8.5.1 (L2) Ensure VM limits are configured correctly

Information

By default, all virtual machines on an ESXi host share the resources equally. By using the resource management capabilities of ESXi, such as limits with reservations, shares, and/or resource pools, you can control the server resources a virtual machine consumes.

Without resource management, one virtual machine could consume so much of the host's resources that other virtual machines on the same host could not perform their intended functions.

Solution

To configure VM limits correctly, do all of the following that are applicable:

- Use shares or reservations to guarantee resources to critical VMs.
- Use limits to constrain resource consumption by VMs that have a greater risk of being exploited or attacked, or that run applications that are known to have the potential to greatly consume resources.
- Use resource pools to guarantee resources to a common group of critical VMs.

See Also

https://workbench.cisecurity.org/benchmarks/15334

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: VMware

Control ID: d1ce8fec13fd223525192a3d2a3e3c44b88ab76272b549f94d0d49250ed16956