VMworld has come and gone; the leaves have turned and fallen. It is at this time of the year that many of us turn our eyes, and calendars, toward the New Year for project planning. In this article, we are going to discuss some important upcoming changes to a vSphere feature called Transparent Page Sharing (or TPS).
What is Transparent Page Sharing (TPS)?
Before we can talk about what is changing and how it might impact your environment, let us review what Transparent Page Sharing does.
TPS is a memory management technology built into the vSphere kernel. Your ESXi hosts (without any outside configuration or management) use this technique to allow you to run as many virtual machines on a host as possible, by looking for duplicate pages in the memory stack of virtual machines. If it detects that two or more VMs have identical pages, it discards the duplicate(s) and shares that single page of memory among the VMs (using pointers). If a VM makes a change to a memory page (making it unique), TPS will write that memory to a new page and updates the pointer for the VM. This has the effect of allowing a host to overcommit memory. The host may have allocated more RAM to virtual machines than is actually available. Consider the VMs running in your environment. How many of them are running the same OS or applications? This will likely result in many pages of memory that are the same and will not change.
How is Transparent Page Sharing changing?
A short while ago, VMware acknowledged an academic research project that was able to use Transparent Page Sharing to gain unauthorized access to data (KB2080735). It is important to understand that this was possible in an academic setting with a few highly controlled conditions that are not likely to exist in a production environment. However, out of an abundance of caution, VMware has decided to make the next release of ESXI (presumably vSphere 6) ship with Transparent Page Sharing disabled.
This does not mean that Transparent Page Sharing is “bad” or “shouldn’t ever be used”. On the contrary, VMware has decided to ship their product with a “secure by default” mentality, and allow their customers to choose what settings are best for them.
VMware has also built some TPS management capabilities into ESXi 5.1 and later. These new controls were delivered in ESXi patches (KB 2091682) that came out in Q4. You now have three choices:
- Leave TPS enabled – This is the default for ESXi 5.1 & 5.5.
- Disable TPS entirely – This is the default for ESXi 6.
- Choose which VMs are able to use TPS – This is done by a technique VMware calls “salting”. All VMs using the same salt value will be able to use TPS – allowing you to choose which VMs can use this feature.
How will this change affect my environment?
If you upgrade to vSphere 6 (or use the patches and settings described earlier to disable TPS), your ESXi host memory utilization could increase. In some environments this may have no net impact. In cases where host memory utilization is already high this could lead to poor performance. Before planning your upgrade, you need to review your environment to see if you might need to add additional capacity.
One place to start is by reviewing the performance of your ESXi host(s). On the performance tab, switch to the memory chart and add the Shared memory metric. If this number is above zero – your environment is currently taking advantage of TPS.