Installing in a Hyper-V virtual environment
Applies to: Forefront Protection for Exchange
Topic Last Modified: 2010-05-10
Microsoft Forefront Protection 2010 for Exchange Server (FPE) supports the Hyper-V platform. Hyper-V is a hypervisor-based server virtualization technology that enables you to consolidate multiple server roles as separate virtual machines running on a single physical machine. For more information about Hyper-V, see the Hyper-V and Virtualization TechCenter.
The deployment, configuration, and operation of FPE are the same in Hyper-V virtual server environments as on physical servers. This topic provides guidelines for installing FPE in a Hyper-V virtual environment.
|FPE is also approved for any hypervisor-based virtualization technology certified under the Microsoft Server Virtualization Validation program.|
The minimum server and client requirements for FPE are essentially the same when installing in a virtual Hyper-V environment as on a physical server. For information about FPE system requirements, see Verifying system requirements.
However, the application, operating system, and hardware platform versions must be supported by Microsoft Exchange Server on the Hyper-V platform. For details about Exchange Server support recommendations on Hyper-V, see Microsoft Support Policies and Recommendations for Exchange Servers in Hardware Virtualization Environments. For another resource to see if your virtualization configuration is supported, you can access the Virtualization Support Wizard at the following URL: http://go.microsoft.com/fwlink/?LinkId=157617
Once the requirements for running Exchange Server in a Hyper-V environment are met, the following guidelines must be followed for the host computer:
The host computer must have enough hardware resources to accommodate the virtual machines being deployed and their intended roles, and the host computer should be deployed with only the virtualization role.
Memory and CPU-intensive applications should not be run on the same host computer as the guest hypervisor.
File-level antivirus scanning should be disabled on directories hosting the guest virtual hard drives (VHD). For more information, see Configuring third-party file-level antivirus programs.
The following are guidelines for the guest computer on which FPE will be installed:
The size of the guest .vhd file must be a fixed value. Predefining the size of the .vhd file ensures that the host computer does not run out of hard drive space.
For performance reasons, it is recommended that you choose Small Computer System Interface (SCSI) or Internet SCSI-based (iSCSI) storage in order to host the FPE database, preferably separately from the guest operating system.
File-level antivirus scanning should exclude all necessary Exchange and FPE directories. For more information, see Configuring third-party file-level antivirus programs.
Snapshots in guest virtual machines are strongly discouraged and are not supported.
|You may encounter network bottlenecks if you are running more than one guest computer and the host computer only has a single network card. You should add a second network card and create an additional Virtual Network adapter. Network bottlenecks may also occur if you are running more than one guest computer and the host computer only has a single hard drive. Ideally, each VHD should be on its own hard drive in order to prevent slowdowns due to multiple computers accessing the same physical hard drive.|
Adding FPE increases the resources utilized by your Exchange environment. To ensure that your virtual environment can handle the anticipated load from Exchange and FPE, it is recommended that you measure the performance counters before and after installing FPE.
Based on the differences in the performance data from before and after the FPE installation, you may want to adjust your virtual hardware configuration. This can include allocating more memory, CPU affinity, and improved disk input/output. Memory and CPU utilization are usually the most heavily impacted by FPE.
|For more information on using performance counters, see Performance and Reliability Monitoring Step-by-Step Guide for Windows Server 2008 or Windows Server 2003 Performance Counters Reference.|
Because guest and host operating system settings such as video, sound cards, floppy disk drives, and virtual hardware require resources, it is recommended that you configure all nonessential items for "best performance." If you are not using it, you may also want to consider disabling or removing any nonessential items. This helps optimize performance in general for both the guest and host computers.
Be cautious when adjusting the number of processes you want running per server for the FPE scan jobs, as this can quickly deplete memory resources in your guest virtual machine. For example, transport scanning is set by default to 4 process counts. If all 4 are in use, then the number of selected scan engines is multiplied by the number of transport processes in use plus the size of the files being scanned. For example, if you are using the default transport process count of 4, the maximum of 5 scan engines for the transport scan job, and each engine is using 100 megabytes (MB) of memory, then you can estimate the overall memory use by using the following computation:
4 (transport processes) x 5 (scan engines) x 100 (MB) + file sizes of scanned attachments = memory utilization
|This is an example only, and real world results may vary.|
Memory is quickly exhausted if you increase the process counts, add more scan engines, and increase the Engines and performance setting. In most cases, the default number of process counts is adequate; however, you should consult Configuring the transport scan, Configuring the realtime scan, and Configuring the scheduled scan for more information on fine-tuning these settings. Additionally, use the performance data you collected earlier to help gauge how many process counts you should be using.