3:
Antivirus and anti-malware scanning of VM disk files
Your corporate
security policy might not allow for the exclusion of Virtual Hard Disk or
Virtual Machine Disk Format (VMDK) files from antivirus and anti-malware scans.
But be aware that the real-time scans of such products can substantially reduce
the overall performance of these files -- and, thus, their virtual machines.
Since a VM's processing is highly dependent on its disk subsystem, any extra
activities that slowdown that process slow it down as well.
That's not to say
that VM disk files shouldn't be subject to security scanning. Scheduled scans
of such files can ensure that they don't get infected, without the processing
overhead of real-time scans. Also, some of today's more advanced scanning
products are beginning to incorporate virtualization awareness to reduce their
overall impact. If your security policy will allow it -- or if you can bribe
your security officer to look the other way -- definitely consider excluding
these files from your real-time scans.
Easy Mistake 4:
Windows Server's power options
At conferences around
the country, I've encountered the final mistake repeatedly. The default power
option of Windows Server 2008 upon installation is set to "Balanced."
Of the three options available -- Balanced, Power Saver and High-Performance --
this is the second of the three in terms of overall system performance. You
might save a few dollars on energy, but at the cost of wasting some of the
server's processing power. Resetting the radio button to the high-performance
option has a noticeable effect on how well VMs will perform.
Group policy is
probably the easiest way to do so. If you create a new policy and navigate to
"Computer Configuration > Policies > Administrative Templates >
System > Power Management," look for the policy called "Select an
Active Power Plan." Configuring this policy across your server
infrastructure ensures that you always run with highest performance.
If you've got an easy
mistake that I've missed, I've love to hear about it. Drop by e-mail @ Ismail_syscon@yahoo.com and tell me
about your own fixes for easy virtualization mistakes!
No comments:
Post a Comment