Hyper-V Performance and Security 101: A Comprehensive Guide for IT Pros

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so [Music] [Music] [Music] [Music] hello my name is lowell vanderpool and this channel is dedicated to i.t students it professionals and anyone who enjoys learning technical subjects in this presentation we're going to start with hyper-v and many of the advanced topics this lecture series covers basic performance enhancements for both the parent partition and child virtual machines i tend to lean heavily on source material so if i'm studying microsoft products i am really heavily using microsoft documentation i just finished a series on oracle box i leaned heavily on oracle's documentation in this case i did find a site called alteros.com there was a blog post by an engineer called eric ciron well worth reading some of his blog posts on hyper-v very well done very very nice for an admin that's using hyper-v every day we will also explore dynamic memory and look at how to properly configure it based on microsoft documentation we'll also look at smart paging and why that's very very important in dynamic memory every new version of server we're seeing azure's network stack being pushed into that version of server as you look at newer versions of windows server such as server 2022 it is packed with new network features new network configurations all which are being done via powershell now my past experience with nick teaming i was not impressed with nick teami but i know that microsoft has been putting a lot of time and effort into building a more robust version for nick teaming so i am putting it on my server now i'm running three network cards using nick teaming and i'll keep you posted on the results actually i'm eating my own dog food here at tech savvy productions i rebuilt my video editor from scratch which all of you know is just the joy of our life this time i took hyper-v concepts and applied it to what i do every day in video production in my parent partition i put my video editor only and it has the highest access to hardware hardware resources and i built my production desktop as a virtual machine although i am facing some interesting issues i am very pleasantly surprised at the efficient utilization of my server so far i'm very happy with a totally hyper-v environment using hyper-v to provide me a high-performing editing environment and a first-class production desktop hyper-v is enterprise-ready it has significantly matured over the last few years you are seeing it in the business server rooms and data centers just take a look at some of these features high availability clustering virtual pneuma software load balancing hyper-v network virtualization shielded vms encryption we can now add nics and memory while the server is running linux secure boot nested virtualization vm backup tpm 2.0 vbs security smb encryption and much much more if you listen carefully to these characteristics and features you realize this is simply azure coming down into hyper-v vms can now run 240 virtual processors and over 12 terabytes of memory there's not hardly a application that cannot be run in hyper-v azure stack hci which i've talked about a little bit depends on hyper-v keep in mind as we look back at architecture the root partition plays a major role in the efficiency and performance of all the virtual machines hyper-v makes sure that the root partition has enough memory to efficiently maintain and run the vms at the highest performance you cannot starve the root partition without impacting all the virtual machines on the server now hyper-v uses an algorithm for reserving memory for the parent partition and this table kind of shows you those approximate values that you would see in that algorithm here in this graphic i attempted to take one virtual machine and give it all the memory that my particular video editor has and you can see when i started it it just said no you can't do that hyper-v protects that root partition against you over assigning any virtual machine too much memory starving the root partition now hyper-v does not prevent you from improperly assigning memory to all the vms so that they don't run efficiently so you must understand appropriate memory assignment to all the virtual machines the only thing that hyper-v is going to do is protect you from starving the route trying to get the best out of your hyper-v virtual machines you want to make sure you use the microsoft assessment and planning toolkit it will help you size your environments properly ask your software vendor for their guidance on virtualization using hyper-v so they may have some specific recommendations for their application in a virtualized environment so make sure you do that on the server side make sure you stick with local compliant or certified hardware remember you can get 25 to 30 virtual machines per server depending on your hardware you can get three to four to five times that amount if you go containers that's why containers are so important today's environment keep in mind hyper-v and cpu cache hyper-v can take full advantage of your cpu cache so when you're purchasing cpus and you know you're going to be using hyper-v take a look at cache values they can impact the performance of hyper-v significantly if i have four virtual machines on one disk or one disk array and they're all actively using that storage each virtual machine can only yield about 25 percent of the bandwidth of that disk keep that in mind if you're in desktops or laptops make sure you're using nvme remember network performance is one of the least items on your bucket list to worry about if you have four virtual machines you'll probably never fill the bandwidth of a 10 gig network card that does not mean that certain applications are more demanding of network you do have to do your benchmarking of your virtual machines when you're thinking about power management remember for your parent partition or your root partition you want that hardware full blast no power management whatsoever on the parent partition on the child partitions your virtual machines that will depend on what you have running if you have windows 10 or windows 11 you can run a balanced