Skip to main content
University of Florida

Virtual Machine

This work flow will deploy a blank VM with no installed operating system. To install an operating system:

  1. Request a new blank VM using the "Blank VM" catalog item in the hosting portal.
  2. Connect to the VM via a Remote Console session, mount your OS media ISO, and install your OS.

The clone VM workflow will allow you to select an existing VM and will clone (copy) the VM. You must have at least one existing VM to clone from. After cloning you can remote console to the VM to perform any initial configuration. When cloning a VM the new clone will be an exact copy of the original, including NIC, Satellite (RHEL), Active Directory (Windows) configurations. The cloned machine will not have network access, so you will need to know the local administrator/root password.

Windows VMs are typically ok to clone regardless of settings. On the cloned machine you will want to perform a few cleanup items:

  • Rename the machine
  • Disconnect from UFAD
  • Clean up the old NIC
  • Configure the new NIC with the correct IP
  • Join to UFAD

Linux VMs - If the MAC address is defined in the NIC configuration, cloning will result in the NIC coming up on the loopback address and you shouldn't have any issues. If the MAC is not defined in the NIC configuration the NIC may try to start on the same IP as the original and cause a conflict.

  • Configure the NIC with the correct IP

RHEL servers are deployed using cloud-init https://cloud-init.io. Cloud init is a platform agnostic Linux deployment tool that can be used to deploy Linux machines to any cloud. UFIT maintains a generic template with the cloud-init agent installed for each supported RHEL version that is cloned upon request. Customers enter a cloud-init user-config that is executed on the server at first boot. Networking is handled via the UF Hosting platform via form inputs.

REQUIREMENTS

There are two requirements:

  1. Install VMware tools on the server. In the example below this is done via the package: section.
  2. Register the VM with UF RedHat Satellite server. In the example below this is done via the runcmd: section. For further information about registering with the campus satellite server see the following: Red Hat Satellite 6 Register Host

All other options are optional but are best practices and should be implemented.

RHEL 9 CLOUD-INIT USER-DATA EXAMPLE

This cloud config will:

  • Delete any lingering SSH keys
  • Set the password for root to a random value
  • Add randomness to the VM from the Reddit homepage
  • Install the VMware Open VM Tools
  • Register the OS with UF Satellite
  • Disable root login via SSH
  • Resize the first disk to use any additional disk space
  • Apply all patches for the current OS version
  • Add a user called ufuser
  • Add an SSH key for ufuser
  • Allow sudo without entering a password
  • Add ufuser to the sudo group
  • Disabled password login for ufuser

#cloud-config
ssh_deletekeys: true
chpasswd:
  list:
    - root: R
random_seed:
  file: /udev/urandom
  command: ["pollinate", "--server=http://reddit.com"]
  command_required: true
package:
  - open-vm-tools
runcmd:
  - curl -o /tmp/bootstrap.py http://satellite.it.ufl.edu/pub/bootstrap.py
  - chmod +x /tmp/bootstrap.py
  - /usr/libexec/platform-python /tmp/bootstrap.py --login="MYSATELLITEUSER" --server=satellite.it.ufl.edu --location="MYLOCATION" --organization="MYSATELLITEORG" --activationkey "MYACTIVATIONKEY" --skip migration --skip-foreman --skip-puppet -v
  - sed -i 's,^PermitRootLogin.*,PermitRootLogin no,g' /etc/ssh/sshd_config
  - echo "Checking if we need to resize the 1st disk"
  - echo "1" > /sys/class/block/sda/device/rescan
  - echo ", +" | sfdisk -N 3 /dev/sda --force
  - partprobe /dev/sda
  - pvresize /dev/sda3
  - yum clean all && yum -y update --security
users:
  - name: ufuser
    ssh-authorized-keys:
      - ssh-rsa THISISMYPUBLICKEY
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: sudo
    lock_passwd: true

