Microsoft SQL Server was the single most virtualized business critical app in the world then, and it is still the case today. Our book is still as relevant today as it was when we published it and the recommendations we documented still hold true.
In spite of it being the most popular critical app to virtualize there are still a lot of cases where some simple best practices are not followed. Best practices that could greatly improve performance. Not all of the best practices apply to all database types at all times, so some care is required. So this article will focus on the top 5 things you can do to improve performance for many different types of databases and give some examples from performance testing that my team and I have done.
Max memory should be changed from the default of 2PB to a value that allows the OS some breathing room. This guarantees the service levels to the SQL Database, ensures that at least from a memory standpoint it will get the best performance possible, and it will mean the hypervisor page file will not take up any valuable storage.
This also reduces the work the OS needs to do with regard to memory management. Huge pages on x86 are 2MB in size, vs the standard 4KB page size that is used by default. Using this setting also prevents ballooning from impacting the SQL Server Instance and is another reason to reserve the memory. I recommend that you allocate a pagefile big enough for a small kernel dump at minimum, and up to 16GB to 32GB as maximum.
The less variation required the better. These settings will ensure the best possible service level and performance for your database at least in memory. This applies especially to high performance databases. If you have many smaller and less high performance databases you can simply split the database data files across more drives or mount points if you determine a single drive does not provide sufficient performance.
For TempDB the recommendation is 1 datafile per vCPU up to 8 initially and then grow 4 at a time from there as needed. Each virtual drive and each virtual controller has a queue depth limit, so splitting the datafiles across controllers also helps to eliminate bottlenecks.
You can also tune each controller queue depth by changing registry settings, but be aware of the potential impact on your back end storage. The image below shows one such design that may be appropriate for splitting data files.
This example uses mount points, but you could also use drive letters. So for a two socket platform this would be a size that fits within a single socket or is easily divisible by the number of cores in a single socket. You can modify increase the ratio as you monitor actual system performance. You need to design for peak workloads demands and then the averages will take care of themselves.Forums New posts Search forums. What's new New posts Latest activity.
Members Current visitors New profile posts Search profile posts. Log in. Search Everywhere Threads This forum This thread. Search titles only. Search Advanced search…. Everywhere Threads This forum This thread. Search Advanced…. New posts. Search forums.
Although best practice violations, even crucial ones, are not necessarily problematic, they indicate server configurations that can result in poor performance, poor reliability, unexpected conflicts, increased security risks, or other potential problems. BPA can help administrators reduce best practice violations by scanning roles that are installed on managed servers that are running Windows Server or Windows Server R2, and reporting best practice violations to the administrator.
You can also instruct BPA to exclude or ignore scan results that you do not want to see. Performing Best Practices Analyzer scans on roles. BPA works by measuring a role's compliance with best practice rules in eight different categories of effectiveness, trustworthiness, and reliability. Results of measurements can be any of the three severity levels described in the following table. The following table describes the best practice rules categories against which roles are measured during a Best Practices Analyzer scan.
In Windows Server R2 and Windows Serversome roles prompt you to specify additional parameters, such as the names of specific servers or shares that are running parts of the role, or the IDs of submodels, before starting a BPA scan.
Scanning roles by using Windows PowerShell cmdlets. Running BPA scans from a role or group page scans all roles that are installed on servers in that group. Depending on the number of rules that are evaluated for the role or group you selected, the BPA scan can require a few minutes to finish.
The procedures in this section do not show all BPA cmdlets and parameters. To run Windows PowerShell as an administrator from the start screen, right-click the Windows PowerShell tile in the Apps results, and then on the app bar, click Run as administrator.
To run Windows PowerShell as an administrator from the desktop, right-click the Windows PowerShell shortcut in the taskbar, and then click Run as Administrator. There is no need to import or load the BPA cmdlet module. Enter one of the following commands to start the BPA scan for a specific role.
