Best practices for your AlgoSec VMware Deployment

The following topic explains best practices when using an AlgoSec VM.

We’ve developed the following best practice recommendations for your AlgoSec VMware Deployment. This list is evolving so be sure to check back often.

The following tips relate to each VM in your distributed environment:

General Tips

  • Use thick provisioning for the storage allocated.

  • Provide console access to the VMs for troubleshooting purposes.

  • Provide access to performance metrics related to CPU/Network/SWAP/Co-Stop/Memory.

  • Provide access to events and notifications in ESX.

  • Ideally, you should be able to tell the ESX version and know when it is updated.

  • Shutdown the VM only by selecting Shutdown guest OS (not by Power Off).

Using snapshots

Snapshots can take up a lot of disk space and effect disk speed, so it's important to manage the snapshots on your system to avoid impact to performance.

  • Do not keep snapshots more than 7 days.

  • Do not use more than 3 snapshots at any given time.

  • Limit nested hierarchies of snapshots to one level only.

  • Take snapshots while machine is idle. Do not take snapshots during business hours or during nightly analysis.

  • Always take a snapshot before upgrading or applying hot fixes.

Maintenance

  • Ensure that VMware tools are kept up-to-date.

  • Consolidate disks when required.

Network

Disk performance

  • We recommend disk write speed of at least 300MB/s; system performance will improve as the speed increases.

Dedicated resources

Most ASMS workloads are event and schedule driven, which make intensive tasks hard to predict. Because of this:

  • Recommended: At least half the VM's memory resources should be dedicated.

  • Recommended: At least half the total VM CPU resources should be dedicated.

CPU

  • Recommended: Disable hyper-threading.

vMotion

Warning!

Due to third-party component constraints, DO NOT activate vMotion on ASMS appliances including Storage DRS automation level, VMDK, and related elements. Using vMotion on an active Algosec system can lead to data loss and potential system corruption. Any issues such as data corruption or anomalies caused by vMotion could result in erratic system behavior, with the responsibility resting on the system owner. Algosec Technical Support and R&D will not support recovery for systems affected by vMotion.

Optimal Performance on Older Machines

When upgrading to A33.00 (which runs on Rocky 8), some older ASMS VMs may experience performance degradation due to compatibility issues with the new Rocky 8 kernel. This occurs because the older VM compatibility level isn't fully optimized for the updated kernel, leading to under-utilization of CPU resources. Tasks like device analysis may show reduced performance, as detected through benchmarks such as 7zip.

This issue primarily affects older VMs deployed with outdated compatibility settings. New VMs deployed after the upgrade should not be impacted, as they will default to the latest ESXi compatibility settings. However, for customers upgrading existing ASMS VMs to A33.00, it is crucial to address these compatibility settings in advance to avoid performance degradation.

To ensure your VMs are running efficiently and fully utilizing CPU resources after upgrading, follow these steps:

Do the following:

  1. Configure VM Compatibility: Set the VM compatibility level to ESXi 7.0 U2 and later.

  2. Adjust Guest OS Version: In the Edit Settings tab under VM options, set the Guest OS version to CentOS 8 (64-bit).