RHEL 8 CLOUD-INIT USER-DATA EXAMPLE

This cloud config will:

  • Delete any lingering SSH keys
  • Set the password for root to a random value
  • Add randomness to the VM from the Reddit homepage
  • Install the VMware Open VM Tools
  • Register the OS with UF Satellite
  • Disable root login via SSH
  • Resize the first disk to use any additional disk space
  • Apply all patches for the current OS version
  • Add a user called ufuser
  • Add an SSH key for ufuser
  • Allow sudo without entering a password
  • Add ufuser to the sudo group
  • Disabled password login for ufuser
#cloud-config
ssh_deletekeys: true
chpasswd:
  list:
    - root: R
random_seed:
  file: /udev/urandom
  command: ["pollinate", "--server=http://reddit.com"]
  command_required: true
package:
  - open-vm-tools
runcmd:
  - curl -o /tmp/bootstrap.py http://satellite.it.ufl.edu/pub/bootstrap.py
  - chmod +x /tmp/bootstrap.py
  - /usr/libexec/platform-python /tmp/bootstrap.py --login="MYSATELLITEUSER" --server=satellite.it.ufl.edu --location="MYLOCATION" --organization="MYSATELLITEORG" --activationkey "MYACTIVATIONKEY" --skip migration --skip-foreman --skip-puppet -v
  - sed -i 's,^PermitRootLogin.*,PermitRootLogin no,g' /etc/ssh/sshd_config
  - echo "Checking if we need to resize the 1st disk"
  - echo "1" > /sys/class/block/sda/device/rescan
  - echo ", +" | sfdisk -N 3 /dev/sda --force
  - partprobe /dev/sda
  - pvresize /dev/sda3
  - yum clean all && yum -y update --security
users:
  - name: ufuser
    ssh-authorized-keys:
      - ssh-rsa THISISMYPUBLICKEY
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: sudo
    lock_passwd: true

Windows is deployed by cloning a UFIT managed Windows VM template. UFIT manages several Windows Templates, one for each supported Windows OS, that are used to deploy base Windows Server images.

Supported Windows Versions

  • Server 2022/2019/2016 GUI/Core

General Information

  • All Windows systems are joined to the UFAD (ad.ufl.edu) domain.
  • The UFIT provided templates are automatically patched with the latest version of ALL available Windows patches.
  • If the primary disk (C:) is larger than the base size (80GB/250GB) of the disk tier it must be manually extended in the OS using Disk Manager post deployment.
  • All Windows machines have a PTR record entered in the UF DNS system using the name and IP entered in the request form. If an IP address was pulled from a shared hosting network the chosen IP address will be used.

REQUIREMENTS TO DEPLOY WINDOWS SERVER

During Windows deployments the Administrator password is set to a random 32 character password. Because of this there are some pre-provisioning requirements that must be met in order to access the Windows VM post deployment.

  • Create an Active Directory computer object.
  • Group policy to enable RDP for users must be applied to the computer object.
  • Group policy to add users to allow RDP to the server must be applied to the computer object.
  • Group policy to configure firewall to permit RDP traffic to the server must be applied to the computer object.
  • When creating new computer object delegate “Join to Domain“ rights to the service account UFAD\eio-svc-vcac-prd.

There are three template GPOs you can copy to enable the requirements above. You will want to copy the GPO objects to unique objects your group owns. You will also want to add a group object to have "Edit settings, delete, modify security" delegation to a group instead of just your user to the new copied GPO.

Linking to these GPOs is not advised--copy them to new and modify to suit your needs.

    • UFIT-Firewall Template (This policy is optional as when you enable remote desktop the firewall rules should be automatically added)
    • UFIT-Local Groups Template
    • UFIT-Remote Desktop Template

All hosted VMs have a default backup job defined to run every day and retain the backup for 7 days. This retention period cannot be changed, but additional backups can be manually initiated and these backups will also be retained for 7 days.

