Solved

How to harden Windows 2008 R2 Virtual Machine ?

Posted on 2014-11-28
10
178 Views
Last Modified: 2014-12-02
Dear Experts,

One of our servers with Windows 2008 R2 Enterprise Edition runs on VmWare as a Virtual Machine. This server is an application server and connects to hundreds of systems transferring large amounts of data over network with FTP and Oracle SQLLOADER. We provided the best network environment by means of RAM, bandwidth, etc. However sometimes we face to bottlenecks.

Could you please provide me advanced tips and techniques to harden this server which has heavy network load?

BR
0
Comment
Question by:GurcanK
  • 4
  • 3
  • 3
10 Comments
 
LVL 117

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 200 total points
ID: 40471491
I assume this is Windows Security Hardening ?

Turn on WIndows Firewall, and create rules for all your servers, you need to transfer data to and from.

There is a good guide here and list

https://wikis.utexas.edu/display/ISO/Windows+2008R2+Server+Hardening+Checklist

and Microsofts Baseline Guide here

http://technet.microsoft.com/en-us/library/cc526440.aspx
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 300 total points
ID: 40471551
Sounds more like the need for performance monitoring to find bottlenecks.
"However sometimes we face to bottlenecks" - if you did face those, you should be able to describe them, I think.
-what was the bottleneck, when did it happen, how often does that happen?
->present process names, numbers (RAM load/storage load/network load)
->describe symptoms (what is expected vs. what is experienced) combined with numbers ("should take 5 seconds, but does take a minute", for example).
0
 

Author Comment

by:GurcanK
ID: 40471612
This is performance bootleneck. Sometimes FTP connections wait till timeout, or SQLLOADER waits forever.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 300 total points
ID: 40471620
You offer no entry points yet. How could you expect profound help with so little information? :-)
->if it normally works, but only sometimes is slow/sometimes times out, you have to analyze and describe the surroundings in that error state as closely as possible.
Monitor the load (hard drive/CPU/RAM) in the error state - anything special to see?
Monitor the system with procmon - anything special happening during errors?
0
 
LVL 117
ID: 40471625
Are you using VMware vSphere (ESXi) to host the VM ?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:GurcanK
ID: 40471690
Yes I'm using VMWare vSphere ESXi Host.
0
 

Author Comment

by:GurcanK
ID: 40471693
I examined Performance of server via CPU and Memory usage. Memory is in average %30 and CPU usage in average %88.
0
 
LVL 117

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 200 total points
ID: 40471716
Okay, if you are using the E1000 interface for your VMs, this is WRONG!

and you need to replace it with the VMXNET3 interface, which is supported, and you must have VMware Tools installed.

This is a fully virtualised NIC, unlike the E1000 which is a legacy emulation designed for installation only in the OS.

There is also a tuning exercise you must also go through for the VMXNET3.

So do you have the E1000 installed ?
0
 

Author Comment

by:GurcanK
ID: 40471723
Yes it is E1000. This is good point. Thanks.
0
 
LVL 53

Accepted Solution

by:
McKnife earned 300 total points
ID: 40472395
Another thing: "CPU usage in average %88" - you mean on average, really? That's high. And how is it when the errors occur? Did you try to add another virtual CPU, yet?
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

From implementing a password expiration date, to datatype conversions and file export options, these are some useful settings I've found in Jasper Server.
Last article we focus in how to VMware: How to create and use VMs TAGs ā€“ Part 1 so before follow this article and perform the next tasks, you should read the first article how to create the TAG before using them in Veeam Backup Jobs.
This video shows how to recover a database from a user managed backup
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial sā€¦

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now