Virtualization-based Security

Microsoft VBS, a feature of Windows 10 and Windows Server 2016 operating systems, uses hardware and software virtualization to enhance system security by creating an isolated, hypervisor-restricted, specialized subsystem. Starting with vSphere 6.7 and Virtual Hardware 14, you can enable Microsoft virtualization-based security (VBS) on supported Windows guest operating systems.

VMware engineering made a number of vSphere features and enhancements to performantly support VBS-enabled virtual machines.

To measure the performance of a vSphere 6.7 virtual machine running Windows with VBS enabled, we used HammerDB, which is a benchmarking application. The test simulated 22 virtual users generating an OLTP workload that wrote to a Microsoft SQL Server 2016 database. This workload was like TPC-C.

The testbed included:

  • vSphere 6.7 virtual machine:
    • Microsoft Windows 2016 guest operating system
    • VBS enabled
    • 8 vCPUs
    • 12 GB RAM
    • vSphere 6.7 host
  • 2x E5-2699 v3 @ 2.3 GHz “Haswell” processors

As shown in the following figure, these engineering efforts resulted in a 33% improvement in transactions per minute.

ESXi 6.7 shows a 33% improvement in performance with VBS – higher is better