When a VM is destroyed, the backups will age out according to the retention period. No changes need to be made to the backup job.

ON-DEMAND BACKUP

An On-Demand Backup is a snapshot that is retained for the retention period defined by the backup job. It does not impact the retention of existing backups and is just added to the chain.

  1. Navigate to VM Actions.
  2. From the Action menu, select On-Demand Backup.
  3. Click the Submit button.

RECOVER A VM

The Recover VM process first makes a VM backup before performing the restore.

  1. Navigate to VM Actions.
  2. From the Action menu, select Recover VM.
  3. Choose a Recovery Point from the list of available snapshots.
  4. Click the Submit button.

RECOVER A VM FILE OR FOLDER

You can perform a file/folder search, and recover the file or folder to the virtual machine. The Recover VM File process first makes a VM backup before performing the restore.

  1. Navigate to VM Actions.
  2. From the Action menu, select Recover VM File.
  3. Enter a string to search for a file or folder.
  4. Select the file or folder to be recovered.
  5. Select the version (backup date/time) of the file or folder to be recovered. "8 Copies" shown in the screenshot below indicates the file to be recovered is the same in all eight backups that exist.
  6. Selecting “Yes” to overwrite will replace the original file or folder with the backup’s version. Selecting “No” will require an Alternate Restore Path.
  7. Enter credentials with access to the guest OS and the file or folder be recovered.
  8. Click the Submit button.

You can have a report emailed to you with details of the backup status of all VMs within a group. The email will contain a list of each VM and its backup details along with an attached CSV with the same data.

  1. In the hosting portal on the "Catalog" page in the "Virtual Machine" service request the "View VM Backup Status" catalog item.
  2. On the View VM Backup Status form, enter a comma separated list of email addresses in the "Email" field that you want the report emailed to and click "Submit".

In certain circumstances you may need to access your Virtual Machine directly using a console session. Common reasons for this are loss of network connectivity, a frozen/locked system, or installing an operating system. The instructions below will show you how to connect to your VM directly via a VMware Console session.

VMRC

For either of these methods to work you will need to download and install the VMware Virtual Machine Remote Console (VMRC) application for your workstation OS.

VPN REQUIREMENTS

To connect to the VM via VMRC you must be on the UF Hosting VPN.

  • You can get the VPN client from https://vpn.ufl.edu
  • To connect to the UF Hosting VPN enter your username as GLID@ufl.edu/cnshosting

CONSOLE USING HOSTING PORTAL

  1. In the https://hosting.it.ufl.edu portal navigate to the Virtual Machine "Item" you want to console to.
  2. On the VM Item select the "Get Standalone VMRC Link" action.
  3. Copy the generated URL and paste it into a new browser window.
    1. If prompted, enter your GLID and password to authenticate.

CONSOLE USING VCENTER

  1. In the https://vmconsole.hosting.it.ufl.edu web client navigate to your VM.
  2. On the Summary tab select "Launch Remote Console".
    1. If prompted, enter your GLID and password to authenticate.

To export a VM you will need to log into the vCenter service, power off the VM and export the VM.

  1. Log into the UFIT vCenter service at https://vmconsole.hosting.it.ufl.edu with your GLID.
  2. Navigate to your VM, right click and select "Power > Shut Down Guest OS" to gracefully shut down the system or "Power > Power Off" to power it off.
  3. Once the VM is powered off, right click it and select "Template > Export OVF Template"
  4. Provide a destination and name for the exported VM and click "OK"

In the event the hosting portal is unavaiable you can still access your VM by logging directly into the hypervisor management console. Note that only a subset of the functionality is available in the hypervisor management console. Access here is intended to be a backup to the hosting portal.

You can access the hypervisor management console at:

https://vmconsole.hosting.it.ufl.edu

CONNECTING VIA CONSOLE SESSION

You will need to connect to the VM via a console session. For instructions on connecting via a console session click the link below

  • Console Sessions

MOUNTING AN ISO

You will need to mount an ISO to install your OS from. For instructions on mounting an ISO click the link below

  • Mount an ISO

BOOTING TO AN ISO

We will be installing the OS from the ISO very similar to how we do it on traditional hardware.

