[Update #3] Field Alert – “Meltdown” and “Spectre” processor vulnerabilities
Posted by ~ Wilco Berger ~ on 04 April 2018 12:35
Field Alert – “Meltdown” and “Spectre” processor vulnerabilities
The “Meltdown” and “Spectre” processor vulnerabilities issue has been extremely complex, as it impacts the performance the operating system and underlying server depending on the specific hardware used (specific CPU model, cache levels, board and more). The situation is further complicated if virtualization is used. In addition the patches issued by the 3rd party vendors have kept on changing and being issued over a prolonged time. As a result we have undertaken, and indeed continue to do so, a significant level of retesting of performance on the various server types we have within our test environments. We have a number of different servers but they cannot represent all variants in the field. The results in effective CPU load have been very variable ranging from small impacts to as much as 20% CPU utilization. During these tests, and from experience from early adopters of the patches in the field, we have not seen any functional issues. However, customer environments and deployments are very variable, and different effects may be seen depending on the deployed system scale and actual load and profile of use.
When we size a system we use profiles that emulate the higher level of likely usage to ensure stability in the busiest of times. In addition we ensure some headroom on CPU usage for environmental and other variations. Few if any customers tend to operate their installed system near these limits in reality. Therefore, for the vast majority of customers we expect no operational impact of deploying the 3rd party patches for these issues. However, as the systems deployed are beyond our control we recommend that the performance and operation of the system is closely monitored after they are applied. We would also recommend assuring there is sufficient excess capacity in terms of CPU utilization before applying the patches. Our solution is designed to scale through various deployment models, the addition of servers, or through the use of more powerful servers. If in the unlikely case that some performance issues arise, additional performance capacity may be required to be added, either through deployment re configuration and/or additional hardware capacity. We continue to support our customers through this very unusual situation and rest assure we will continue to support in line with our standard support policies as customers move to apply any 3rd party patches.
Affected Product Versions