login vsi company logo login vsi company logo 250x40

Testing Meltdown and Spectre patches: VMware ESXI v1

Meltdown and Spectre

In my previous Blogpost about testing Meltdown and Spectre patches, the results focused on XenServer. In this blogpost we are going to talk about ESXI and the performance impact we measured in our labs.

After all the news and hectic around Meltdown and Spectre it seems things are calming down a bit. Recent talks are focusing more on next generation exploits rather than the performance impact. The Login VSI Meltdown and Spectre emergency edition has been a great success and helped many of our customers, vendors and community friends. I’d like to share some results from our internal performance validation labs where I’ve conducted tests on a large number of operating systems measuring the impact of patches on the OS, Hypervisor and BIOS level. Please keep in mind that this is a lab environment, results will vary on your own systems.

I focused on Windows Server 2012R2 and Windows Server 2016 for these tests and started with a clean image that was optimized for performance with VMware OSOT. With every test I added a new layer of patches, adding the layers of mitigation one at a time.

Meltdown & Spectre

Applied Patches:

ScenarioAdded Patch
Clean Windows 2012R2 feb. 2018 updates / Windows Server 2016 (Update feb 2018)
Microsoft Patch (MS) KB4056898 for 2012R2, KB4056890 for 2016
Microsoft & Hypervisor Patch (MS-HV) ESXi650-201803001 (52456)
Microsoft, Hypervisor and Microcode Patch (MS-HV-MCU) Dell R730 Bios ver. 2.7.1

The results

When we look at the results for Microsoft Server 2016 we see that the results are like the 2012R2 tests. But the impact is just slightly less (about 15-20%).

Of course as always, these tests are done in our lab and results may vary upon testing your own hardware and software combination.

VSIMax VMware
VSImax Results, higher is better

VSIBase VMware
VSIBase results, lower is better

Percentile Impact 2016 VMware
2016 % Impact closest to 0 is best

Conclusion

We’ve learned that Hypervisors react different to Meltdown and Spectre, versions, vendors and the order of patching will have an impact on how performance is affected. Its therefore recommended to run simulations in your own environment as mileage will vary. In the blogpost written by my colleague Blair we do see that the impact on Server 2016 is less than we see on Server 2012R2.

This raises again a number of new questions:

  1. Which level of the Meltdown and Spectre patches impact the ESXI hypervisor the most?
  2. How does optimization of the VM influence the test results?
  3. How do other hypervisors behave after implementing the Meltdown and Spectre patches?

What’s next

These tests were performed with Windows Server operating systems. I am currently switching focus to Client operating systems namely Windows 10 and Windows 7 to see what kind of impact we can deduce here.   

About the Lab used for these tests

Automate, automate, automate. In our VDILIKEAPRO test lab we have minimized human interaction (and thus error) by making sure all processes are executed fully automatic. For example the base images are created using the Microsoft Deployment Toolkit where as a next step PowerShell magic (thanks Henk & Sonny!) takes over and automatically clones the VM’s 6 times on a single host, prepares them for use, and runs 10 automated test cycles. Results are then averaged ignoring the first run.

All the connections to the target machines are done using the RDP protocol. And the Login VSI default workload for this type of testing, the Knowledge Worker workload, was used for all tests.

VDILIKEAPRO Laboratories

Physical Virtual Infrastructure

 


 

Start using Login VSI today

Our industry-standard software is built to help you avoid problems, lower costs and improve performance. Request a Quote or get your (free!) Trial below, and benefit from our award-winning services.

 

Request a Quote  Request a Trial

 

 


 

About the author

Tom Willemsen is a Support Engineer at Login VSI and helps customers and gives advice about testing with Login VSI. He loves to travel, read about history, and see different cultures. In his free time, Tom likes to game and watch movies.


Tags: VSImax, Spectre, Meltdown, VSIbase

Popular Blogs

login-vsi-vdi-performance-summit

The VDI Performance Summit - Virtual Conference and Expo

Visit the VDI Performance Summit to gain knowledge and experience about performance and tuning VDI, improving End-User Experience and IT service. Join us at the ONLY virtual event 100% dedicated to VDI performance and tuning | May 2, 2019 This 1-day event offers key-notes presented by the best VDI performance experts in the world, technical and business oriented breakout sessions, the possibility to chat with experts directly to discuss your own situation, and a virtual exhibit hall featuring… Continue Reading

Scalability testing Parallels Remote Application Server with Login VSI

Recently I went to VMworld in Barcelona where Login VSI had a booth on the expo... While I can’t remember exactly how many conversations I had - there had been so many that I lost my voice on day one. What was new this year is that quite a few people asked if our software is compatible with the solutions from Parallels specifically their Remote Application Server (RAS) (Datasheet). Continue Reading
Login VSI Blog Article - Microsoft Windows 10 Default FTA Associations - Teaser Image

Windows 10 Default File Type Associations and Login VSI

When Login VSI 4.1 was released, the majority of desktops were running Windows 7 and life was easy. We’d set the default filetype for an application and it would simply work. The default and industry standard workloads in Login VSI include launching and using Adobe Reader as part of the virtual user simulation. Because Login VSI doesn’t always know which version of Adobe Reader is installed, or where it’s installed, the workload relies on the file type association (FTA) for .pdf documents to be… Continue Reading
Login VSI - Press Release - IGEL - Login VSI Partner to Optimize End User Computing Experience Image

[Press Release] IGEL Partners with Login VSI to Optimize the End User Computing Experience

Login PI enables organizations to better protect the performance and availability of their IGEL OS-powered virtual desktop environments San Francisco, USA, Feb. 6, 2019: IGEL, a world leader in software-defined endpoint optimization and control solutions for the secure enterprise, today announced that it is partnering with Login VSI, provider of software solutions to test and actively monitor the performance and availability of virtual desktop environments, including VDI and… Continue Reading
Login VSI - Blog - Login PI Blog Teaser Image - Windows Virtual Desktop: How To Monitor User Experience With Login PI

Windows Virtual Desktop – How to Monitor User Experience?

Microsoft has just announced the public preview of their new Windows Virtual Desktop (WVD) offering at Microsoft Ignite on Tour in Amsterdam today. For those of you who’ve not followed the rumors or the private beta, here’s the outline... Continue Reading
Investigating Online Application Performance with Login PI

Investigating Online Application Performance with Login PI

As many companies do, we use a CRM system. Recently, I have been getting complaints about our cloud CRM system, Microsoft Dynamics, being slow. I tried to investigate this by shadowing one of our users to see what was wrong. As expected, everything was fast. 15 minutes later, the same user reported slowness again. How could I investigate this without bothering the users? Continue Reading
Cookie Settings