[UPDATE #2] Field Alert - "Meltdown" and "Spectre" processor vulnerabilities
Posted by ~ Wilco Berger ~ on 24 January 2018 10:52
Field Alert – “Meltdown” and “Spectre” processor vulnerabilities
Dear Verint customer,
This field alert is an update to the previous alert on the Meltdown” and “Spectre” processor vulnerabilities, as published on January 18th.
Our guidance up to this point was to hold off on patching of all serves running the Verint WFO suite until the majority of 3rd party vendor patching is released and Verint engineering completes the assessment of functional and performance impact. As of now, the majority of patches for OS, CPU and hypervisors are available. Vendors continue to provide fixes to related issues, while some of the previous patches where retracted because of new problems they introduced. The latter is part of why the certification process progresses slowly.
As a first priority our performance tests focused on the recording platforms. The tests conducted by Verint engineering show that CPU utilization of recorder platforms, post patching the vulnerabilities, is higher, compared to similar tests prior to patching. The impact is less than 20% of CPU utilization and was registered on all tested CPU types from the list recommended and supported by Verint.
The following 3rd party patches where certified as part of our recording performance tests:
Taking into account the working profiles of the recorder server and current capacity guidance of 20% CPU utilization growth will not impact recorder capabilities. It is safe to apply the patches on the recorders running on bare metal servers (non-virtualized deployment). The guidance is applicable for all currently supported versions.
Testing on VMWare environments show similar affect to the CPU utilization of the recorders. Properly sized, reserved recorders on VMWare hosts, with no over-provisioning should not experience any issues. Patching of these servers is safe and the same recommendation to monitor performance as for bare metal deployment applies.
IMPORTANT: As the impact on performance may vary depending on the underlying hardware and CPU, Verint strongly recommends monitoring the recording server operation after patch application and have a rollback scenario ready at all times if problems arise.
More updates to follow next week.
Affected Product Versions
Windows 2008 R2, Windows 2012 R2 server