Volume encryption with any technology adds a small overhead to the server. There is no official document on this subject, but testing by the Product Group shows worst case 8%, and usually between 3-5% hits on performance once BitLocker is turned on. Test performance metrics before and after adding BitLocker and enabling volume encryption.
Administrative Rights Delegation When a single physical server is configured to support multiple operating system
instances, the question of who is granted administrative privileges to which instances becomes important in the context of securing the Hyper-V environment.
Authorization Manager (Azman.msc) is part of the Windows Role-Based Access Control (RBAC) Framework. It is used to delegate administrative rights so that users can perform designated tasks (operations) based on role definitions and
assignments. The default scope allows only members of the administrators group the right to create and control virtual machines.
If Microsoft® System Center Virtual Machine Manager is being used, any Authorization needs to be configured from within the Virtual Machine Manager console rather than using AzMan.
These are the main AzMan concepts:
Scope: A collection of similar resources which will share the same authorization policy, for instance, a virtual machine or a virtual network.
Role: A job category or responsibility. Examples: Administrators; Self- Service Users (in Virtual Machine Manager)
Task: A collection of operations or other tasks. Examples: Manage Hyper- V server settings, Create virtual machines.
Operation: Operations are sub-components of tasks, or can be assigned to a role individually. An operation is an action that a user can perform. Examples: ―Start virtual machine‖; ―Stop virtual machine‖. Grouping operations creates a task, and the task permits the role to perform specific administrative functions.