X hits on this document





33 / 62


Performance impact

Volume encryption with any technology adds a small overhead to the server. There is no official document on this subject, but testing by the Product Group shows worst case 8%, and usually between 3-5% hits on performance once BitLocker is turned on. Test performance metrics before and after adding BitLocker and enabling volume encryption.

Administrative Rights Delegation When a single physical server is configured to support multiple operating system

instances, the question of who is granted administrative privileges to which instances becomes important in the context of securing the Hyper-V environment.

Authorization Manager (Azman.msc) is part of the Windows Role-Based Access Control (RBAC) Framework. It is used to delegate administrative rights so that users can perform designated tasks (operations) based on role definitions and

assignments. The default scope allows only members of the administrators group the right to create and control virtual machines.


If Microsoft® System Center Virtual Machine Manager is being used, any Authorization needs to be configured from within the Virtual Machine Manager console rather than using AzMan.

These are the main AzMan concepts:

  • Scope: A collection of similar resources which will share the same authorization policy, for instance, a virtual machine or a virtual network.

  • Role: A job category or responsibility. Examples: Administrators; Self- Service Users (in Virtual Machine Manager)

  • Task: A collection of operations or other tasks. Examples: Manage Hyper- V server settings, Create virtual machines.

    • o

      Operation: Operations are sub-components of tasks, or can be assigned to a role individually. An operation is an action that a user can perform. Examples: ―Start virtual machine‖; ―Stop virtual machine‖. Grouping operations creates a task, and the task permits the role to perform specific administrative functions.

Document info
Document views136
Page views136
Page last viewedThu Oct 27 19:56:01 UTC 2016