I received some questions this week around how VMFork (aka Instant Clone) will work when TPS is disabled in the future, already answered some questions in comments but figured this would be easier to google. First of all, I would like to point out that in future versions TPS will not be globally disabled, but rather it will disabled for inter-VM page collapsing. Within the VM though pages will be collapsed as normal and the way it works is that each virtual machine configuration will contain a salt and all virtual machines with the same salt will share pages… However, each virtual machine by default will have a unique salt. Now this is where a VMFork’ed virtual machine will differ in the future.
VMFork’ed virtual machines in the future will share the salt, which means that “VMFork groups” can be considered a security domain and pages will be shared between all of these VMs. In other words, the parent and all of its children have the same salt and will share pages (see sched.mem.pshare.salt). If you have a different parent then pages between those VMFork Groups (both parents and its children) will not be shared.
Justin Adams says
Duncan, can you define a salt please?
John Nicholson. says
Basically something you add that is random so that you can not brute force hash collisions.
Timo Sugliani says
Hi Justin,
This should depict it well: http://en.wikipedia.org/wiki/Salt_(cryptography)
Regards,
Simon Sparks says
How does this relate to Linked Clones deployed by vCloud Director ?
Will all the linked clones and all the shadow copies of the original Virtual Machine / Golden Snapshot share the same salt ?
Duncan Epping says
Have not seen any details about this for vCloud Director based environments.