Sometime in the next three months, replacement hardware for my work Windows 7 system will arrive. I want to set up the new system with W7 running in a VM under Centos. I don't have enough experience to plan all the details and avoid pitfalls. I'd like to get as much as possible right on the first try, so I would appreciate any advice.

The main motivation is the truly vicious anti-virus and anti-malware software that is forced onto all Windows systems here and severely interferes with ordinary work.

The biggest (but far from only) problem is that I need to share the data partition for access from other Windows and Linux systems on our the LAN. The anti-malware software constantly opens and reads files with exclusive access, and programs on other machines trying to access those files get hard failure rather than just stalling until the anti-malware moves on. The anti-malware doesn't seem nearly as vicious about shares mounted and used by the W7 as about shares published by the W7.

So my basic idea is that the data partition will exist on the Centos system, not on a virtual drive given to the W7 VM. The Centos system will publish that partition as a Samba share that will be mounted by the W7 in the VM. So the W7 in the VM will be doing most of its work in a file system that is not in a virtual drive, but is mounted as a share on the virtual network that exists between the host OS and the guest OS. This is the most important part of the plan and the area where performance matters most (that virtual network ought to be faster than a real network). This is where I most need advice and/or warnings about potential pitfalls.

The other systems that need access to that Samba share will get it directly from the Centos system, not from the W7 system, so they will stop having all the random failures they see now. (The existing W7 system has some Samba shares from a Linux fileserver mounted and used. The anti-malware on the W7 does not induce the same random failures on other users of that same share as it induces in the shares published by the W7 system.)

I plan to have one partition on the SSD. That will contain all the Linux software and will contain a moderate size file to use as a virtual hard drive for W7 for all of its installed software. Also the SSD partition will contain a work directory exported as a Samba share for things the W7 might want on SSD but shareable.

The system will have two very large hard drives with a big swap partition on each and a very big data partition on each, joined by RAID 1 into a single data partition and exported by Samba providing most of the space used by the W7 guest.

I also hope to set up a very large tmpfs normally in RAM and spilling on occasion into those two swap partitions. I hope to export the tmpfs as a Samba share, because the W7 has a large need for a good tmp area and W7 doesn't do tmp well. The key to a good tmp area is that short lived files never get their directory entries written to disk. tmpfs does that. Other file systems, even with write behind disk caching still write the directory for creating and deleting short lived files. I hope despite the overhead of Samba access to tmp through the virtual network that this tmp will be faster than a Windows filesystem.

That tmpfs also brings up my RAM question regarding the VM. The hardware will have a massive amount of ram. The Windows system will usually need only a small fraction of that. On rare occasions I want to run something on the W7 that needs almost all the RAM. If I set up the VM with almost all the ram, how do I get W7 to shed most of it when it doesn't really need it (vs. keeping it in stale cache entries) so Centos will have that ram for tmpfs? Alternately, if I set up the VM to have only a fraction of the total RAM, how do I dynamically reconfigure it to have more (right before starting the rare operation that needs it)?

What do you use? I have not seen this problem with VIPRE, which I use, although I do not usually use W7 published shares, just SAMBA on the host and other machines. I wouldn't be surprised if Norton, McAfee or Kaspersky does that though. BitDefender has a good reputation, but I haven't tried it in this context.

Sounds reasonable; I haven't actually tried using one of my SAMBA shares as a data drive. Some Windows programs are not happy with network drives, and sometimes permission issues are a pain with shared files, so setup your SAMBA shares with the appropriate create mask. I suspect the speed will be acceptable, but not nearly as fast as using the drive directly. Ordinary access to network SAMBA drives on the host is usually pretty fast in my experience.

If you use KVM/qemu you can install the virtio drivers including the balloon driver, which I believe is supposed to address this particular issue.

Hope that helps.

So far as I can determine, most of the problem is Bit9 but another big chunk is McAfee.

Lots of programs aren't happy with network paths, but are fine as long as you map the share to a drive letter and then access through that drive letter.

I'm not aware of programs that don't like shares accessed through mapped drive letters. If there are such, I hope those don't wreck my plan.

Figuring out how to use SAMBA at all, is still on my to-do list. The IT person who will be helping has set up a lot of SAMBA shares, and will probably get that right. But since it will be my main compute resource, I need to also know that part myself.

I can't remember which ones tripped over this, but even with mapped drives it occasionally happens. W7 is funny with samba also; by default it uses "homegroups" so you have to change the default network settings to use usernames and passwords.

The IT person here is more experienced with Virtualbox and will use that unless I have very good reason to talk him out of it.

That seems to also have a balloon driver.

The hardware will probably be here in two weeks.

What else should I try to figure out before setting it up?

Is Virtualbox a good choice? If not, why not?

as far as I know virtualbox eats up more resources, and probably slower, otherwise they are more or less same. It depends on what do you want to run inside your vm.