Test L1TF Mitigations in VDI
Test and predict the performance impact of the mitigations for Intel’s L1 Terminal Fault - L1TF
Today Intel published publicly about a series of new security vulnerabilities named L1 Terminal Fault (L1TF). There are three applications of L1TF speculative execution side-channel cache timing vulnerabilities. To learn more about the speculative execution side-channel method called L1 Terminal Fault (L1TF), and the way the vulnerabilities work, please check out this very clear video by Intel.
Avoid problems when installing L1TF patches
As always security patches may affect the overall performance and scalability of the underlying infrastructure. The application of the mitigations as recommended by Intel may have a negative impact on your environment too. The need to implement the Intel patches for L1 Terminal Fault (L1TF) is no discussion. But you must be prepared to understand the impact they may have, so your business processes will not be disturbed.
Login VSI is the industry standard for VDI performance testing and benchmarking, and is the logical solution to validate the performance impact of security patches such as Meltdown and Spectre and the new L1TF mitigations in your Citrix XenApp, Citrix XenDesktop, VMware Horizon or Microsoft RDS environment.
Vendor tests mention potential performance impact estimations of installing the L1 Terminal Fault (L1TF) patches between 5% to 30%. For example, these are numbers as published by VMware:
Especially the 3rd vulnerability, L1 Terminal Fault-VMM, is relevant here as it is preventing two virtual machines to access the same hardware simultaneously, something that is often done in the industry to gain performance and scalability.
The impact of L1TF on Citrix/VMware/RDS
But the exact impact in your own environment will be very dependent on many factors. The impact is expected to be the biggest in I/O intensive Windows server environments, but will be felt in all Windows centralized environments with a need to offer a good user experience to a larger number of users, such as Citrix XenApp, Citrix XenDesktop, VMware Horizon or Microsoft RDS.
Login VSI to test the impact of L1TF patches
Generating your own objective data is key and is the only way to stay out of trouble. Please see this comment by Patrick Coble, who is a well respected EUC specialist and EUC contributor:
Act now! Test the impact of L1TF patches in your own environment with Login VSI!
Contact Login VSI today to get your copy of Login VSI for Load Testing. This way you will be able to prevent user-experience problems with these patches, and all other changes you will have to make to your Windows-based infrastructure:
- You can get a normal free trial of 20 users / 5 days for free here. If you use the code L1TF we will upgrade this normal trial to a 50 user / 30 day version to help you to get a first impression of the exact impact of these mitigations.
- If you want to be really safe you will need a bigger license. To get pricing for your situation please contact sales here. To get more information please fill out the contact form. In both situations we will contact you as soon as possible.