Never Install Hyper-V as a Role
-
This one comes up incredibly often and needs a point of reference. It's a general best practice, simply distilled from other best practices around avoiding bloat, unneeded licensing, complexity, etc. Bottom line is Hyper-V, when installed, should always be installed directly and never as a role from within Windows. People often ask why, as they generally perceive no problems having done it this way. The issue is, that the problems are there but not perceived. People often miss the performance, security and management problems that are happening or don't associate future technical debt with this decision or don't realize that many of their problems are there but have not been "seen" yet.
Downsides of the role install:
- Dom0 is bloated unnecessarily without benefit leading to:
- Larger security attack surface. Unnecessary security risks and effort.
- Patching is far more often and larger and more critical. So patching matters more, is needed more often and takes longer to do.
- System is slower (just a tiny bit, but still negative.)
- More storage is wasted.
- Hyper-V becomes tied to the Windows VM licenses which leads to even bigger problems:
- You can't update Hyper-V when you should, you have to pay for Windows updates first, and no one does this.
- You cannot simply move your workloads between machines without dealing with moving the Dom0 license, too.
- Moving from Windows to non-Windows workloads still keeps Windows licensing for no reason.
- You have to manage Windows licensing and track it and audit it, for no reason.
- You have a Windows install that looks like normal Windows but causes licensing violations if you start installing anything there.
In general your installation is just more confusing to understand and support and encourages bad behaviours. There are no upsides, but loads of caveats. Some are minor, some are big. All affect you from the start and all grow over time. It creates technical debt that need not exist.
- Dom0 is bloated unnecessarily without benefit leading to:
-
Learning to understand, look for and perceive this issues which affect everyone deploying as a role is important because a large number of shops will state that they see no problems from their install while, at the same time, having security and performance gaps for no reason, and being stuck on old technology that they cannot update because of licensing problems. As an outsider looking in, the problems created are incredibly obvious, but internally it seems that being "too close" to the problem makes it seem like there are no problems or it is not clear that things that are less than ideal are being caused or contributed to by having installed as a role.
-
If you went into a one physical server shop with Hyper-V installed as a role and existing VMs in place, would you consider this a big enough problem to redo the entire installation?
-
@BRRABill I wouldn't
-
@BRRABill said in Never Install Hyper-V as a Role:
If you went into a one physical server shop with Hyper-V installed as a role and existing VMs in place, would you consider this a big enough problem to redo the entire installation?
That's a big question and generally the answer would be no, but a lot comes down to politics and control of the environment, too.
-
@BRRABill said in Never Install Hyper-V as a Role:
If you went into a one physical server shop with Hyper-V installed as a role and existing VMs in place, would you consider this a big enough problem to redo the entire installation?
Immediately? No. But it would be immediately added to the project list to get planned as soon as convenient.
