login vsi company logo login vsi company logo 250x40

 

Get the best possible VDI performance, density and availability with Login VSI
Our Solutions

  • Home
  • Blog
  • Login VSI
  • Testing Meltdown and Spectre patches: RDSH (SBC and XenServer 7.2) using Windows server 2012R2 and Server 2016

Testing Meltdown and Spectre patches: RDSH (SBC and XenServer 7.2) using Windows server 2012R2 and Server 2016

Meltdown and Spectre

After all the news around Meltdown and Spectre it seems things are calming down now. Recent talks are focusing more on next-generation exploits rather than the performance impact.

The Login VSI Meltdown and Spectre emergency edition has been a great success and helped many of our customers, vendors and community friends. I’d like to share some results from our internal performance validation labs where I’ve conducted tests on a large number of operating systems measuring the impact of patches on the OS, Hypervisor and BIOS level. Please keep in mind that this is a lab environment, results will vary on your own systems.

I focused on Windows Server 2012R2 and Windows Server 2016 for these tests and started with a clean image that was optimized for performance using VMware OSOT with every test I added a new layer of patches adding layers of mitigation one at a time.

Meltdown & Spectre

Applied Patches:

ScenarioAdded Patch
Clean Windows Server 2012R2 (Feb 2018 Update),
Windows Server 2016 (Feb 2018 Update)
Microsoft Patch (MS) KB4056898 for Windows Server 2012R2,
KB4056890 for Windows Server 2016
Microsoft & Hypervisor Patch (MS-HV) Adding patch for XenServer 7.2* - XS72E015
Microsoft, Hypervisor and Microcode Patch (MS-HV-MCU) Adding patch for Dell R730 BIOS ver. 2.7.1

* As you can see the results in the blog post are surprising, for this reason we are going to test with XenServer 7.4 to see if the Meltdown and Spectre impact changes, stay tuned for the follow-up.

The results

To be honest I expected the test results to be straightforward, however they are not entirely as I assumed before I started my research. Looking at the graphs it’s easy to see that the Clean test is by far the best performing for RDSH on Windows Server 2012R2, which is to be expected. However, when we look at the other 3 tests we see that once the Microsoft Operating System patch has been applied the performance does not degrade as significantly as we expected.

When we look at the results for Microsoft Windows Server 2016 we see that the patches overall have very limited impact confirming the claim that newer Operating Systems are hit less. The same also goes for more recent hardware, except for the Microcode patch, which seems to have the ‘biggest’ impact. But all in all, it does not seem to have a huge impact.

Of course as always, these tests are done in our lab and results may vary upon testing your own hardware and software combination.

VSImax - Meltdown & Spectre
VSImax Results (higher is better)

VSIbase - Meltdown & Spectre
VSIBase results (lower is better)

Percentile Impact 2012R2 
Windows Server 2012 R2 % Impact (closest to 0 is best)

Percentile Impact - Meltdown & Spectre
Windows Server 2016 % Impact (closest to 0 is best)

Conclusion

As was promised by Microsoft, the Microsoft patch itself seems to have sealed the leak on all levels of the Meltdown and Spectre issues. At least the performance impact seems to support this. As was told in the blogpost written by my colleague Blair we do see that the impact on 2016 is a lot less than we see on 2012R2.

The last few questions that I still have are:

  1. Does the performance impact changes when we change the patch sequence?
  2. Does the HV-MCU combination have the same effect as the Windows Patch, or are they all equal?
  3. How does optimization of the VM influence the test results?

Upcoming

These tests were performed on Citrix XenServer, however they have also been performed on VMware ESX, in my next post I will outline the results from those tests. 

The Lab

Automate, Automate, automate. In our VDILIKEAPRO test lab we have minimized human interaction (and thus error) by making sure all processes are executed fully automatic for example the base images are created using the Microsoft Deployment Toolkit where after PowerShell magic (thanks Henk & Sonny!) takes over and automatically clones the VM’s 6 times on a single host, prepares them for use, and runs 10 automated test cycles results are then averaged ignoring the first run.

