Limiting exposure with resource limitations
As explained earlier in this chapter, the purpose of a denial-of-service attack is to force a system to devote so many resources to dealing with an attack that it has little or nothing left over for legitimate purposes. Like most hypervisors, Hyper-V does a good job of maintaining resource balance so that such attacks are rarely more than a nuisance. There are a number of steps you can take to preemptively constrain the impact of such attacks.
Virtual processor limits
The best way to limit processor use is to apply the minimum necessary virtual CPUs to each virtual machine. Any more could allow a compromised virtual machine to unnecessarily leech processor power from the other guests. If you're not certain what the minimum is, a good place to start is with two. This is enough to allow an application to dominate CPU cycles while still providing a responsive guest operating system. Application vendors will often provide you with a desired minimum....