Virtualization design guidelines for Security Center - When designing a virtual environment for Security Center, follow these best practices to ensure the system is correctly dimensioned for your needs. - Security Center 5.13

Security Center System Requirements Guide 5.13
Product
Security Center
Content type
System requirements
Version
5.13
ft:locale
en-US
Last updated
2025-09-25

When designing a virtual environment for Security Center, follow these best practices to ensure the system is correctly dimensioned for your needs.

IMPORTANT: Contact your Systems Engineer if your system does not follow the virtualization design guidelines.

Virtualization performance

Virtual machines have a slight decrease in performance compared to physical hardware. The performance loss due to virtualization is typically under 20% of the overall machine performance, but it can vary depending on the selected hardware and hypervisor configuration.

For more information about Archiver virtualization performance, see Archiver Redundancy Performance in Security Center.

Virtualization decisions must also account for modular infrastructure, where multiple server modules are hosted inside a chassis and share network interfaces, power supplies, and cooling systems. Resource contention or a failure in one component can affect multiple servers in that environment.

The image below shows a Dell PowerEdge Modular Infrastructure as an example of a server chassis with seven server modules.
A Dell PowerEdge Modular Infrastructure with seven server modules.

The following recommendations are based on internal testing and field experience to minimize performance impact. Most recommendations focus on how virtual machines (VMs) are distributed across server modules. We only mention the server chassis when a guideline is written explicitly for the module infrastructure.

Provisioning

Virtual Machine (VM)
  • Do not exceed six total VMs per server module, with a maximum of four video-intensive VMs per server module.

    Video-intensive VMs run the Archiver, Auxiliary Archiver, Media Gateway, KiwiVision Analyzer, or KiwiVision Privacy Protector role.

  • You must install Security Center on a dedicated server module. Do not share any server module running Genetec™ VMs with non-Genetec VMs.
  • Monitor VM performance for signs of CPU scheduling delays.

    If your platform reports CPU wait time (or CPU Ready), ensure it remains at or below 50 ms (or 5%) to avoid performance degradation. For more information on VM performance metrics, see CPU ready and its role in VM performance.

Virtual CPU (vCPU)
  • When assigning vCPUs, ensure you assign only complete logical cores from the same physical CPU. Never split hyperthreaded vCPUs between multiple VMs by assigning vCPU core 0 to one VM and vCPU core 1 to another.
  • If you want to run fault-tolerant VMs, you must understand the hardware limits of this setup. Fault-tolerant VMs typically do not support transferring more than four vCPUs, even if you assign more to the VM. For example, if you assign 8 vCPUs to a fault-tolerant VM, only 4 will be transferred during a failure. For information about fault-tolerant configuration, see your VM manuals.
  • If you are not running fault-tolerant VMs, we recommend assigning 8 or more vCPUs per VM.
Memory
  • Assign at least 16 GB of RAM to each VM.
  • Keep 16 GB of RAM unallocated for the hypervisor.
  • The total amount of memory allocated to the VMs and the hypervisor must not exceed the total amount of physical memory available from the server module.
Storage
Storage configurations depend on the hardware vendor’s best practices and the system environment.
For operating systems:
  • Install Microsoft Windows and Microsoft SQL databases on a dedicated, high-performance drive, typically an SSD or a Storage Area Network (SAN) with SSD or hybrid storage.
  • Do not use the operating system (OS) drive for archived video.
  • Make the OS partition at least 120 GB.
For archived video: Configure Archiver video disks using one of the following methods:
  • A data store (VMDK, VHD, or SMB Shares)
  • Raw Device Mapping (RDM) for Fiber Channel
  • In-Guest iSCSI
NOTE: Other configurations might result in degraded performance.
Network
  • If you create virtual network adapters, do not rely on the link speed reported by Windows. Measure actual bandwidth to determine performance.
  • Send video traffic on a different VLAN or subnet than storage traffic.
  • Preferred connectivity for Genetec VMs is 10 GbE or greater.
  • Where only 1 GbE connectivity is available, assign one dedicated 1 GbE connection per VM for video traffic.
NOTE: Alternate network configurations might send multicast traffic to all hosted VMs simultaneously. Depending on the server module or its configuration, this might affect overall performance.
High availability (Security Center failover)
  • Do not assign VMs hosted on the same physical server as primary and secondary (failover) servers of the same Security Center role.
  • Use dedicated resources on the server chassis for Genetec™ VMs to avoid resource contention. When setting up failover, use a second server chassis to house the failover server modules for Security Center roles. This way, you avoid complete system outages caused by server chassis failures.

VM operations

System snapshots
Capture system snapshots during scheduled maintenance periods. These operations freeze input/output (I/O) for the duration of the process and can lead to issues such as disconnections and packet loss.
Live migration
For the same reason, we do not recommend dynamic load balancing. A live VM migration freezes I/O and can cause similar disconnections and packet loss.

Security Center

Archiver
When provisioning multiple archiving VMs on a server module, don't exceed the following data transmission rates:
  • 300 Mbps for incoming and outgoing video on each VM.
  • 1,200 Mbps for incoming video and outgoing playback on each server module.
Directory
Use static MAC addresses when installing a Directory on a VM. Changing this value invalidates the system license.