power management that will be fine keep in mind what operating system you want in your root or parent partition for servers best is server core whatever version you want in there for desktops it's going to be windows 10 or windows 11. i would keep my windows 10 and 11 in my root partition highly optimize as little software as possible installed you can then always create a virtual machine and make that your desktop what you don't monitor you don't know microsoft has good documentation to help you monitor bottlenecks in your hardware subsystems the ones you want to pay attention to most is memory then cpu storage storage is just slow it's hard to get around that one and then network is the one you least have to worry about task manager is not an effective tool for monitoring hyper-v you're going to have to use perfmon there's a good set of counters that you can use to monitor almost every area of hyper-v once you have configured your hyper-v environment make sure you do a performance baseline then down the road when you begin to make changes you can always go back and compare it to your baseline in your child partitions your virtual machines make sure you're using microsoft drivers go into device manager and check all your major subsystems and make sure you're using the microsoft virtual driver when it comes to page files and the parent and child partitions parent partition is recommended to let the system manage page file in child partitions if you're running windows 11 windows 10 in a child partition you can pretty much disable your page file on servers you want to consult the application guidelines if you're setting up virtual machines leave your vms on the sign on screen do not use screen savers if you're running windows in your virtual machines make sure you look at your scheduled tasks and services there may be many scheduled tasks and services you can disable and turn off if you have a server operating system in a vm make sure you close server manager here's a great powershell commandlet that will allow you to pull up all your active schedule tasks keep in mind the purpose of dynamic memory is higher consolidation of virtual machines per server not all linux versions support dynamic memory so be careful not all applications support dynamic memory so make sure you check with your vendor especially on the server side i saw no issues on running windows 11 windows 10 any software i put on there never had an issue with dynamic memory but on the server side make sure you check it out with your vendor make sure after you configure your vms that you always take perfmon take those counters running against your hyper-v against your parent and the child to make sure you're getting the best performance out of your machines when we're setting up dynamic memory for virtual machines pay attention to the first value which is called ram that was previously known as startup ram that sets the tone for how the virtual machine will be treated during the runtime let's talk about these values found in the memory dialog box we've already talked about startup memory let's go to dynamic memory if you enable dynamic memory the first option is minimum ram here's where you want to choose a value do your performance baseline and you may want to go back and adjust this especially if you're not sure what the application inside needs to have the next value is maximum ram never leave it default always look at your virtual machines and give it a hard limit the virtual machine is bound by this maximum ram value memory buffer is how much memory is given to the vm versus the application inside and of course that would radically differ based on the application you're running so again i would do some performance monitoring and then maybe adjust your memory buffer memory weight is your last option it's a slider it distributes how much memory among the all the vms that you have running basically you can see these are very flexible so as you add more virtual machines or you change the applications inside you may want to run your baselines again your performance monitoring to see do any of these need to be changed or updated the key takeaway with dynamic memory is they use very effective algorithms for memory allocation now smart paging is a part of dynamic memory it's only used when a virtual machine is being restarted there's no available physical memory no memory can be reclaimed from other virtual machines running on the host then the virtual machine will move to smart paging to restart that virtual machine generally when you're really really pressed for allocation is when smart paging kicks in smart paging is not used when the virtual machine is just being started from an off state it has to be restarted if you're running hyper-v just on your desktop it's not as critical to monitor everything it's good for you to do that just to learn how to do it but if you're running servers with hyper-v you can't just walk away and say okay it's good you have to go back on a periodic basis and check your work using perfmon microsoft's documentation on setting up your counters for processor bottlenecks is excellent it's very easy and straightforward to do it allows you to look at your root processor utilization as well as the hypervisor their documentation on detecting memory bottlenecks is very good again the counters are easy to set up in my case because i'm running it on a desktop storage is an issue there's no way i'm going to make my storage any faster but on a server where i'm really trying to balance that storage bandwidth i want to make sure i'm monitoring my storage performance here i've set up under my data collector sets i've set up a number of user defined this one is hyper-v memory monitoring if i come over to my collector set and go to properties and i've set up the counters that i want to monitor and notice i'm monitoring on a 15 second basis my monitoring doesn't want to load down the system which impacts the overall performance so you have to be careful about your monitoring that you're not counter productive and actually impacting the system while you're trying to monitor it once my counters are set up under user defined i can simply manually start the monitoring