Although VMware believes the risk of TPS being used to gather sensitive information is low, we strive to ensure that products ship with default settings that are as secure as possible. For this reason new TPS management options are being introduced and inter-Virtual Machine TPS will no longer be enabled by default in ESXi 5.5, 5.1, 5.0 Updates and inter-Virtual Machine TPS is not enabled by default as of ESXi 6.0. Administrators may revert to the previous behavior if they so wish.
The available Update releases are listed below. For more information on new management capabilities, see Additional Transparent Page Sharing management capabilities and new default settings (2097593).
Details on the additional TPS management capabilities for the ESXi patches are documented in Additional Transparent Page Sharing management capabilities in ESXi 5.5, 5.1, and 5.0 patches in Q4, 2014 (2091682).
How does InstantClone behave when Inter-VM Transparent Page Sharing is disabled?
The InstantClone feature operates identically when Transparent Page Sharing is enabled or disabled. Instant Clone will always generate new VMs sharing physical memory pages with the Source VM.
At the time of creation of a new cloned VM, InstantClone relies on the ability of the generated VM to share pages of the source VM. This One time operation enables rapid creation of Instant Clone VMs, which inherit the exact state of the source VM. Any changes with the source VM pages isn’t visible to the New VM or vice-versa, after the InstantClone operation.
Where can I find more information on Transparent Page Sharing?
For more information on TPS, see Transparent Page Sharing (TPS) in hardware MMU systems (1021095).
Why is VMware disallowing inter-VM TPS in the ESXi Update releases?
Although VMware believes the risk of TPS being used to gather sensitive information is low, we strive to ensure that products ship with default settings that are as secure as possible.
Which ESXi releases will no longer allow inter-VM TPS by default?
ESXi 5.1U3 and future Update releases of ESXi 5.0 and 5.5.
Which ESXi patches will introduce the additional TPS management capabilities?
Where are the additional TPS management capabilities documented?
For more information on additional TPS management capabilities, see Additional Transparent Page Sharing management capabilities in ESXi 5.5, 5.1, and 5.0 patches in Q4, 2014 (2091682) and Additional Transparent Page Sharing management capabilities and new default settings in ESXi 5.5 Update 2d, ESXi 5.1 Update 3 and ESXi 5.0 Update 3d (2097593).
What will happen if TPS at the host level is switched off?
Disabling inter-Virtual Machine TPS may impact performance in environments that rely heavily on memory over-commitment. For more information on memory management techniques, see the ESXi and Virtual Machines section of the Performance Best Practices for VMware vSphere Guide.
Further, certain workloads such as VMware Horizon may achieve higher virtual machine consolidation ratios on ESXi hosts when TPS is enabled. For more information on memory considerations in Horizon environments, see the RAM Sizing Impact on Performance section of the View Architecture Planning Guide .
You should review the level of over-commitment before disabling inter-Virtual Machine TPS. The amount of inter-Virtual Machine TPS can be determined with the resxtop and esxtop command-line utilities. For more information.
How can I prepare for the ESXi Update releases that no longer allow inter-Virtual Machine TPS by default?
VMware recommends monitoring your deployment's use of TPS before making any changes to the settings.
How can inter-VM TPS be re-enabled after deploying the ESXi Update releases?
VMware Knowledge Base article Additional Transparent Page Sharing management capabilities in ESXi 5.5 patch October 16, 2014 and ESXi 5.1 and 5.0 patches in Q4, 2014 (2091682) documents how inter-Virtual Machine TPS can be re-enabled for all Virtual Machines and for groups of Virtual Machines.
What is the risk for information disclosure due to Transparent Page Sharing?
Currently, VMware believes that the risk of information disclosure described in the recent academic papers leveraging TPS between Virtual Machines is very small in real world conditions. The conditions under which the researchers were able to extract AES encryption keys are very specific and are unlikely to be present in a real world deployment.
What did the researchers find?
Published academic papers have demonstrated that by forcing a flush and reload of cache memory, it is possible to measure memory timings to determine an AES encryption key in use on another virtual machine running on the same physical processor of the host server if Transparent Page Sharing is enabled. This technique works only in a highly controlled environment using a non-standard configuration.
Is inter-process side channel leakage a new area of research?
Side channel attacks that exploit information leakage from resources shared between processes running on a common processor is an area of research that has been explored for several years. Although largely theoretical, techniques are continuously improving as researchers build on each other’s work. Although this is not a problem unique to VMware technology, VMware does work with the research community to ensure that the issues are fully understood and to implement mitigation into our products when appropriate.
What is the previously documented way of disabling Transparent Page Sharing that was present in this KB before?
VMware strongly suggests using the new, additional TPS management capabilities to disable TPS. The earlier documented procedure to disable inter-Virtual Machine TPS on ESX\ESXi hosts is as follows:
To disable inter-Virtual Machine TPS on ESX\ESXi hosts:
How can I disable Transparent Page Sharing on ESX\ESXi 4.x?
Use the steps shown in the previous section To disable inter-Virtual Machine TPS on ESX\ESXi hosts:.
What do I need to do if I am using the disable inter-Virtual Machine TPS on ESX\ESXi hosts above?
Prior to enabling salting (for more information, see Additional Transparent Page Sharing management capabilities in ESXi 5.5, 5.1, and 5.0 patches in Q4, 2014 (2091682)), the value of Mem.ShareScanGHz must be set to its default value of 4.