For multiple roles, separate model IDs with commas. You can also start a scan on a specific role from the results of step 3 by piping the results of the Get-BPAmodel cmdlet into the Invoke-BPAmodel cmdlet as shown in the following example. Running this cmdlet without specifying a model ID pipes all models that are returned by the Get-BPAmodel cmdlet into the Invoke-BPAmodel cmdlet, starting scans on all models that are available on servers that have been added to the Server Manager server pool.
Open a Windows PowerShell session with elevated user rights, if one is not already open. See the preceding procedure for instructions. When the scan is complete, Windows PowerShell returns results similar to the following, for each role that was scanned. When you select a result in the tile, a preview pane in the tile displays result properties, including an indication of whether the role is compliant with the associated best practice.
If a result is not compliant, and you want to know how to resolve the problems described in the result properties, hyperlinks in error and warning result properties open detailed resolution help topics on the Windows Server TechCenter. BPA scan results are not automatically saved or archived. Running a new scan on a model or submodel overwrites the results of the last scan.
Results can be included again at any time. When you exclude results, they are also excluded from view on managed servers. Other administrators cannot see excluded results on managed servers. To exclude results from view in a local Server Manager console only, create a custom query instead of using the Exclude Result command.
The Exclude setting is persistent; results that you exclude remain excluded in future scans of the same model on the same computer, unless they are included again. As in the Best Practices Analyzer tile in Server Manager, you can exclude individual result objects, or you can also exclude a set of results whose fields category, title, and severity, for example are equal to or contain specified values.
For example, you can exclude all Performance results from a set of scan results for a model.
In the Best Practices Analyzer tile for the role or server group, right-click a result in the list, and then click Exclude Result. To view excluded results in the GUI, run the built-in Excluded results query. Click Saved Search Queriesand then click Excluded results.Event logging for NPS. You can use event logging to record NPS events in the system and security event logs.
This is used primarily for auditing and troubleshooting connection attempts. Logging user authentication and accounting requests. You can log user authentication and accounting requests to log files in text format or database format, or you can log to a stored procedure in a SQL Server database. Request logging is used primarily for connection analysis and billing purposes, and is also useful as a security investigation tool, providing you with a method of tracking down the activity of an attacker.
Turn on logging initially for both authentication and accounting records. Modify these selections after you have determined what is appropriate for your environment. Ensure that event logging is configured with a capacity that is sufficient to maintain your logs. Back up all log files on a regular basis because they cannot be recreated when they are damaged or deleted.
Although the automatically generated Class attribute is unique for each request, duplicate records might exist in cases where the reply to the access server is lost and the request is resent. You might need to delete duplicate requests from your logs to accurately track usage.
This setting configures NPS to automatically reject these false connection requests without processing them. In addition, NPS does not record transactions involving the fictional user name in any log files, which makes the event log easier to interpret.
To optimize NPS authentication and authorization response times and minimize network traffic, install NPS on a domain controller. To minimize the time it takes to do this, install NPS on either a global catalog server or a server that is on the same subnet as the global catalog server. This creates unnecessary network traffic. To eliminate this traffic, disable NAS notification forwarding for individual servers in each remote RADIUS server group by clearing the Forward network start and stop notifications to this server check box.
If you are using network policies to restrict access for all but certain groups, create a universal group for all of the users for whom you want to allow access, and then create a network policy that grants access for this universal group. Do not put all of your users directly into the universal group, especially if you have a large number of them on your network.
Instead, create separate groups that are members of the universal group, and add users to those groups. Use a user principal name to refer to users whenever possible. A user can have the same user principal name regardless of domain membership. This practice provides scalability that might be required in organizations with a large number of domains.
If you installed Network Policy Server NPS on a computer other than a domain controller and the NPS is receiving a large number of authentication requests per second, you can improve NPS performance by increasing the number of concurrent authentications allowed between the NPS and the domain controller. When you are administering a NPS remotely, do not send sensitive or confidential data for example, shared secrets or passwords over the network in plaintext.
There are two recommended methods for remote administration of NPSs:.