All the connections to the target machines are done using RDP protocol. And the default workload, Knowledge worker workload, was used for all tests.

Login VSI VDILIKEAPRO Lab

Physical Infrastructures - Meltdown & Spectre

Virtual Infrastructure - Meltdown & Spectre

Important note: The results in the blogpost are surprising, for this reason will also test with XenServer 7.4 to see if the Meltdown and Spectre performance impact changes significantly changes as we have learned from tests with other hypervisors, stay tuned for the follow-up.

 


 

Start using Login VSI today

Our industry-standard software is built to help you avoid problems, lower costs and improve performance. Request a Quote or get your free Trial below, and benefit from our award-winning services.

Free Price Request  Your Free Trial

 


About the company Login VSI

The company Login VSI provides end-user performance insights for virtualized desktop and server-based computing environments. Enterprise IT departments use flagship product Login VSI (for load testing) and Login PI (for continuity testing) in all phases of their virtual desktop deployment—from planning to deployment to change management—to build and safeguard a good performance, a high availability, and (as a result) a good and consistent end-user experience. For more information about Login VSI or for a free test license contact us.

 

About the author

Tom Willemsen is a Support Engineer at Login VSI and helps customers and gives advice about testing with Login VSI. He loves to travel, read about history, and see different cultures. In his free time, Tom likes to game and watch movies.


Tags: VSImax, Spectre, Meltdown, VSIbase

Popular Blogs

Login VSI Blog - Ongoing Effects CPU Flaws

The Ongoing Effects of Intel CPU Flaws

The Ongoing Effects of Intel CPU Flaws Over the last year, we’ve seen many Intel CPU hardware flaws come to light and when news first broke about Meltdown & Spectre there was a lot of panic: "should we patch?", "What’s the performance impact?", "Can we still rely on this hardware?" Continue Reading
Login VSI Blog - How-To Update, Protect Against RIDL, Fallout MDS Vulnerability

How-To: Update, Protect Against RIDL, Fallout MDS Vulnerability

RIDL & Fallout MDS vulnerabilities, impact on VDI performance & actions to take. FAQs we’re receiving & updates on performance tests executed to patch flaws Intel calls “Microarchitectural Data Sampling (M.D.S.)” aka: Rogue In-Flight Data Load (RIDL), Fallout, ZombieLoad & Store-to-Leak Forwarding. Continue Reading
Login VSI Blog - Teaser Image - A Practical Guide to VDI Change Management - Part 1

A Practical Guide to VDI Change Management

Part 1: IT Change Management in general The first in an 8-part series, this practical guide to VDI Change Management will guide you through the transformation of the IT department from a back-end function into a core competency for every modern organization. Continue Reading
Login VSI - Blog - Login PI Blog Teaser Image - Windows Virtual Desktop: How To Monitor User Experience With Login PI

Windows Virtual Desktop – How to Monitor User Experience?

Microsoft has just announced the public preview of their new Windows Virtual Desktop (WVD) offering at Microsoft Ignite on Tour in Amsterdam today. For those of you who’ve not followed the rumors or the private beta, here’s the outline... Continue Reading
A Practical Guide To VDI Change Management, Part 3

A Practical Guide to VDI Change Management

Part 3: Change Accelerates with Windows 10 The third in an 8-part series, this practical guide to VDI Change Management gives you the low-down on the what, why and how of Windows 10 updates and changes Continue Reading
Login VSI Blog - Teaser Image - A Practical Guide to VDI Change Management - Part 2

A Practical Guide to VDI Change Management

Part 2: Why VDI is very sensitive to change The second in an 8-part series, this practical guide to VDI Change Management highlights the importance of effective Change Management. With all the complexities of VDI environments, any failure can severely impact your business. Continue Reading
Cookie Settings