gnomemade wrote:
Hi, I'm a security guy trying to understand some host hardening guidelines, not much vmware knowledge. I'm trying to understand the differences between resource pools and setting per-vm resources. Specifically around the host hardening guidelines in http://www.vmware.com/files/pdf/techpaper/VMW-TWP-vSPHR-SECRTY-HRDNG-USLET-101-WEB-1.pdf In that guide VMP04 has this for recommendations "Use shares or reservations to guarantee resources to critical virtual machines. Use limits to constrain resource consumption by virtual machines that have a greater risk of being exploited or attacked, or ones that run applications that are known to have the potential to greatly consume resources." I've done a bit of research and I can't seem to figure out if a resource pool is setup properly can that limit the total amount of memory/cpu that a guest can use or must those limits always be set in the resources tab on each individual vm's properties.
Both on a VM level and on a resource pool level you can set a limit. This limit is the truly a boundary for the virtual machine within that resource pool or the virtual machines within that pool.
Now one thing to keep in mind is that a VM can NEVER consume more than it has been allocated. I personally don't agree with this recommendation and definitely would not recommend setting a limit, but rather right size the virtual machine instead.