Description

This curriculum spans the full operational lifecycle of server virtualization, equivalent in scope to a multi-workshop technical engagement for designing, securing, and maintaining enterprise virtual infrastructures.

Module 1: Virtualization Architecture and Hypervisor Selection

Evaluate type-1 versus type-2 hypervisors based on performance overhead and security isolation requirements for production workloads.
Compare VMware ESXi, Microsoft Hyper-V, and KVM based on existing infrastructure dependencies and vendor support agreements.
Assess hardware compatibility list (HCL) adherence when selecting hypervisors to avoid driver and firmware conflicts.
Determine CPU virtualization extensions (Intel VT-x, AMD-V) enablement requirements in BIOS/UEFI across server fleets.
Plan for hypervisor licensing models that align with core-based, socket-based, or subscription-based cost structures.
Design host-level partitioning strategies to balance VM density against resource contention risks.

Module 2: Resource Allocation and Performance Optimization

Allocate CPU reservations and limits to prioritize critical applications during peak load periods.
Configure memory overcommitment policies while monitoring ballooning and swapping to prevent performance degradation.
Implement NUMA node alignment for large VMs to reduce cross-socket memory access latency.
Set storage I/O throttling policies to prevent noisy neighbor effects in shared datastore environments.
Monitor and adjust virtual CPU-to-core ratios based on actual workload utilization trends.
Use performance baselines to identify and remediate VM sprawl and underutilized instances.

Module 3: Storage Design and Virtual Machine Provisioning

Select between thick-provisioned and thin-provisioned virtual disks based on storage capacity planning and performance SLAs.
Configure VMFS, NFS, or vSAN datastores with appropriate block sizes and RAID levels for I/O patterns.
Implement storage DRS to automate load balancing and initial placement of VMs across datastores.
Design snapshot retention policies that account for performance impact and backup integration requirements.
Integrate storage multipathing to ensure redundancy and failover for critical VMs.
Plan clone and template workflows to standardize VM deployment while minimizing storage duplication.

Module 4: Network Virtualization and Connectivity Management

Design vSwitch and distributed switch topologies to segment traffic by security zone and performance class.
Configure VLAN tagging at the port group level to maintain network policy consistency across VMs.
Implement NIC teaming with appropriate load balancing and failover policies for physical uplinks.
Allocate network resource pools to guarantee bandwidth for high-priority VMs during congestion.
Integrate virtual firewalls and micro-segmentation policies with NSX or equivalent platforms.
Validate MTU settings across physical and virtual network layers to support jumbo frames where required.

Module 5: High Availability, Fault Tolerance, and Clustering

Configure vSphere HA admission control policies to ensure sufficient failover capacity in the cluster.
Enable VM-level fault tolerance only for stateful applications requiring zero downtime.
Design DRS automation levels to balance workload distribution without excessive VM migrations.
Implement host profiles to standardize configuration across cluster nodes and reduce drift.
Test cluster failover scenarios to validate VM restart priorities and datastore heartbeat resilience.
Monitor host isolation response settings to prevent split-brain conditions during network outages.

Module 6: Backup, Recovery, and Disaster Preparedness

Integrate image-level backup tools with changed block tracking to minimize backup windows.
Validate application-consistent snapshots using VSS or equivalent frameworks for databases.
Test VM restore procedures including full recovery, file-level restore, and cross-site failover.
Configure backup proxy placement to avoid network bottlenecks during data transfer.
Define RPO and RTO targets for VMs and align backup frequency and replication accordingly.
Document and audit backup retention schedules to meet compliance and legal hold requirements.

Module 7: Security Hardening and Compliance Enforcement

Apply hypervisor security baselines from CIS or DISA STIGs to harden ESXi or Hyper-V hosts.
Restrict administrative access to vCenter using role-based access control (RBAC) and SSO integration.
Encrypt VMs at rest using vTPM and VM encryption features for sensitive workloads.
Audit VM creation and configuration changes through logging and SIEM integration.
Isolate management traffic on dedicated VLANs and physical NICs to reduce attack surface.
Enforce secure VM templates with updated OS patches, disabled default accounts, and logging enabled.

Module 8: Monitoring, Capacity Planning, and Lifecycle Management

Deploy monitoring agents or agentless tools to track VM and host-level performance metrics.
Generate capacity forecasts using historical growth trends for CPU, memory, and storage.
Identify candidates for VM retirement or rightsizing based on utilization thresholds.
Standardize VM naming, tagging, and ownership metadata to improve accountability.
Integrate virtualization events with ITSM tools for incident and change management workflows.
Plan hypervisor patching cycles using maintenance mode and rolling upgrades to minimize downtime.