I was caught off guard today where I happen to answer a community question. The question was "Is TPS is enabled by default?"
TPS is a mechanism of compressing memory by eliminating same copies of memory and having one copy of the same memory page and is shared by all vm's.
My first response to the question was "Yes". Well that was the case until recent past. But when I did some research I found that there are changes to TPS.
TPS can be disabled. The reason behind bringing these changes are an academic research has found that it poses a security threat under very controlled situations. VMware believes it's only under controlled situations and it only poses a minimal threat. So VMware has taken a stance that it can be disabled in future releases of ESXi and consequently patches were released.
But you still can enable if you want this feature after disabling.
TPS is a mechanism of compressing memory by eliminating same copies of memory and having one copy of the same memory page and is shared by all vm's.
My first response to the question was "Yes". Well that was the case until recent past. But when I did some research I found that there are changes to TPS.
TPS can be disabled. The reason behind bringing these changes are an academic research has found that it poses a security threat under very controlled situations. VMware believes it's only under controlled situations and it only poses a minimal threat. So VMware has taken a stance that it can be disabled in future releases of ESXi and consequently patches were released.
But you still can enable if you want this feature after disabling.
Salting
allows Granular management of VM’s using TPS. With new setting vm’s can only
share pages if the salt values and contents of the pages are exactly the same. Mem.ShareForceSalting on
host config option is used enable or disable salting.
"By default, Mem.ShareForceSalting is set 0, which means by default Inter-VM page sharing is enabled. This behavior is same as old TPS behavior that exists in all older releases."
The following table shows how different settings for TPS are
used together to effect how TPS operates for individual virtual machines:
Mem. ShareForceSalting (host setting) |
sched.mem.pshare.salt
(per VM setting)
|
vc.uuid (per VM
setting)
|
Salt value of VM
|
TPS between VMs
(Inter-VM)
|
TPS within a VM
(Intra-VM)
|
0
|
Ignored
|
Ignored
|
0
|
Yes, among all VMs on
host.
|
yes
|
1
|
Present
|
Ignored
|
sched.mem.pshare.salt
|
Only among VMs
with same salt
|
yes
|
1
|
Not Present
|
Ignored
|
0
|
Yes, among all VMs
|
yes
|
2
|
Present
|
Ignored
|
sched.mem.pshare.salt
|
Only among VMs
with same salt
|
yes
|
2
(default) |
Not Present
(default) |
Present (default)
|
vc.uuid
|
No inter-VM TPS
|
yes
|
2
|
Not Present
|
Not Present
|
random number
|
No inter-VM TPS
|
yes
|
For more information on TPS, refer the following blog: http://blogs.vmware.com/vsphere/2015/01/assess-the-performance-impact-of-the-security-change-in-transparent-page-sharing-behaviour.html
"By default, Mem.ShareForceSalting is set 0, which means by default Inter-VM page sharing is enabled. This behavior is same as old TPS behavior that exists in all older releases."
To
fully understand this we need to understand what is inter-vm and intra-vm TPS
is.
Inter-VM TPS is that it occurs inside of a virtual machine.
Intra-VM TPS is that it occurs across the vm's.
Bug fix
No comments:
Post a Comment