The one feature in System Center Virtual Machine Manager (SCVMM) 2008 R2 that goes a long way to making life much simpler for environments who focus on provisioning a lot is the disabling of SSL transfers.  The overhead to transferring over SSL is not overly small and to boot the data getting transferred is often not data that would\should get encrypted (its just a VHD with a Windows OS on it).

Disabling SCVMM 2008 R2 Encrypted Transfers for Hosts

This is a little known fact and there are a lot of features that are way cooler than this but it isn’t one that should get missed.  For this reason, I wanted to step you through disabling encryption.  Host-to-Host communication occurs often but in Windows Server 2008 & VMM the most prevalent time is between migrations (offlines).  To migrate a virtual machine that is on a non-standard environment for Live Migration, the virtual machine will be pushed to a saved state and then transferred.  The performance for transfer in these scenarios are greatly improved using non-encrypted transfer between source and target hosts.

To enable encryption (the default is disabled) using System Center Virtual Machine Manager (SCVMM) 2008 R2, do the following:

  1. Open the VMM Administrator Console
  2. Depending on your environment configuration, select the Host Groups (e.g. All Hosts) that has all of your Hyper-V hosts
  3. Right-click on the Host Folder (e.g. All Hosts)
  4. In the ‘Allow Unencrypted file transfers’, check the boximage
  5. Click OK

Disabling SCVMM 2008 R2 Encrypted Transfers for Libraries

Besides removing the restriction for transfers between hosts, SCVMM libraries have the ability to enable\disable transfers.  This scenario specifically covers deployments where VHDs, ISO’s, PowerShell scripts are used that are stored on your library server(s).

To enable unencrypted transfers for Libraries, do the following:

  1. Open the VMM Administrator Console
  2. Click the Library tab (displays Library servers, assets)
  3. Right-click on the library server and select propertiesimage
  4. Check the ‘Allow unencrypted file transfers’image
  5. Click OK

When would I leave this feature (Encrypted Transfers) turned on?

The one scenario where you should keep this feature turned on is when communicating from SCVMM to hosts that are in your DMZ.  These DMZ servers have particular nuisances that make them unique in that they service resources that are on the Internet and, in some cases, these transfers should be protected.

For example, in my configuration I have the following hierarchy (Host Groups):

image As you can see, I have Host Groups that define my CorpNet environment based on where I have hosts located.  Simple, yet very powerful.  I could easily add a Host Group that defines hosts that are on our perimeter network and not allow encrypted transfers.

Hope this little VMM 2008 R2 tip is useful…

-Chris

Digg This