The other week I was telling a co-worker that in most cases using VM snapshots in ESX was evil and should be avoided in all but exceptional circumstances. He gave me this look like I grew a third eye, my ears fell off, and my skin turned green.
I then conveyed to him that using VM snapshots can be very bad. From a security perspective, they can let you ‘go back in time’ and possibly hide tracks of snooping around a system. If you revert an Active Directory server to a prior state, you could end up with very confused and screwed Active Directory server or forest. You could also run out of snapshot disk space, or suffer large performance hits when you delete the snapshot. Features like DRS, vMotion, and backups are also impacted.
After this short conversation, I guess my third eye disappeared, my ears grew back, and my complexion returned to my normal pale white…just like on an infomercial. Today I stumbled on a GREAT, and very lengthy, article on the evils of VM snapshots and their potentially significant performance impacts. Check out Erik Zandboer’s extremely thorough blog post.
I also found very interesting is a comment left by a reader that purports to be a former VMware support professional. According to him most VM performance problems were linked to snapshots.
While I won’t deny snapshots have their use in VERY limited cases, I fear that people over use them and don’t realize the problems they create. We have alarms set in vCenter to alert on snapshots, and have a written policy that snapshots not exceed six hours and can only be used in exceptional circumstances.