login vsi company logo login vsi company logo 250x40

The Ongoing Effects of Intel CPU Flaws

The Ongoing Effects of Intel CPU Flaws

Over the last year, we’ve seen many Intel CPU hardware flaws come to light and when news first broke about Meltdown & Spectre there was a lot of panic: "should we patch?", "What’s the performance impact?", "Can we still rely on this hardware?"

Since then, there have been multiple research teams that have uncovered other practical ways to make the CPU leak secrets that it really shouldn’t. While these flaws are hard to exploit in practice, I do recommend you consult your security advisor before taking any decisions based on performance research we’ve done as we focus on performance, not security... What’s interesting to see is that with L1TF and the latest Intel MDS problems my typical customer does not seem to care that much anymore. “What are we going to do about it?” is something I regularly hear.

In a recent study by VDI Like a Pro we’ve surveyed +200 IT-Admins with questions just regarding performance (in preparations for the VDIPerformanceSummit.com). What shocked us are two things:

  • The number of people that have patched, but don’t know what the impact is
  • The number of people where the impact on their environment was +10%

Login VSI Blog - Ongoing Effects CPU Flaws

Especially around the latter, I don’t typically encounter a lot of VDI environments that have +10% spare capacity just laying around. Having said that, you might not have to enable all mitigations or even disable hyperthreading, but you are not always in control. For many organizations VDI is just one part of their ecosystem and “somebody else” is managing the hypervisor/storage, or you might be in somebody else’s data center (cloud!) altogether.

What’s interesting to note that these problems are not only impacting Windows via regular windows update but also your hypervisor, storage systems and likely even some of your application backends. Its therefore extremely hard to assume these numbers are also valid for your environment and testing in your own environment is therefore advised. When running a typical VDI environment on-prem I recommend starting out with Login VSI for capacity planning & load testing, or otherwise if you are in the cloud you could also consider using Login PI to spot when the cloud provider has done the update (they are likely only going to tell you after the fact, making sure not to expose themselves to 0-day leaks).

So, what are the most important variables when it comes to calculating the performance impact of Intel MDS?

  • CPU Architecture
  • Operating system version
  • Hypervisor version
  • Applications (CPU, or IO intense)
  • Type of storage e.g. all-flash, hybrid or HDD

Login VSI Blog - Ongoing Effects CPU Flaws

The typical bottleneck for most of my customers is CPU, and while a large part of that is consumed by the operating system, most performance problems they report however come from applications. It’s therefore important you use either Login VSI or Login PI to validate the outcomes of patching in your own environment to stay out of trouble.

Login VSI Blog -

Without knowing exactly what your environment looks like and based on testing we’ve done over the last 1.5 years. Often together with vendors that release these patches to you, these are the predicted loss in scalability numbers. Again, there are many variables, these tests were conducted on our Cisco HyperFlex system with Broadwell CPU’s and full flash storage and Windows 10 virtual machines. If you are still running your VDI’s on traditional storage systems take special note, because these patches don’t just impact the CPU, something many people overlook.

Login VSI Blog - Ongoing Effects CPU Flaws

One of the important things I’ve learned over the last year is that keeping the performance of your VDI environment great is not a one-time action. Ideally, you consider performance tests as a standard part of your change management process where only if a change is good for performance it can pass through the organization.

I highly recommend you read our articles on Change Management and register for our next webinar: Change Management – How VDI testing helps to protect business continuity.

VDI Like a Pro data also shows that the average IT-Admin is spending an ever-increasing time per month on performance problems, so if you want to stay ahead: Test! It’s that simple.

Login VSI Blog - Ongoing Effects CPU Flaws

To show you what that means in real life, here’s a snapshot of monitoring data with random selections from multiple days received from a customer that decided to upgrade and patch for Intel MDS on the morning of the 21st. Not only was their scalability severely impacted, the logon times nearly doubled. Needless to say, nobody wants this to happen in their environment.

Where can I find more information?

Or watch a recap of all this information in our latest webinar on Intel MDS patches:

You can learn more about this webinar HERE.

 


 

Start using Login VSI today

Our industry-standard software is built to help you avoid problems, lower costs and improve performance. Request a Quote or get your free Trial below, and benefit from our award-winning services.

Free Price Request  Your Free Trial

 


About the company Login VSI

The company Login VSI provides end-user performance insights for virtualized desktop and server-based computing environments. Enterprise IT departments use flagship product Login VSI (for load testing) and Login PI (for continuity testing) in all phases of their virtual desktop deployment—from planning to deployment to change management—to build and safeguard a good performance, a high availability, and (as a result) a good and consistent end-user experience. For more information about Login VSI or for a free test license contact us.

About the author

Mark Plettenberg (@markplettenberg) is a product manager of Login VSI and has played a critical role in the development and growth of Login VSI. Ask Mark about motorcycle mechanics and breaking/repairing anything and everything that has a power plug.


Tags: #VDILIKEAPRO, Spectre, Meltdown, VDIenvironments, Blog, MDS, L1TF, Security

Popular Blogs

Windows Virtual Desktop - Update - December 2019

Windows Virtual Desktop Enhanced in the Latest Update

A lot has already been written about WVD in the last months. And while I had my initial concerns on this service many people are suggesting that they are willing to move to a platform like WVD in the next two years. Continue Reading
Login VSI - Press Release - Login VSI Releases Login Enterprise 4.0

[Press Release] Login VSI Releases Login Enterprise 4.0

Login VSI Releases Login Enterprise 4.0 New Application Load Testing Functionality Maximizes End-User Experience Continue Reading
[Press Release] IGEL Expands Alliance with Login VSI; Integrates Login Enterprise into IGEL OS 11.03

[Press Release] IGEL Expands Alliance with Login VSI

Integrating Login Enterprise into IGEL OS 11.03 The combined solution enables IT organizations to leverage their IGEL infrastructure to continuously test the performance and availability of virtual and cloud workspaces. Continue Reading
Login VSI and Ymor Form Partnership to Deliver Performance Improvement to Business-Critical Applications

[Press Release] Login VSI and Ymor Form Partnership to Deliver Performance Improvement to Business-Critical Applications

The partnership offers a total solution for enterprise organizations to monitor and test business-critical applications from end-to-end via VDI or in the Cloud. Ymor offers various monitoring solutions, used to test and monitor the performance of critical business chains from end-to-end. In VDI environments, Ymor can now offer the monitoring solutions of Login VSI. Continue Reading
Login VSI - Validating Your Remote Infrastructure at Scale - Man at Desk

Enabling Your Remote Workforce

Given recent global events, a majority of my users may need to work remotely. Many of our customers have been asking us if we can help them test the user-experience for their remote workforce, as well as the infrastructure that delivers it. We have seen requests range from the quality of the remote user-experience to the ability of their VPN to handle the throughput of a large volume of concurrent connections. Continue Reading
Login VSI Releases Login Enterprise 4.1

[Press Release] Login VSI Releases Login Enterprise 4.1

Login VSI Releases Login Enterprise 4.1 Comprehensive Testing Platform Ensures Business Continuity Continue Reading