VMware Virtual Machines: 5 Best Practices
1. VMware tools are outdated or not installed
The most common issue with a vSphere virtual machine is that the VMware Tools are either not installed or are out of date. The VMware Tools are a suite of utilities intended to enhance the performance of the virtual machine’s guest operating system and improve the ability to manage the virtual machine. With each new version of vSphere, VMware also updates VMware Tools and, with some version of vSphere, administrators must proactively update Tools in each virtual machine in order to experience the benefits of the new features provided by VMware. Installing or updating the VMware Tools is quickly accomplished through the vSphere Web Client. This installation or update may not even require a reboot of the virtual machine guest OS.
2. Virtual Machine memory limits
When a virtual machine is moved out of a resource pool that had a memory limit, the standalone virtual machine can, unknown to the administrator, maintain the memory limit to which it was subjected as a member of the resource pool. Additionally, some administrators configure memory limits thinking — erroneously — that memory limits should be configured to ensure that one virtual machine doesn’t monopolize the memory on a single host.
3. Virtual Machine logging limitations
One of the most common virtual machine issues is related to virtual machine logging. VMware vSphere offers a number of different log files that are stored in different places. Log
files are used to provide more detailed information. Usually that detailed information is used during the troubleshooting of a problem in the virtual infrastructure. One of those log file is
the virtual machine log file, vmware.log.
By default, the vmware.log file is only rotated when a virtual machine is restarted and six old logs are retained. Because many virtual machines are likely stored in the same datastore, a malicious attacker could try to find ways to flood log files in order to fill the datastore and thus bring down all virtual machines running inside that datastore. To prevent a virtual machine log file from being maliciously flooded (which can lead to denial of service) you should limit the number and size of the log files ESXi generates.
It’s also important to highlight two VDI ‘best practices’ to keep your VMware machines or any other virtual machines you have working smoothly.
4. Keep machines updated
Keep all machines in your environment up to date with security patches. One advantage is that you can use thin clients as terminals, which simplifies this task.
5. Protect all machines in your environment with antivirus software
Consider using platform-specific anti-malware software such as the Microsoft Enhanced Mitigation Experience Toolkit (EMET) for Windows machines. Some authorities recommend using the latest Microsoft-supported version of EMET within their regulated environments. Note that, according to Microsoft, EMET may not be compatible with some software, so it should be thoroughly tested with your applications before deployment in a production environment. XenApp and XenDesktop have been tested with EMET 5.5 in its default configuration. Currently, EMET is not recommended for use on a machine that has a Virtual Delivery Agent (VDA) installed.