  1. Start or restart the VM to get to the BIOS screen by selecting "Player > Power > Power On/Restart Guest".
  2. After power on press the "ESC" key to get to the Boot Menu, you will have 6 seconds at the BIOS screen.
  3. Select the "CD-ROM Drive" option.
  4. Install your OS.

INSTALLING VMWARE TOOLS

You need to install the VMWare tools immediately after you've finished installing the operating system. The VMWare Tools package includes drivers for the virtual video card, disk controller, and network card that the machine needs.

  • Installing VMware Tools

If you would like to mount an ISO to your VM to install an operating system or to install software you can do so using the Virtual Machine Remote Console (VMRC) application. See the document at

  • To connect to the VMRC you must be on the UF Hosting VPN.
  • You can download the VMRC from the page below
    • Console Sessions
  1. On a VM Item select the "Get Standalone VMRC Link" action.
  2. Copy the generated URL and paste it into a new browser window.
    1. If prompted, enter your GLID and password to authenticate.
  3. Select "Player" in the top left corner of the VMRC application.
  4. In the drop down select "Removable Devices > CD/DVD drive 1" and select one of the following:
    1. Connect to X:
      • This will connect to your local machines CD/DVD drive.
    2. Connect to Disk Image File (iso)...
      • This will let you select an ISO file to mount.

VMware tools are required to be installed on all VMs.

VMWARE TOOLS OVERVIEW

VMware Tools is a suite of utilities that enhances the performance of the virtual machines guest operating system and improves management of the virtual machine. Without VMware Tools installed in your guest operating system, guest performance lacks important functionality.

If you are deploying a VM using the "Clone", "Windows Server", or "Red Hat Enterprise Linux" (using UFIT kickstarts with version 7 or above), VMware Tools will automatically be installed.

If you deploy a "Blank VM" and install your own OS or use the RHEL catalog item with a custom kickstart you will need to install VMware Tools.

INSTALLING AND UPDATING VMWARE TOOLS LINUX

The supported method for deploying and managing VMware Tools on Linux OS's is to utilize the open-vm-tools package through the OS. The primary purpose for open-vm-tools is to enable operating system vendors and/or communities and virtual appliance vendors to bundle VMware Tools into their product releases. open-vm-tools is the open source implementation of VMware Tools and consists of a suite of virtualization utilities that improves the functionality, administration, and management of virtual machines within a VMware environment.

Installing open-vm-tools on Linux

INSTALLING VMWARE TOOLS WINDOWS

When deploying Windows VMs using the "Windows Server" catalog item in the self service portal, VMware tools are automatically installed.

If you deploy a "Blank VM" and install the Windows OS you will need to manually install VMware Tools.

  1. In the UF Hosting portal under the "Deployments" tab, select the deployment that contains the VM you want to update.
  2. Select the VM from the Components tab in the Deployment.
  3. Click the cog wheel next to the VM Component and select "Install Tools".
    • If this process doesn't complete successfully you can mount the tools ISO by running the "Mount Tools" action.
  4. In the OS install the VMware Tools from the mounted media.

Upgrading VMware Tools Windows

VMware Tools are configured to automatically check the installed version and on Windows machines, update if necessary at each reboot.

If you want to manually update the VMware Tools you can run the "Upgrade Tools" action in the self service portal.

  1. In the UF Hosting portal under the "Deployments" tab, select the deployment that contains the VM you want to update.
  2. Select the VM from the Components tab in the Deployment.
  3. Click the cog wheel next to the VM Component and select "Upgrade Tools".
    • If this process doesn't complete successfully you can mount the tools ISO by running the "Mount Tools" action and install manually in the OS.

