When it comes to both Meltdown and Spectre, the question you should be asking yourself is not if you are affected or at risk – because you most likely are. The question you should be asking yourself is what do I need to do and how does it impact the performance of my server/desktop farm?! Whether it’s virtual or physical, Microsoft, VMware or Citrix based, desktop or server, it doesn’t matter, all need to be looked after.
Scroll down a few paragraphs if you are familiar with what is going on regarding Meltdown and Spectre and are wondering how Liquidware can help.
Here’s (in short) what is going on
Both Meltdown and Spectre exploit critical vulnerabilities in modern day processors. You’ve heard of these, right? It’s where all the magic happens. These hardware vulnerabilities allow programs to steal data which is being processed on the computer and might include things like emails, documents (of all sorts), chat messages and even personal passwords. Meltdown and Spectre threaten laptops, desktops, servers (cloud included) and diverse mobile devices – on-prem and in the cloud.
Almost every Intel processor released since 1995 is affected, with a couple of exceptions here and there. And while it isn’t directly clear if and how Meltdown affects AMD processors (chances are it might), Spectre clearly does. Of course, there’s a bit more to it, but this gives you at least a high-level perspective on what is going on.
Luckily software patches and firmware updates have been released for Windows, Linux as well as MacOS, iOS, Android and Chrome OS. If you do a quick google on your platform of choice you’ll be set within seconds. Though chances are that your systems have already been patched, at least I hope they are.
The good and the bad
Obviously, the software patches and Firmware updates being released are ‘ the good’, or at least that’s the though, with both vulnerabilities being ‘the bad’. Unfortunately, there is a bit more to it. For one, all patches and updates, never mind the underlying OS, come with a certain degree of performance degradation, not to be underestimated.
Secondly, since the impact is of such huge magnitude, Intel, Microsoft, and others have been forced to come out with security patches as quickly as possible. This has already led to various issues like machines constantly being rebooted, crashes after (re) boot, or as mentioned, decrease in overall performance – all this applies to both the software patches as well as the firmware updates, Intel and AMD professors, old and new (er) generations.
NOTE: Do not let this stop you from patching your machines! Absolutely DO APPLY the patches, fixes and firmware updates needed/applicable. It too big of a security risk.
Of course, it’s still early but throughout the last couple of days various statements have been made and numbers have been published with regard to performance degradation caused by the Meltdown and Spectre ‘fixes’. By both the companies involved as well multiple ‘community’ folks doing tests of their own. The results vary greatly and as it stands today providing exact numbers is near to impossible, there are simply too many variables and dependencies.
The results so far
While generally, desktops will be less affected (performance wise) than server systems, the numbers/percentages mentioned greatly differ. It also depends on the type of processor used, is it a single or dual socket CPU, a Xeon or a Broadwell, which year was it produced, and so on and so forth. Also, the type of workload will greatly influence the outcome of the benchmarks being run – for example, does an application interact with the kernel or not. In short, the numbers will be (very) different for everyone.
I have read about CPU utilization going up as much as 25 to 30% and overall performance drops of around 20% and all sorts of combinations and numbers in between.
The bottom line is, for most companies this can be devastating to production environments. You can run fewer machines on your virtualization hosts, fewer users on your XenApp, RDS, VMware multi-user server-machines and workloads on single user machines (virtual and physical) will potentially suffer as well.
We can help
With Stratusphere UX we are uniquely capable of capturing detailed information about all users, all machines and all of your applications all the time, showing you exactly what is going on within your infrastructure – all of the time!
We offer time-based metrics for both in-guest metrics as well as for the supporting infrastructure. The best thing is we support physical, virtual, on-prem, cloud, Microsoft, Citrix VMware, single user, multi-user, for Windows, Linux, Mac, and so on. You could say that performance and benchmark testing is in our DNA.
Avoid a needle in the haystack approach
By using Stratusphere UX you will get direct insights showing you which systems and workloads (applications) are impacted most severely after the Meltdown and Spectre patches and/or upgrades have been applied.
This will help you to efficiently and effectively (re) size, or perhaps (re) order your infrastructure where and when needed – this isn’t the time to guess – keeping your company and users productive (and happy). We’ll provide metrics on all I/O traffic, storage and network related, all resources consumed by all machines, applications, and users while at the same time quantifying and monitoring the overall user experience. We go way beyond traditional application performance monitoring.
Combine this with pro-active alerting and the ability to present all information gathered in clear reports (an API is available as well) and you’ll never need anything else. Do mind that there already is talk of new vulnerabilities coming our way, they’re named Skyfall and Solace (and who knows what is next). The time to act is now.
Let’s get the ball rolling
We are more than happy to support you in any way possible and go over the options we have in helping you solve whatever issue you might have related to Meltdown, Spectre or otherwise. It goes without saying that the above is only one of many use-cases where Stratusphere UX can help.
