| Using EFS Encryption To Secure Your Virtual Domain Controllers |
| Tuesday, 07 March 2006 by Michel Roth | |||
|
So for added security, you can implement EFS on the host operating system as well as guest operating systems that are running Windows Server 2003 operating systems. The most efficient way to implement EFS on all of the guest operating systems is to implement it on the host operating system instead. This requires fewer system resources, and conveys the benefits to all resident guest operating systems. Andre Keartland of Inobits Consulting has researched EFS and VHDs and has posted his results: "Test results showed barely a 5% increase in host CPU utilization when running at peak load, by comparison to the same load where the VPC was unencrypted. Either way we couldn’t get the CPU load beyond 45-50% on average. There was no discernible increase in CPU load on the guest VPC when using EFS. Disk and memory utilization on the host increased negligibly after the VHD was encrypted. There was no noticeable degradation of host or guest performance/responsiveness after the VHD was encrypted." "Disk utilization on the host system was heavy, as can be expected with the load described. This was probably the biggest performance constraint on performance. Place virtual machines VHDs on separate disks from the host OS, apps and page-file; use virtual SCSI controllers for VHDs. After this make sure the server has adequate RAM. CPU capacity is probably the least important factor affecting Virtual Server performance. Having separate network adapters for your virtual machine traffic is also a good idea." "All in all, I think the performance impact was quite acceptable. Unless something comes up, e.g. Microsoft telling me this scenario is now officially unsupported, I plan to use EFS for all my DCs running on Virtual Server." Read more at the source.
Show/Hide comment form
|
|||