VM NICS

VMs created via the portal can only have one NIC. If you would like to add additional NICs to your VM please submit a ticket at https://my.it.ufl.edu.

VM NICs are placed on a single VLAN and can access any subnet on that VLAN.

NETWORKS

Customers can either request their own networks to use for their VMs or they can utilize one of our "shared" hosting networks.

When using a custom network the requestor will be required to provide an IP address. A PTR record of the VMs FQDN will be created in Infoblox if the VM is in the ad.ufl.edu domain.

When using a shared hosting network an IP address will automatically be assigned to your VM and a PTR record of the VMs FQDN will be created in Infoblox. An ITSM ticket will be created on the requestors behalf and sent to the DNS team to associate the IP address with the requestors unit and possibly create DNS A Records.

NETWORK ACLS

PRIVATE HOSTING NETWORK

Please note: Default ACLs are already in place on the private hosting network to allow connections from UFAD's servers, the UF security scanners, the UF name servers, and port 22 (SSH) and 3389 (RDP) from anyone on UF 10.0.0.0/16 IP space.

PUBLIC HOSTING NETWORK

Please note: There are no default ACLs on the public networks. This means that ACLs will need to be filed to open ports for incoming connections that need to communicate with any virtual machine.

ACLS

ACLs can be done on a per port level, a per machine (IP) level, or a per-network range model or any combination of the previous. ACLs can be restricted at the protocol level as well - UDP, TCP, both, ICMP.

In most cases customers are listed as "subnet managers" for the IPs on which their VMs reside. This allows you to directly request ACL changes from Network Services. To request ACL changes immediately, put any requested ACLs in the VM request form in a comma separated format. This will generate an ITSM ticket on your behalf to Network Services requesting the ACLs you entered in the form. You can also request ACLs later by submitting a ticket at https://my.it.ufl.edu directly to Network Services.

Some typical ACL requests might be:

  • open ports 80,443 (tcp) for all ip addresses for virtual-apache-server.somebody.ufl.edu
  • open incoming connections to port 22 using tcp to host virtual-apache-server.somebody.ufl.edu from all hosts on campus
  • allow all incoming connections to host virtual-apache-server.somebody.ufl.edu from all hosts on network 10.241.33.0/24
  • allow incoming connections to ports 135-139 using tcp, port 135 using udp, and port 445 using tcp to hosts on ranges 10.241.33.0/24, 128.227.156.0/24
  • Allow all connections to virtual hosts 10.241.33.200-225 from all hosts on networks 128.227.0.240/27 using tcp or udp
  • permit icmp traffic to virtual host virtual-apache-server.somebody.ufl.edu from host 128.227.0.240

Statistics regarding CPU usage, memory utilization, network performance, and disk performance for your hosted virtual machine are available from the VMware Client. You can view real-time sampled stats, historical statistics for a number of hours, days, weeks, or months, and export these figures to Excel spreadsheet format for further analysis.

  1. Sign in to the VMWare Web Client
  2. Select your VM from the Navigator pane on the left.
  3. In the VM properties pane in the center or right, select the "Monitor" tab.
  4. On the monitor page select the "Performance" button.
    • By default you will see "real time" performance statistics including the last day.

For more information about advanced performance monitoring features please see https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.monitoring.doc/GUID-17857489-FA76-4EFC-827B-D1C647F818CC.html.

Sizing and Performance

Be sure to follow our sizing and performance recommendations if you choose to modify your VM.

sizing

GROUP RESOURCE LIMITATIONS

To prevent any one group from consuming all available infrastructure resources each business group is allocated an infrastructure resource reservation for each VMware compute cluster which limits the amount of Memory, Disk, and Networks available to a group. UFIT currently has one hosting compute cluster per datacenter. When a group reaches their resource limit new deployments and modifications that go over the limits will fail. When this happens UFIT will increase the limit for the specific resource that has reached the limit.

