Over-committing memory is a common practice in VMware environments, and is describing a situation in which the total memory utilized by VMs running on a vSphere host exceeds the physical memory on that host to enable customers to achieve higher VM density for better efficiencies. Memory over-commitment enables higher consolidation ratio – a measure of how many VMs that can be placed on a physical machine in an optimal way without compromising overall performance. A higher consolidation ratio results in lowers cost per virtual machine, a metric IT administrators are very interested in.
VMware uses several memory management technologies, including “Transparent Page Sharing (TPS)”, “Memory Ballooning”, “Compression” and “Swap to Host Cache”.
Suggested Security Vulnerabilities in TPS
A recent academic study suggests that TPS can be leveraged to gain unauthorized access to data and documents under certain highly controlled conditions. As such, VMware has released an update to ESXi where TPS will need to manually be activated. (Until now all memory technology features have been enabled by default.) You can learn more about it in VMware’s Knowledge Base article: “Security considerations and disallowing inter-Virtual Machine Transparent Page Sharing”.
Achieving Better Over-Commitment using ‘Swap to Host Cache’
TPS is key for memory over-commitment. It helps to consolidate many memory pages across different VMs running in a VMware vSphere thus helping more VM consolidation from a memory perspective. For example, in a virtual desktop infrastructure (VDI) deployment with several Windows VMs, each running a common set of applications, TPS can result in efficient use of memory and higher consolidation ratio. TPS is an opportunistic memory reclamation technique that operates continuously on a powered-on VM throughout its lifetime, and hence is generally very effective. With TPS disabled, other memory management features, such as ballooning and compression, will need to play a more critical role to support over-committing memory. However, these features generally contribute marginally in when compared to TPS because these are used under specific situations e.g. when vSphere free memory is low. Using swapping to reclaim memory from VMs is the guaranteed method in most cases.
Last year I wrote a blog showing how VMware vSphere’s “Swap to Host Cache” feature can help administrators achieve higher densities while better meeting application SLAs. With TPS disabled, the “Swap to Host Cache” feature would play an important role when tackling server consolidation and memory hungry workloads. The swapping would happen much earlier and will have a critical role in maintaining VM density and application SLA story.
Currently, the “Swap to Host Cache” is an optional feature and is only configurable with SSDs. But in my opinion with this new finding, it would become a necessary feature, and a larger size and dedicated Datastore would make it more reasonable for more administrators to take advantage of it.
To learn more about SanDisk® solutions for virtualization, VSAN and VDI workloads visit our website or follow my blog for in depth testing results, tutorials and guides. If you have any questions, you can reach me at firstname.lastname@example.org, or join the conversation on Twitter with @SanDiskDataCtr