The one feature in System Center Virtual Machine Manager (SCVMM) 2008 R2 that goes a long way to making life much simpler for environments who focus on provisioning a lot is the disabling of SSL transfers. The overhead to transferring over SSL is not overly small and to boot the data getting transferred is often not data that would\should get encrypted (its just a VHD with a Windows OS on it).
This is a little known fact and there are a lot of features that are way cooler than this but it isn’t one that should get missed. For this reason, I wanted to step you through disabling encryption. Host-to-Host communication occurs often but in Windows Server 2008 & VMM the most prevalent time is between migrations (offlines). To migrate a virtual machine that is on a non-standard environment for Live Migration, the virtual machine will be pushed to a saved state and then transferred. The performance for transfer in these scenarios are greatly improved using non-encrypted transfer between source and target hosts.
To enable encryption (the default is disabled) using System Center Virtual Machine Manager (SCVMM) 2008 R2, do the following:
Besides removing the restriction for transfers between hosts, SCVMM libraries have the ability to enable\disable transfers. This scenario specifically covers deployments where VHDs, ISO’s, PowerShell scripts are used that are stored on your library server(s).
To enable unencrypted transfers for Libraries, do the following:
The one scenario where you should keep this feature turned on is when communicating from SCVMM to hosts that are in your DMZ. These DMZ servers have particular nuisances that make them unique in that they service resources that are on the Internet and, in some cases, these transfers should be protected.
For example, in my configuration I have the following hierarchy (Host Groups):
As you can see, I have Host Groups that define my CorpNet environment based on where I have hosts located. Simple, yet very powerful. I could easily add a Host Group that defines hosts that are on our perimeter network and not allow encrypted transfers.
Hope this little VMM 2008 R2 tip is useful…