Windows 2016 guest best practices
When you use Remote Desktop Services, data is not sent between client and server. The client sends keyboard and mouse input, which is processed locally by the server that has Remote Desktop Services enabled. When Remote Desktop Services users log on, they can view only their individual client sessions, which are managed by the server and are independent of each other.
In addition, Remote Desktop Connection provides bit encryption between client and server. Use Internet Protocol security IPsec to encrypt confidential data. To administer the server remotely, you can install the Remote Server Administration Tools for Windows 10 on the client computer.
You may also leave feedback directly on GitHub. Skip to main content. Exit focus mode. The following sections provide best practices for different aspects of your NPS deployment.
Accounting Following are the best practices for NPS logging. To make the most effective use of NPS logging: Turn on logging initially for both authentication and accounting records.Forums New posts Search forums. What's new New posts Latest activity. Members Current visitors New profile posts Search profile posts. Log in. Search Everywhere Threads This forum This thread. Search titles only.
Staff member. Aug 29, 14, We just created a short tutorial for installing a current windows. We used windowsbut its also the same for Windows We used the VirtIO drivers from the Fedora project. Stefan Pettersson Member. Feb 7, 34 0 6 Stockholm, Sweden, Sweden. When installing the Balloon service I get "Failed. Error The service process could not connect to the service controller" Any ideas?
Stefan Pettersson said:. Yes, i'm installing via CMD, starting it as Administrator. Also changed "Installed operation System" from w2k12 to w2k16 RAM is set to static and I have ticked the litl box beloww "balloon".
Last edited: Dec 29, Aug 9, 44 3 8. I do it a bit differently, i use just one virtual cd drive and switch the images for installing the drivers. After you are done installing drivers, you load the windows image again and press refresh on the partition list or you get some error about windows cant be installed On driver step, you can repeat installing all the drivers you need, like scsi, vioserial agentballoon, netkvm, and if you configured it, spice graphics drivers, i think it easier to do all needed drivers in the installation step.
Reactions: Deleted member Forums New posts Search forums. What's new New posts Latest activity. Members Current visitors New profile posts Search profile posts.
Windows 2016 guest best practices
Log in. Search Everywhere Threads This forum This thread. Search titles only. Search Advanced search…. Everywhere Threads This forum This thread.
But "of course" the end user graphic performance is not so great, so I would like to know whether there are ways to improve it. If useful we could install a graphic card into this node and passthrough it to the VM. Or should we try improving graphic hardware on the client side? Thanks a lot for sharing your experience! Greets Stephan. Oct 13, 28 33 Hard to speak generally. If you have bad bandwidth your problem might be the connection itself.
First of all the question is: how many users are connecting? Next: What is their workload profile? Then: how large is the server?
What is the hardware beneath. Hi tburger, thanks a lot for your fast reply! Thats a good practice.A working ProxMoxVE install v1. Must be bit machine, though will work on bit machine with custom install discussed elsewhere. Choose the Download tab on the right hand pane of the Appliance Templates page. Please note that the said apl-available file will be overwritten each day and each re-boot as Headquarters controls the default display of downloadable templates.
On completing the template download, the Local tab in the Appliance Templates pane, will see that the SimpleInvoices Template is listed as available for deployment. Selecting the Virtual Machines menu link on the left menu and choosing the Create tab on the right pane, we now select the SimpleInvoices Template.
We have assumed After filling in the details, we click the create link at the bottom and we're done. On starting the SI Virtual Machine, we see the following options clicking on the VM row will yield other useful info like startup logs and other menu choices :. By choosing the Console in the screenshot above, we get a SSH terminal where we can issue Linux console commands. The default admin folder is set to adminT99 - you can alter it to what you want from the console GUI thus:. If such tweaking is done for the define.
The config. The initial password for the said user is in the config. Note the use of the root user and password entered when creating the SI VM. The same as must be used in the FTP program above. Also note the use of another port for SSH tunnelling purposes only.