Book Image

Hyper-V Security

By : Eric Siron, Andrew Syrewicze
Book Image

Hyper-V Security

By: Eric Siron, Andrew Syrewicze

Overview of this book

Table of Contents (15 chapters)
Hyper-V Security
About the Authors
About the Reviewers

Limiting exposure with resource limitations

As explained earlier in this chapter, the purpose of a denial-of-service attack is to force a system to devote so many resources to dealing with an attack that it has little or nothing left over for legitimate purposes. Like most hypervisors, Hyper-V does a good job of maintaining resource balance so that such attacks are rarely more than a nuisance. There are a number of steps you can take to preemptively constrain the impact of such attacks.

Virtual processor limits

The best way to limit processor use is to apply the minimum necessary virtual CPUs to each virtual machine. Any more could allow a compromised virtual machine to unnecessarily leech processor power from the other guests. If you're not certain what the minimum is, a good place to start is with two. This is enough to allow an application to dominate CPU cycles while still providing a responsive guest operating system. Application vendors will often provide you with a desired minimum....