The default resource limits are as follows:

  • Memory - 128GB
  • Disk - 4000GB in each tier
  • Network - Public and Private Shared Hosting Networks
    • If your group has any custom networks those will be added to your reservation.

VM RESOURCE LIMITATIONS

To allow for simple maintenance and efficiency there are default limits on the resources that can be allocated to a VM.

  • vCPU - 4
  • Memory - 16GB
  • Disk - 4000GB per disk
    • If you need a larger volume you can extend the volume in the OS using LVM or Disk Manager.

If you feel you need more than the limits please open a ticket at https://my.it.ufl.edu and UFIT will discuss options with you.

SIZING RECOMMENDATIONS

Undersizing or Oversizing virtual machines can have a negative impact to your VM and other VMs running on the same hypervisor host. Please ensure you're following the best practices when creating or modifying VMs.

  • Start with one vCPU per VM and increase as needed.
    • Vendors often suggest resource requirements that are much higher than necessary to ensure the applicaiton works well the first time. Take vendor suggestions with a grain of salt.
  • Do not allocate more vCPUs than needed to a VM as this can unnecessarily limit resource availability for other VMs and increase CPU Ready wait time (waiting for CPU) on the VM.

VCPU OVERSIZING

How adding more vCPUs (virtual CPU) to a VM can equal less computing power

Virtualization makes highly efficient use of the CPU, memory, and storage resources available on a physical server. Hypervisor overhead accounts for just about 5% of the physical host resource overhead, leaving the majority of those physical resources available for use by virtual servers.

A hypervisor is a load sharing computing system. Every VM running on a hypervisor host gets an equal share of CPU, memory, storage, and network attention from the system scheduler. Because a badly configured VM can affect the amount of resources that are available to his neighbors, properly sizing VM workloads is essential to maximizing its performance and minimizing wasted resources.

In the physical world, a server is limited to physical factors - for CPU, it's limited by the processor family, number of cores per CPU socket, and the speed of the physical processors that are present. If an application on a physical server is slow, it was often remedied by buying a larger server, procuring more memory, or by swapping the storage system out for faster disks or SSD drives.

Virtualized server CPU resources work in a similar manner. However, because a virtualized server is a shared system, increasing the number of CPU resources for a VM can actually throttle the VM and perform more slowly than intended.

THE FOLLOWING IS A SIMPLIFIED EXAMPLE

If a physical host has two CPU sockets, each running a 16 core CPU. With every clock cycle, the two CPUs can execute up to 32 instructions at once.

The number of VMs running on a host can vary, but we generally want to run around 50 per host. These VMs vary in size from 1 vCPU to some that have 16 vCPU's configured on them, and have mixed workloads from nothing running other than the OS up to intensive video processing.

As mentioned earlier, all VMs have the same priority. The CPU resource scheduler acts in a round robin - type fashion and checks in with each VM to see if it has any CPU work to execute. If the VM has CPU work to perform at that time, the scheduler will assigns cores located on the physical CPUs to perform the work. One physical CPU core gets assigned to each vCPU configured for the VM. If the VM does not have any work to perform, the scheduler skips to the next VM in line. Once all of the physical cores are filled, or the scheduler runs out of time, the physical CPU's execute the instructions as part of that cycle.

We have 32 cores available to schedule each clock cycle. What happens if we fill 30 of them, and the next VM that has work to do has 4 vCPU's?

The answer is that the scheduler tells the 4 core VM that it has no CPU resources available and it will skip to the next VM. When the scheduler finds a VM with 2 vCPUs and has work to perform, it will finish filling the queue and execute the work. The amount of time that the VM has to wait to get work scheduled is recorded in milliseconds in the list of CPU statistics as "CPU Ready" time – the VM was ready for CPU attention, but had to wait X milliseconds to get scheduled.

