Friday, March 26, 2010

Configure Antivirus Exclusions for Improved Hyper-V Performance

This is a topic that has been discussed in plenty of detail across the web for some time now. But, recently I have noticed an increased number of inquiries regarding the proper configurations of antivirus solutions installed on Hyper-V host and general performance problems tied to improperly configured antivirus agents. I expect this recent surge is contributed to the increased adoption rate of Hyper-V R2 and the incorporation of Live Migration with Cluster Shared Volumes.

I am sure we all understand the importance of running antivirus on any server in the enterprise. It protects us from all the bad stuff that is crawling the web and from time to time creeps its way into our networks. Any good AV solution intercepts calls to local memory and disk and in some cases can even intercept running processes. This interception is by design and is what keeps our systems safe, but can lead to poor performance, especially on a Hyper-V host.

Proper configuration of your AV solution on a Hyper-V host includes exclusions of both processes, directories and file types and not doing so correctly can not only lead to poor performance, but can even lead to your VM’s going offline. So let’s look at what the exclusion configuration should look like.

On any Hyper-V host you will find a couple of core processes that is crucial to host and VM performance. Prevent the following processes from AV scans by excluding the following as part of you Hyper-V AV policy.

VMMS.exe
VMWP.exe

You also want to exclude the root directories where VM configurations and Virtual Hard Disks are stored. Exclude the following directories.

C:\ProgramData\Microsoft\Windows\Hyper-V
C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
Custom VM configuration, Virtual Hard Disk and Snapshot directories

Next, you want to create AV exclusions for the following file extensions.

*.XML
*.VHD
*.AVHD
*.VFD
*. VSV
*.ISO

Finally, if you are using Hyper-V R2’s Live Migration feature with Cluster Shared Volumes, then you will need to exclude the CSV path and any sub-directories. The CSV path is as follows.

C:\Clusterstorage

Failure to create this exclusion on hosts using CSV, can not only result in poor performance, but can also result in a missing or corrupt VM configuration. Refer to Microsoft Knowledge Base Article 961804 found at the link below for more information on this issue.

http://support.microsoft.com/kb/961804
Posted by Roger Johnson at 7:51 PM
Labels: , , , , , ,

1 comments:

  1. Hmmm that's too bad. Wouldn't have that problem with vSphere.
    ReplyDelete

Subscribe to: Post Comments (Atom)