Spectre And Meltdown Security Vulnerabilities
Reading Time: 2 minutes
Spectre And Meltdown Security
Important Update: Spectre And Meltdown Security Vulnerabilities estimated 5-30% performance hit across the board
Global Industry-wide Impact
Over the last week, the IT industry has been advised of new security vulnerabilities that affect all Intel, AMD, ARM and other CPU vendors. Industry information advises these CPUs have a security vulnerability which allows malicious code to be executed by applications to gain access to any data that resides within the CPU and cache.
This includes any data you have entered into browsers, files you have opened, etc which contain any and all levels of information from public to sensitive.
This issue affects all servers, desktops, laptops, thin clients, tablets and phones with Intel, ARM and AMD CPUs. Some CPU types are more affected than others.
The Fix – At What Cost?
These exploits have been known to hardware manufacturers and software vendors for several months and they have been working on delivering a set of security patches that counteract the security vulnerabilities.
Impact On Performance Across The Board
Unfortunately, these patches come with a performance impact which affects all CPUs varying from approx 5% – 30% due to the implementation of additional code added to circumvent the security flaws. The code adds additional IO (Input/ Output) operations to storage media which in turn adds to the performance impact.
What We Are Doing
We are actively working with our hardware and software vendors to review and apply patches to all core infrastructure components that may be affected. Over time we hope that vendors will improve and streamline the patches so some performance is returned but this will be a lengthy process.
What Options Do You Have?
Clients using spinning disk media will be the most affected due to the IO penalty. We recommend if experiencing a significant performance impact that a move to SSD storage media should be considered. Please contact your account manager to discuss costs and options.
All managed services clients subscribing to (vh) managed support services will be contacted to schedule in a time to have kernel patches applied to your core OS (Operating Systems) and have VMs rebooted. Shared hosting clients will be notified of patching and server reboots as per schedule once released.
Self Managed Clients
Clients that self manage VMs and vCloud services will need to execute Kernel patching for Windows and Linux-based systems at your own discretion.
More information can be read at:
Microsoft – Understanding the Performance Impact of Spectre and Meltdown Mitigations on Windows Systems
VMware – Meltdown and Spectre VMware products
VMware – Performance Impact of Meltdown and Spectre Patches
With over 25 years’ experience in the IT industry, Gerardo Altman is a key solutions architect and MD of Velocity Host, with a love for Tetris and complex puzzles of every nature you'll find me hard at work doing what I do best – finding solutions.