Hello once again everyone!
Seems like I’ve been running into a lot of questions lately for issues that could have been easily avoided, but alas, if you don’t know about certain pitfalls you just don’t know.
With technology as complex as virtualization, there are always going to be some potential pitfalls, and it certainly is helpful to sidestep these pitfalls up front if you can. While the below is by no means a fully comprehensive list, I’ve listed 6 of the most common mistakes that Hyper-V administrators tend to run into during day-to-day operations.
6 Common Hyper-V Configuration Mistakes
- Unnecessary Software is Installed Inside of the Management OS: While you certainly are able to install software inside of the management operating system of the Hyper-V Host, there are only certain cases where you should do so. Software installed at the host level is mainly used only when you have need of something that is for support of the virtual environment (such as backup software). All other cases add complexity, increase patching needs, increase the attack surface, and may have licensing implications.
- Hyper-V Hosts are Left in the General Workstations OU in Active Directory: By default, when machines are added to a domain, they often get dropped inside of a “default OU”. This is likely fine for workstations, but it poses several major problems for Hyper-V hosts. The main problem being the prospect of GPOs for another set of end-points being applied to core virtualization infrastructure, which can create unpredictable issues for services running on those hosts.
- Security Best Practices Are Not Followed: It’s the new mindset in IT, that security is EVERYONE’s responsibility, and this applies to infrastructure engineers as well. Some of the default settings in Hyper-V are not the most secure, and many new Hyper-V administrators will adjust certain settings with ease-of-use in mind, without really comprehending the effects this change could have on the overall security of the solution. Needless to say, leaving core systems unsecured could pose MAJOR issues for you and your organization later on down the line, should a breach occur.
- NUMA is Configured Improperly: NUMA is often a misunderstood feature in Hyper-V. When used correctly it can provide numerous performance benefits, but if misconfigured, it will do the exact opposite. NUMA can cripple your performance if you don’t understand what you’re doing with it. So, it goes without saying that you should have a full understanding of NUMA, how it affects your systems, and how best to go about using it.
- Anti-Virus Exclusions and Best Practices are Not Followed: If you search for best practices around using AV with Hyper-V, you’ll find a plethora different responses and stances online. Some people feel that by running Windows Server in Core mode, and with careful control of access to the management OS, the host itself can be kept quite safe. While this works for some organizations, others may have industry or corporate regulations in place that equate to a hard requirement for having AV on all endpoints, virtualization hosts included. It is possible to run AV effectively on Hyper-V hosts, but there are a number of potential performance impacts in doing so. In certain extreme cases, AV has been known to bring down virtual machine services on Hyper-V hosts when configured improperly. So, it behooves you to makes sure that if you are indeed using anti-virus on your Hyper-V Hosts, that it be configured properly.
- Checkpoints are Used Improperly or are Being Used as Backups: Checkpoints in Hyper-V, like NUMA, is another often misunderstood (if not misused) feature in Hyper-V. If used improperly, there is a real risk of downtime or even data loss. Additionally, many organizations operate under the assumption that checkpoints are something of a backup, which couldn’t be further from the truth. Checkpoints do not replace backups. Not only is there no retention associated with checkpoints, you’re utilizing production storage as well in most cases. This is not to mention several other potential issues related to the misuse of checkpoints as well.
What you should be doing instead
Now that you know what not to do, you’re probably thinking about what you should be doing instead. You didn’t think I’d be telling you about several pitfalls when working with Hyper-V without providing you the needed information to avoid them, did you? Have no fear!
Enter the new Altaro eBook! It contains all the information you’ll need to avoid the pesky issues laid out above! Authors Dave and Cristal Kawula have done a fantastic job going into more detail about each of these common mistakes and explaining what you should be doing instead. Armed with the knowledge within, you’ll be putting yourself and your Hyper-V infrastructure on a much better footing and will pave the way for more successful day-to-day operations by avoiding some of the most common Hyper-V issues in the industry today.
As always if there are any follow-up questions or comments, be sure to use the comments section below this post and we’ll be sure to get back with you!
Note: a lot of time and effort goes into producing our eBooks free of charge to our audience. If you find the eBook useful please share with your social followings, colleagues or friends 🙂
I hope you enjoy the eBook!
Is Your Office 365 Data Secure?
Did you know Microsoft does not back up Office 365 data? Most people assume their emails, contacts and calendar events are saved somewhere but they're not. Secure your Office 365 data today using Altaro Office 365 Backup - the reliable and cost-effective mailbox backup, recovery and backup storage solution for companies and MSPs
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!