What should we be doing about Spectre & Meltdown?

What are they?

Spectre and Meltdown are different variants of the same fundamental underlying vulnerability that affects nearly every computer chip manufactured in the last 20 years.  Hackers can use them to gain access to data previously considered completely protected. Security researchers discovered the flaws late in 2017 and made their findings public in early 2018.

Technically, there are three variations on the vulnerability, each given its own CVE number; two of those variants are grouped together as Spectre and the third is dubbed Meltdown.

All the variants of this underlying vulnerability involve malicious programs accessing data that they shouldn’t, they do this by exploiting two important techniques used to speed up computer chips, called speculative execution and caching.

 

How do I protect my systems?

For the most part, major companies like Google, Microsoft and Apple were able to get out ahead of these vulnerabilities before they were publicly announced. Apple released patches with macOS 10.13.12 and iOS 11.2 back in December. Earlier this month, Apple also patched its Safari browser with a new update. So as long as you’re running the latest Apple software you should be safe.

cpu-close-up.jpeg

Microsoft Patch advice: https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown

 

So, I just apply the patch and continue with my day, right?

Well, that would be great.  But Microsoft’s efforts haven’t gone as smoothly as they’d like.  They were actually forced to recall some versions of the patch, including the AMD chip one, after they stopped some machines from working.

If you do manage to apply the patch without failures, testing has revealed reductions in performance after patches have been applied.  I/O intensive workloads see the most significant performance drop, and these drops are the sort that end users will notice.  Reports suggest that the impact on Windows 10 is less than Windows 7 or 8.1, so if you've already upgraded, congratulations!

 

Virtual Desktops

Virtual Desktop environments will be impacted by this sudden reduction in performance as hardware and compute resource is often sized very accurately and density is maximised to ensure an acceptable cost per user.  Imagine losing 20 – 30% of your capacity overnight across your whole farm!

Rolling out these patches are essential to protect your environment, so what can be done to identify the impact and mitigate it?

 

Login VSI Emergency Edition

Login VSI is the industry standard for VDI performance testing and bench-marking, and is the logical solution to objectively validate the performance impact of the Meltdown and Spectre security patches in your Citrix XenApp, Citrix XenDesktop, VMware Horizon or Microsoft RDS environment.

Login VSI indices VSIbase and VSImax offer a widely accepted, and very objective, insight in the baseline performance and scalability of centralized desktop systems, before and after software (or other) changes are made. Applying these tests before and after the implementation of your Meltdown and Spectre patches will provide you with the data to make timely decisions about the need to scale up hardware, or otherwise fine-tune your systems. Don’t let possible performance problems caused by these security patches affect your real end-users or cause costly business disruptions.

A free version of the VDI performance testing software has been announced.  This Emergency Edition will be free for all end-user organizations looking to test the performance impact of Meltdown and Spectre security patches, and will be valid until March 31, 2018. This license offers unlimited users, unlimited locations and includes all standard workloads.

Beeso IT are committed to VDI performance and security, our consultants can work with you to deploy the Emergency Edition.  Get in touch to obtain your free copy of Login VSI today!

Daniel Beeson