Distilling down the hundreds of possible virtualisation tips and tricks to a mere 20 is a good trick in itself. Many of these techniques are generic in nature and can apply to any vendor’s virtualization; however, some are specific to VMware. In all cases, the tips and tricks emerged by experience with a variety of virtualization technologies.
Virtualization is about placing workloads into virtual machines, and perhaps the most often asked questions about virtualization have to do with performance of those virtual machines. Therefore, most of the tips given here relate to virtual machine performance enhancement and making the user’s experience richer and less problematic than traditional hardware-based, physical systems.
Other than performance, the remainder of the tips are associated with virtualization best practices for medium to large implementations. Although those with smaller environments will also benefit from these tips, many of the problems they solve arise as virtual machine numbers increase to 50 or more.
Use VMs for disposable systems
VMs are the perfect environment for creating honeypots, for malware test systems and for exploring the effects of virus payloads. VMs created from templates (see Keep Host Systems Patched) and then isolated for such systems are an excellent way to explore dangers on production systems without exposing the latter to the threat. Disable network interfaces when dealing with viruses or malware so that the threats remain on the VM and don’t affect other systems, virtual or physical. When using Windows VMs for this purpose, turn off System Restore so that any files altered or destroyed during testing won’t be kept when the system is powered on again.
Use VM templates
Virtual machine templates allow the virtualisation administrator to deploy new virtual machines quickly and consistently with a standard operating system image. Templates are converted VMs that include patches, updates and guest additions and are ready for deployment. A template is equivalent to a ‘gold’ image, from which most or all of your production, development and test systems are created. A template can be converted to a virtual machine to receive new patches and then converted back to a template.
Building VM hosts
Virtual host hardware must consist of multi-processor, 64-bit CPUs; adequate RAM for several VMs; ample disk space that allows for growth; and Gigabit network interfaces. Multiple network interfaces are needed to handle VM traffic and to provide an isolated backup interface. Most server-grade hardware meets these requirements. If older equipment is used for this purpose, verify that the systems meet the minimum requirements of 64‑bit, multi-processor and RAM that can expand above 8GB. 8GB is considered a bare minimum for a virtual host system.
Thick provisioning for virtual disks
When provisioning a new virtual machine (VM) or creating a new disk for a VM, use thick provisioning when performance is important or when disk contents change often. Thick provisioning refers to the static allocation of disk space to a virtual disk. So if you create a 30GB virtual disk, it consumes exactly 30GB of storage from your storage pool. The alternative to thick provisioning is thin provisioning, or dynamically expanding disks. When created, a thin-provisioned disk consumes a minimal amount of space and expands as required by data. The disk will grow to its predetermined size on demand. Thin provisioning saves disk space, but performance is the trade-off. The rule is that if your virtual disk needs optimal performance or will have data regularly written to it, opt for thick provisioning.
Separate disk image locations for heavy workloads
VMs experiencing performance problems should have their disk images separated to different storage locations. For example, a database system with problems that uses one virtual disk for the operating system, a second one for data storage and a third for logs has its disks on the same LUN. Move the OS virtual disk to a different LUN and move the logs virtual disk to a LUN that doesn’t contain either the OS or the data for that VM. Performance will increase for the VM, potentially mitigating the associated complaints.
Follow physical machine security rules
Virtual machines are no more or less secure than their physical counterparts. With that information in mind, patch, service-pack, update and protect VMs in an equivalent manner to that for physical systems. Anti-virus software, anti-spyware software and firewalls are all still needed in a virtual environment. Remove or disable unused services and only allow secure protocols into and out of systems. Where possible, use the secure version of all services. For example, use SSH, SCP, SFTP and HTTPS instead of the less secure Telnet, RCP, FTP and HTTP.
Large virtualisation implementations couldn’t thrive without SAN storage. SAN, or Storage Area Network, is how contemporary server systems use disk space. Large drive arrays connect to your systems via host bus adapters (HBAs), fibre cables and SAN switches. SAN systems provide fast disk access suitable for databases, logs and other write-intensive applications. SCSI disks are the better performers, with SATA drives running a distant second. Often used simultaneously, but for different needs, SCSI-based SAN and SATA-based SAN is preferred over local disk storage because of the dual-fibre channel setup, the various RAID possibilities and the lack of a single point of failure.