When deploying Windows Server as a hypervisor host for virtual machine workloads there are a variety of best practices that should be put in place. Running Hyper-V on Windows has special considerations when it comes to workload. For example, Virtual Machine Queues and Hyper-V Specific hotfixes. This is blog entry serves as an overview of important checks you should ensure are in place.
Starting with your base operating system you should strongly consider Windows Server Core. Server Core has a much lower attack surface as well as lower resource utilization and reduced patching requirements. This is important when running a VM workload as it frees up additional resources for your virtual machines. And the reduced patching allows for greater availability of tenant workloads.
Additionally, consider running minimal roles and features on your host operating system. IIS for example should never be installed on a host as it uses valuable resources and also increases your attack surface. If your host will be clustered, obviously, Failover Cluster Manager and Multipath I/O will need to be installed to access shared storage. Any Anti-Virus installed on the host should be configured to ignore Hyper-V specific files like VHDs, aVHDs, VHDx and VSV.
Ensure that all of the latest drivers and firmware for your hardware are installed on the host operating system. This is critical because inbox drivers included with Windows are not intended for long term use. Many of the features that Hyper-V takes advantage of on the networking layer require the latest and greatest network card drivers. We have seen outdated drivers and firmware cause reduced performance and instability Hyper-V hosts. Hyper-V adds a layer of complexity which is often times more sensitive to driver and firmware versions.
If you’re clustering Hyper-V, put in place a process to be sure that every single one of your nodes is running the same driver revisions and software updates.