TPS (Transparent Page Sharing) is a proprietary functionality in VMware ESX(i) which essentially does deduplication of memory pages used for virtual machines. Identical memory content across multiple machines thus only consumes memory once.
When you have multiple virtual machines with the same guest operating system running, there’s a high chance of identical content which can be easily deduplicated to save memory. This however comes with costs in terms of a small performance decrease.
Due to the performance impact, Transparent page sharing (TPS) is activated only under memory pressure, when available RAM on the host is below a customizable threshold.
The Bad News
A few years ago, an academic paper showed that in a special customized environment, TPS could be used to bypass security and access the memory of a different virtual machine on the same host.
Even if this was valid only in that specific customized environment (VMware believes information being disclosed in real world conditions is unrealistic), VMware decided to disable TPS by default:
TPS must now be configured manually, and it’s enabled only between virtual machines with the same
sched.mem.pshare.salt
which is a per-VM custom string parameter.
Very few people know this parameter and set it on their VMs groups!
Performance Side Effects
Having disabled TPS, an ESXi host going low on memory (for example due a hardware failure of a server part of a cluster) could only use some other methods to reclaim memory: such as a memory ballooning driver (which forces the VMs to free up memory):
or RAM compression/swap:
Both of these methods have a huge impact on the overall performances, while the impact of TPS would have been minimal.
The Good News
The TPS feature can be re-enabled by default: it’s just a customizable variable in the ESXi configuration.
If it’s possible that a hardware failure could bring the still-alive ESXi hosts into a memory pressure condition, it’s better to prevent the issue, avoid memory ballooning / compression and let TPS reclaim memory for free!
It’s just an ESXi host parameter that can be set on the fly:
Mem.ShareForceSalting = 0
This way the TPS feature will be active and ready to reclaim memory, but only when an ESXi is under memory pressure.
These Solutions are Engineered by Humans
Did you find this article interesting? Does it match your skill set? Our customers often present us with problems that need customized solutions. In fact, we’re currently hiring for roles just like this and others here at Würth Phoenix.
My name is Alessandro and I joined Würth-Phoenix early in 2013. I have over 20 years of experience in the IT sector: For a long time I've worked for a big Italian bank in a very complex environment, managing the software provisioning for all the branch offices. Then I've worked as a system administrator for an international IT provider supporting several big companies in their infrastructures, providing high availability solutions and disaster recovery implementations. I've joined the VMware virtual infrastructure in early stage, since version 2: it was one of the first productive Server Farms in Italy. I always like to study and compare different technologies: I work with Linux, MAC OSX, Windows and VMWare. Since I joined Würth Phoenix, I could also expand my experience on Firewalls, Storage Area Networks, Local Area Networks, designing and implementing complete solutions for our customers. Primarily, I'm a system administrator and solution designer, certified as VMware VCP6 DCV, Microsoft MCP for Windows Server, Hyper-V and System Center Virtual Machine Manager, SQL Server, SharePoint. Besides computers, I also like photography, sport and trekking in the mountains.
Author
Alessandro Romboli
My name is Alessandro and I joined Würth-Phoenix early in 2013. I have over 20 years of experience in the IT sector: For a long time I've worked for a big Italian bank in a very complex environment, managing the software provisioning for all the branch offices. Then I've worked as a system administrator for an international IT provider supporting several big companies in their infrastructures, providing high availability solutions and disaster recovery implementations. I've joined the VMware virtual infrastructure in early stage, since version 2: it was one of the first productive Server Farms in Italy. I always like to study and compare different technologies: I work with Linux, MAC OSX, Windows and VMWare. Since I joined Würth Phoenix, I could also expand my experience on Firewalls, Storage Area Networks, Local Area Networks, designing and implementing complete solutions for our customers. Primarily, I'm a system administrator and solution designer, certified as VMware VCP6 DCV, Microsoft MCP for Windows Server, Hyper-V and System Center Virtual Machine Manager, SQL Server, SharePoint. Besides computers, I also like photography, sport and trekking in the mountains.
In some environments, Elastic Agent integrations can unexpectedly consume excessive memory. This can be due to various reasons: misbehaving integrations, memory leaks, or simply under-provisioned hosts. When this happens, the Linux Kernel may invoke the OoM (Out of Memory) killer Read More
In this blog post I'm abandoning advice and tips on our software suite for once and moving on to show you an important best practice that we recommend to all our customers for their servers. But what do you do Read More
These days the landscape of cybercriminal activities seems to have as the only protagonists the Threat Actors who are carrying out an attack on publicly exposed VMware ESXi infrastructures. The French National Computer Emergency Response Team (CERT) published a security advisory on Read More
Do you have a NetEye server, and want to monitor your VMware ESXi Infrastructure? Nothing easier than that using the InfluxDB and Grafana Modules of NetEye, along with a Telegraf agent to deliver the data into Influx. Starting with version Read More