Will that 4 vCPU VM get priority to be serviced in the next scheduling interval? Not necessarily – the CPU resource scheduler will check in to see if that VM has work waiting to be done at the next regular interval. In reality, the odds are good for a 4 vCPU VM to get scheduled regularly. What if the VM had 16 vCPU's or more instead of 4? On a busy host, the chances of getting work scheduled each clock cycle decreases the higher the number of configured vCPUs.

Take a theoretical example of a host that has 6 very busy 2 vCPU VMs and one 32 vCPU VM. The 32 vCPU VM will probably show gigantic co-stop times because it can't get work scheduled until there's a clock cycle where none of the other VMs have work to be performed and all 32 physical cores are free.

FAQS

If a VM with 2 vCPUs is running slowly, adding another 2 vCPU's will give it twice the computing power, right?

The most accurate answer is that "it depends". If you have 4 threads that contain work that are ready to be executed every clock cycle, then yes, it will definitely help your VM run better. If you only have 2 threads ready to do work each cycle, then adding 2 more vCPUs will be wasted. You may not see a difference in performance initially, but as the physical hosts get busier, VMs that are over provisioned will eventually see performance suffer.

How do I tell if I need to add more vCPUs to a VM?

VMWare uses a CPU statistic called 'CPU Ready' that keeps track of how long a VM workload waits for CPU attention from the host it is running on.

This counter can be found in the vCenter by highlighting your VM, click on the Monitor tab, click on Performance, and choose Advanced. Click on Chart Options. Choose CPU on the left side, and a Timespan of Real-time. Under "Select Counters for this chart", choose "Readiness". The display will show a value for each vCPU configured for the VM, and an aggregate value for the VM as a whole.

The definition of "Readiness" is: "Percentage of time that the Virtual Machine was ready, but could not get scheduled to run on one of the physical CPU." You want this value to be as low as possible, ideally. We get concerned at the 5% mark. Occasional spikes over 5% can be OK - it can indicate a host that is just very busy, but sustained bursts over 5% can also indicate that an additional core may benefit performance on the machine. However, an additional core is only beneficial if there is a corresponding additional thread of work in the VM that is waiting to be executed. The UFIT Virtual Platform team should examine this VM further to see if adding additional cores would benefit performance.

How can I tell if my VM has too many vCPUs?

VMware uses a statistical counter called "CPU Co-Stop" to measure the amount of time that a VM has to wait to execute an instruction due to CPU scheduling - finding the right number of physical cores available on the host CPU needed to execute one clock cycle's worth of work waiting in the threads of the VM.

The definition of "CPU Co-Stop" is: Time that the virtual machine is ready to run, but is unable to run due to co-scheduling constraints. In order for a single instruction set to run, the scheduler has to find the same number of physical CPU cores free that match the number of vCPU's configured for a virtual machine. Even vCPUs that have no work queued up to perform.

This counter can be found in the vCenter by highlighting your VM, click on the Monitor tab, click on Performance, and then choose Advanced. Click on Chart Options. Choose CPU on the left side, and a Timespan of Real-time. Under "Select Counters for this chart", choose "Co-Stop". The chart will show a value for each vCPU configured for the VM, and an aggregate value for the VM as a whole. The values expressed in the chart are in milliseconds summed up over a sampling interval of 20 seconds. To calculate a percentage of wait, take the value shown and divide by 20000, then multiply by 100.

The number that approaches concern is 5%. If you see sustained values above 5%, it can be a sign of too many vCPU's assigned, or that it is running on a host that's very busy. Further examination by the ICT Hypervisor team can determine whether lowering the number of vCPU's or moving it to a different host can help performance.

IMPORTANT NOTE

CPU Co-Stop numbers will be deceptively low if the physical host has sufficient CPU capacity to handle the full workload of all of the VMs (including yours) running on it (wasted vCPUs or not).

If the physical host has plenty of processing power, and no VMs ever have to wait for work to be scheduled, then Co-Stop values will always remain low. This is particularly the case for newer hardware infrastructure in the beginning. However, the negative effects of over provisioning will become more and more pronounced as the physical hosts get busier, and those numbers will eventually start climbing once performance starts to suffer.

