When one virtual machine consumes so much of the host resources that other virtual machines on the host cannot perform their intended functions, a Denial of Service (DoS) might occur. To prevent a virtual machine from causing a DoS, use host resource management features such as setting Shares and using resource pools.

By default, all virtual machines on an ESXi host share resources equally. You can use Shares and resource pools to prevent a denial of service attack that causes one virtual machine to consume so much of the host’s resources that other virtual machines on the same host cannot perform their intended functions.

Do not set limits or use resource pools until you fully understand the impact.


  1. Provision each virtual machine with just enough resources (CPU and memory) to function properly.
  2. Use Shares to guarantee resources to critical virtual machines.
  3. Group virtual machines with similar requirements into resource pools.
  4. In each resource pool, leave Shares set to the default to ensure that each virtual machine in the pool receives approximately the same resource priority.
    With this setting, a single virtual machine cannot use more than other virtual machines in the resource pool.

What to do next

See the vSphere Resource Management documentation for information about shares and limits.