Spectre, Meltdown and VMware vSphere

Many people are under the incorrect belief that it is hardware-level firmware updates from companies like HPE and Dell that will protect our Virtual Machines from Speculative Execution Vulnerabilities. This is NOT TRUE. As far as your VMs are concerned, the VM BIOS and Hypervisor are the hardware!

Timekeeping on ESXi

Timekeeping on ESXi Hosts is a particularly important, yet often overlooked or misunderstood topic among vSphere Administrators. I recall a recent situation where I created an anti-affinity DRS rule (separate virtual machines) for a customer’s domain controllers. Although ESXi time was correctly configured, the firewall had been recently changed and no longer allowed NTP. As… Continue reading “Timekeeping on ESXi”

Using VMware Paravirtual devices

One of the most common oversights in vSphere deployments is a failure to use the Paravirtual drivers that VMware has provided us for networking and storage. On a physical platform, one chooses supported device(s) for networking and storage, and then installs the correct driver(s) to support those devices. For example; on a physical system, you… Continue reading “Using VMware Paravirtual devices”

Mission Critical Virtual Machines on VMware vSphere

Building Mission Critical VMs on VMware vSphere is pretty simple. There are just a few commonly acknowledged Best Practices with which to adhere, regardless of whether you are installing Windows or Linux: Use Paravirtualized drivers wherever possible Remove unnecessary hardware from the VM (settings) Disable unnecessary or unused devices in BIOS Assign no more resources… Continue reading “Mission Critical Virtual Machines on VMware vSphere”