How should I size a new VM?

If you do not have a feeling for how much work your VM will perform in our environment, start with as little as possible. Start with 2 vCPU's to enable multi-threading - it's easy to add additional vCPU capacity if the VM needs it, whereas removing vCPU capacity requires downtime for the virtual server.

Watch the performance counters on the Real-Time CPU display in the vCenter. If the "Usage in MHz" counter stays at 100% for sustained periods of time, you may have a runaway process, or you may have threads with additional work that is waiting to be performed. (Check the CPU Ready values). Occasional spikes to 100% are perfectly normal - you just do not want high sustained use. Be sure to look at the values for the individual vCPUs in the Real-Time CPU display rather than the aggregate for the VM as a whole. Ask the UFIT Virtual Platform team to examine activity on the VM.

If you look at the Usage in MHZ screen and see activity on some vCPUs and 0 or very low value numbers on the others, it may be a sign that you h ave too many vCPUs assigned that aren't being used. Reducing the number of vCPUs can prove to be beneficial - especially for VMs that have higher numbers of vCPUs.

My application documentation says to size the VM using 20 vCPUs and 64GB of memory, what should I do?

Because of the shared nature of virtualization, physical sizing requirements are rarely relevant to creating performant VMs. Start with a low number of vCPUs, examine performance statistics in the vCenter console after the product is running, and add additional vCPU s only if needed. Remember that it is easy to hot add vCPU's but more painful to power down a VM to remove them.

My machine is running slow, what should I do?

Check the "Usage in MHz" counters in the Real-Time CPU display under Monitor, Performance, Advanced in the vCenter for your VM. If they show high sustained values for all of the vCPU's assigned to it, then you may need to add more capacity. Check the CPU Ready counters in that same graph to see how long the wait is. If it is a low %Ready value per vCPU, then your speed issue may be caused by other factors, like a poorly constructed database query, not using indexes, etc.

Consider reducing the number of vCPUs assigned to the VM. The lower the number of vCPUs assigned, the easier it is to schedule work for it. In more than one scenario, reducing the number of vCPUs assigned increased performance for a VM that seemed sluggish. You can easily go back the other direction if it does not help.

When configuring a virtual machine a Guest Operating System type is required. vSphere uses this information to set the appropriate default values, name files associated with the virtual machine, adjust performance settings, and work around special behaviors and bugs in the guest operating system. If the operating system you plan to install is not listed in the wizard, select Other for both the operating system and version. Because of this its important that the Guest Operating System type is set correctly.

When upgrading the operating system on a virtual machine the Guest Operating System setting should be updated before the operating system is upgraded. If this is not done the operating system could encounter issues after the upgrade.

There is no self-service functionality to update the Guest Operating System setting. To update the setting submit a ticket at https://my.it.ufl.edu assigned to the Virtual Machine Hosting queue with the name of the VM being upgraded and the operating system version you're upgrading to.

You can take snapshots of VMs to provide a short-term copy of the VM to revert to in the event a change made to the VM does not go as planned. When you create a VM snapshot a new hidden disk file gets created and all changes to the VM are written to the new hidden disk. Because of this the disk can grow rapidly. It is strongly suggested that you retain snapshots only as long as their required. You will be billed for the disk space consumed by the snapshot disk file at the same rate as the disk tier the real disk is provisioned on while the snapshot file exists.

Snapshots should be kept for the shortest period of time possible. Snapshots can consume disk space quickly and can degrade VM performance.

Snapshots can be taken and manged through the "Snapshot" actions of a VM "Item". There are three snapshot actions available:

  1. Create Snapshot
  2. Delete Snapshot
  3. Revert to Snapshot

Snapshots have the following limitations:

  • Maximum of 3 concurrent snapshots per VM
  • Snapshots will be automatically deleted after 14 days