using those counters and under reports it will create a report based on a date time stamp i can go back and review the results of those monitoring using those counter values now manually monitoring using performance monitor is fine on my desktop i don't have a sophisticated system but on a server i may want to set that up as a scheduled task so let's go to my hyper-v memory monitoring i'm going to stop the monitoring and i'm just going to go to properties and you can see under schedule i could go ahead and add this as a scheduled task so i could run it say during the early morning when users come in at eight o'clock to nine o'clock or i know it's heavily used in the afternoon and i want to look at the performance in the afternoon from after lunch to the end of day now i'm briefly going to talk about pneuma and what it is only because hyper-v supports it and you do need to understand some of the fundamentals the acronym numa stands for non-uniform memory access and it's a computer system architecture it has three versions it has uma and numa all of those are part of the server system architecture now let me be frank numa is complex in no way can i give you in a few minutes even justice to this topic it's all about trying to get performance out of our cpus and memory on our server side where we have these massive computational engines who are demanding incredible amounts of data in order to keep them busy and not data starved if numa is available on your server hyper-v should recognize it and it does allow you to enable pneuma if you're running loads like sql where you might need pneuma here's my hp server you see i've got two physical cpus and these are xeons and they have multi-cores i also have dim sockets that are assigned to each cpu i have 12 dem sockets that are assigned to this cpu i have 12 dimm sockets that are assigned to this cpu because of the computational power of each of these cpus it is a engineering designer's nightmare in order to keep data fed into these computational engines they're just incredible so pneuma basically allows the assignment of these dems to one cpu this is called local ram ram that is not assigned to the cpu can be accessed and it is called remote memory there are certain applications that run on servers that demand everything that you have on the server such as large sql databases and that's where numa comes in so this physical server with its associated ram is called a numa node and this one is called a pneuma node and basically they can run separately and get as much thorough put out of this server as possible but there are applications like sql where you really want all of the cpu or you've got a process that says i want to come over to the memory that's assigned to this cpu and borrow some of that memory for a process a large data set pneuma allows that kind of action without exception most data centers are multi-tenant and security is becoming a number one focus of data centers and of course hyper-v is there and hyper-v is playing a role in providing some layers of security we're going to look at shielded virtual machines now microsoft's approach to shielded vms is really complex they have guardian host services these are computers that are set to test everything that goes on on the guarded host so on the left left-hand side we have the guarded host with their virtual machines then we have this host guardian service running on these servers that is really monitoring what's going on on the host and the shielded vms this is really complex there's encryption going on there is encryption on the hard disks there's certificates applied there is encryption between the guarded host service and the guarded host so there's a lot going on here this is not a simple check a box and it all is fixed so just be aware if you look at shielded vms this is a pretty intense environment to set up but it does give you some layers of security customers today want this kind of security and they want the assurance that their host in the data center have not been tampered with now specifically when we talk about shielded virtual machines you have to have server 2016 19 or 20 22 you have to have uefi 2.3.1c which supports measured boot process i have to have tpm 2.0 iomu and the virtual machines have to be generation 2. just to understand this whole system of services and roles is complex there's a lot in microsoft's documentation in order to set this up as you look at this list of requirements it's interesting to note how complex it has to be in order to give that security and assurance to a customer security is not easy so what in the world is nested virtualization it's running a hyper-v operating system inside a hyper-v operating system now obviously there was a need for this especially it probably was driven from azure and it's come into hyper-v basically intel was out of the box ahead of amd on nested virtualization so if you had 2016 or windows 10 and your vm configuration version was 8 8.0 or higher it could do nested virtualization amd did catch up with their epic and ryzen processors they now with server 2022 and windows 11 you can now do nested virtualization with those operating systems by the way i did test this with oracle box which is a non-microsoft product and it worked great our next video will be on hyper-v networking it's a fascinating topic and because hyper-v plays such a big role in azure and in the use of data centers microsoft is pushing down tons of sophisticated networking functionality inside hyper-v switch most of it is done by powershell but things like data center bridging vlans which has been around forever received segment coalescing single root i o virtualization so that you can talk directly to the network card vmmqvmq remote direct memory access and switch embedded teaming and then acl rules and this is just the tip of the iceberg but we'll go into internal networks external networks and private networks be sure to catch our next video on hyper-v networking so [Music] [Music] [Music] [Music] you

Info

Channel: TechsavvyProductions

Views: 6,384

Rating: undefined out of 5

Keywords:

Id: nu8dfQFuGzs

Channel Id: undefined

Length: 22min 6sec (1326 seconds)

Published: Tue Oct 26 2021