login vsi company logo login vsi company logo 250x40

 

Get the best possible VDI performance, density and availability with Login VSI
Our Solutions

  • Home
  • Blog
  • Login VSI
  • Don’t let your user-experience be a “Spectre” of itself after “Meltdown”

Don’t let your user-experience be a “Spectre” of itself after “Meltdown”

Bust your ghosts not your user experience

The names Spectre and Meltdown invoke feelings of dread in even the most seasoned IT engineer. To those uninitiated, let me get you up-to-speed quickly. Spectre is a vulnerability that takes advantage of “Intel Privilege Escalation and Speculative Execution”, and exposes user memory of an application to another malicious application. This can expose data such as passwords. Meltdown is a vulnerability that takes advantage of “Branch prediction and Speculative Execution”, and exposes kernel memory. A compromised server or client OS running virtualized could gain access to kernel memory of the host exposing all guest data. Both vulnerabilities take advantage of a 20-year-old method of increasing processor performance.

As a result, code will need to be updated to address these vulnerabilities at OS and OEM-manufacturer levels, at the expense of system performance. On their part, Microsoft reluctantly admits that performance will suffer.  “Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance,” wrote Terry Myerson, Executive Vice President for the Windows and Devices group.

According to Geek Wire, these two vulnerabilities can be “mitigated;” the word we’re apparently using to describe this new world in 2018, in which servers lose roughly 10 to 20% performance for several common workloads. This affects not only workloads executed against local, on-site resources but also those utilizing services, such as AWS, Google Public Cloud or Azure.

Don’t let your user-experience be a “Spectre” of itself after “Meltdown”Reader submission @ The Register showing CPU before / after patches

Minimize performance problems by testing patches in advance

Some of our insiders who use Login VSI to validate system performance see a reduction of 5% in user-density after performing Microsoft recommendations. Knowing that the vulnerability wasn’t solved by OS updates alone we also strongly recommend to test the impending hardware vendor firmware / BIOS changes.

To establish how much performance impact the fixes for Spectre and Meltdown will have, you must have something to compare it to. Keep in mind that these patches need to be installed on a number of systems in your environment including server hardware, operating systems, storage subsystems and so on.

Our customers perform tests where they compare a known good solution, or a baseline, with changes that have been made. This gives them the ability to accurately assess the performance impact of that change, which in turn allows them to compensate with more hardware, or further tuning of the applications and OS. The patented methods used by Login VSI provide a quantifiable result for determining the impact of a change in virtual desktop and published application environments.

Login VSI to test the performance impact of planned patches before and after
If you wish to test the changes before pushing them into your production environment, then use Login VSI to put a load, representative of your production users, on the system. This will objectively show how much more CPU will be used as a result of the Spectre or Meltdown patches. It is expected that the end users will incur increased latency to their applications and desktops as a result of the higher CPU utilization.

Login PI to actively monitor the performance impact of unplanned patches and updates
While not recommended, if you are planning on pushing the patches into your production environment to “see how it goes”, then you can rely on Login PI to get accurate feedback of application performance, before and after the patches have been installed. Latency is expected to increase as a result of higher CPU utilization.

Login VSI has started a series of lab tests to objectively quantify the exact performance impact of the different security patches rolled out today, and will keep doing so until the problems are contained. The results of these tests will be available on www.loginvsi.com, and shared on our social media. Keep posted for more news…

Reference materials:

 


 

Start using Login VSI today

Our industry-standard software is built to help you avoid problems, lower costs and improve performance. Request a Quote or get your free Trial below, and benefit from our award-winning services.

Free Price Request  Your Free Trial

 


About the company Login VSI

The company Login VSI provides end-user performance insights for virtualized desktop and server-based computing environments. Enterprise IT departments use flagship product Login VSI (for load testing) and Login PI (for continuity testing) in all phases of their virtual desktop deployment—from planning to deployment to change management—to build and safeguard a good performance, a high availability, and (as a result) a good and consistent end-user experience. For more information about Login VSI or for a free test license contact us.

About the author

Brian is Login VSI’s Support and Services Manager. He is responsible for ensuring operational excellence in supporting and implementing our solutions within customer environments. Having worked in IT consulting for the last 15 years he loves to share field engineering expertise, and customer services management experience with others. In his free time, you will find him blogging or producing vlogs for LinkedIn. His written content is syndicated on Citrixology.


Tags: News, Spectre, Meltdown

Popular Blogs

Login VSI Blog - Ongoing Effects CPU Flaws

The Ongoing Effects of Intel CPU Flaws

The Ongoing Effects of Intel CPU Flaws Over the last year, we’ve seen many Intel CPU hardware flaws come to light and when news first broke about Meltdown & Spectre there was a lot of panic: "should we patch?", "What’s the performance impact?", "Can we still rely on this hardware?" Continue Reading
Login VSI Blog - How-To Update, Protect Against RIDL, Fallout MDS Vulnerability

How-To: Update, Protect Against RIDL, Fallout MDS Vulnerability

RIDL & Fallout MDS vulnerabilities, impact on VDI performance & actions to take. FAQs we’re receiving & updates on performance tests executed to patch flaws Intel calls “Microarchitectural Data Sampling (M.D.S.)” aka: Rogue In-Flight Data Load (RIDL), Fallout, ZombieLoad & Store-to-Leak Forwarding. Continue Reading
Login VSI Blog - Teaser Image - A Practical Guide to VDI Change Management - Part 1

A Practical Guide to VDI Change Management

Part 1: IT Change Management in general The first in an 8-part series, this practical guide to VDI Change Management will guide you through the transformation of the IT department from a back-end function into a core competency for every modern organization. Continue Reading
A Practical Guide To VDI Change Management, Part 3

A Practical Guide to VDI Change Management

Part 3: Change Accelerates with Windows 10 The third in an 8-part series, this practical guide to VDI Change Management gives you the low-down on the what, why and how of Windows 10 updates and changes Continue Reading
Login VSI Blog - Teaser Image - A Practical Guide to VDI Change Management - Part 2

A Practical Guide to VDI Change Management

Part 2: Why VDI is very sensitive to change The second in an 8-part series, this practical guide to VDI Change Management highlights the importance of effective Change Management. With all the complexities of VDI environments, any failure can severely impact your business. Continue Reading
Login AT Express offers Application Compatibility Testing for up to 50 applications for FREE

[Press Release] Login VSI introduces free license for award winning solution, Login AT

Login AT Express offers Application Compatibility Testing for up to 50 applications for FREE Atlanta, USA, May 22, 2019: Login VSI, the industry standard for VDI and SBC performance testing, announced today the availability of a new, free version of Login AT for Bulk Application Compatibility Testing. Continue Reading
Cookie Settings