Best practices for your AlgoSec VMware Deployment

The following topic explains best practices when using an AlgoSec VM.

We’ve developed the following best practice recommendations for your AlgoSec VMware Deployment. This list is evolving so be sure to check back often.

The following tips relate to each VM in your distributed environment:

General Tips

  • Use thick provisioning for the storage allocated.

  • Provide console access to the VMs for troubleshooting purposes.

  • Provide access to performance metrics related to CPU/Network/SWAP/Co-Stop/Memory.

  • Provide access to events and notifications in ESX.

  • Ideally, you should be able to tell the ESX version and know when it is updated.

  • Shutdown the VM only by selecting Shutdown guest OS (not by Power Off).

Back to top

Using snapshots

Snapshots can take up a lot of disk space and effect disk speed, so it's important to manage the snapshots on your system to avoid impact to performance.

  • Do not keep snapshots more than 7 days.

  • Do not use more than 3 snapshots at any given time.

  • Limit nested hierarchies of snapshots to one level only.

  • Take snapshots while machine is idle. Do not take snapshots during business hours or during nightly analysis.

  • Always take a snapshot before upgrading or applying hot fixes.

Back to top

Maintenance

  • Ensure that VMware tools are kept up-to-date.

  • Consolidate disks when required.

Back to top

Network

Back to top

Disk performance

  • We recommend disk write speed of at least 300MB/s; system performance will improve as the speed increases.

Back to top

Dedicated resources

Most ASMS workloads are event and schedule driven, which make intensive tasks hard to predict. Because of this:

  • Recommended: At least half the VM's memory resources should be dedicated.

  • Recommended: At least half the total VM CPU resources should be dedicated.

Back to top

CPU

  • Recommended: Do not enable hyperthreading.

Back to top

vMotion

Do not enable vMotion on ASMS appliances (due to third party component limitations. This includes Storage DRS automation Level and VMDK, etc.)

Back to top