Meltdown and Spectre: What is the Impact on Your SharePoint Farm Performance?

Meltdown and Spectre are two recently discovered CPU bugs that have caused a fair amount of panic over the last few months. The reason for the commotion lays in the fact that they are widespread and that they put millions of machines in harm's way.

What are Meltdown and Spectre?

Meltdown and Spectre are bugs that are present in every CPU manufactured in the last 20 years. These vulnerabilities can be exploited by attackers to gain access to data that you thought was secure. Interestingly, Meltdown and Spectre were discovered by three different teams independently.

 What is the danger? 

Any device that is using an affected CPU be it in a phone or in  a PC can be attacked. Malicious code can exploit the vulnerability of CPUs to access information across software applications. These attacks can extend into web browsers where malicious JavaScript code deployed through a webpage or even an ad may be able to access any information contained in the same physical system. Consider the following scenario: your webpage is, a part of Google AdSense network that displays ads to visitors to your site. An attacker can put malicious JavaScript code into one of the ads hosted on your page, which is bad enough, but the problem is made worse by the fact that this malicious code might not only infect your system but all the servers that share resources with it. Today most environments are structured so that  multiple servers share resources (for example, cloud services or remote desktop services). This vulnerability might mean that someone would be able to access information across virtual machines.

 What resources are at the greatest risk?

Cloud services are at risk because they use virtualization. The main benefit of virtualization is the same thing that puts it at risk from s Meltdown attack. A large number of virtual machines use the same CPU, and if malicious code from one machine affects the CPU, it can potentially “jump” from that machine, to another.

Remote Desktop Session Host servers are also very vulnerable. If you are using a huge machine on which you host many different servers but only one Remote Desktop Session Host server, a bad actor may be able to execute the malicious code on that server and access data from other virtual machines and from the host memory as well.

SQL servers and workstations are also dealing with these problems.

blog_ilustracija-01 Which CPUs are impacted?

Spectre: Intel, AMD, ARM, NVIDIA, and IBM Power CPUs

Meltdown: Intel, ARM chips (exception are Itanium server processors and Atom (pre-2013))

The list of infected processors goes back to those made as far as 1995. The problems can be patched but not fixed because they lay in the architecture of the chips - only with the next generation of CPUs will we be safe.

 What about the cloud?

Before the bugs were publicly announced all the big providers such as AWS, Azure, Google, etc. were informed and given time to provide fixes for their cloud infrastructure. That was a crucial step for ensuring security, but smaller providers were not afforded the same courtesy. Even though they are smaller, they also have huge infrastructures with lots of virtual and physical servers, and when the bug was announced, they were forced to patch all of their servers in a few days. Despite this, most of them have announced that they are fully patched.

 Meltdown and Spectre Performance hit

Even though they ensure security and eliminate vulnerabilities, all patches come at a price of performance slowdowns. The only way to truly address the vulnerabilities without performance hits would be to make hardware improvements, and that will be possible only with the new generation of CPUs.

There are various reports and benchmarks about the patch performance impact, but please note, that they are of limited value because the patches are still being developed. News organizations have taken note of the problems caused by these bugs. The Guardian (UK) has report this as “worst CPU bug ever, that affect virtually all computers and causes an impact on the speed by as much as 30%.” There have been some performance issue, but they have not been nearly as severe as reported. Also, the second generation of patches will probably have an even smaller impact on performance than the current ones.

The performance hit even on the most highly patched machines is really small, in the single digits. However, the performance hit may be most visible on CPU-intensive systems like Search and SQL, because they use a lot of processing power and any hit will intensify, on the other hand, if your servers are not busy you will likely not see any performance hits.

Co-founder of SysKit, Frane Borozan recently hosted a webinar on exactly this topic, so take a look.

 Importance of SharePoint monitoring

Every update, patch, and a million other things can impact the performance of your servers. To ensure that your hardware investment will deliver the service you expect – and provide ample early warning of impending trouble, such as resource shortages or hardware issues - you must use performance monitoring tool. When we at SysKit patched our SharePoint servers to protect them from Meltdown and Spectre, we used SysKit InsightsSharePoint monitoring and troubleshooting tool to gauge the impact of the patch. We saw CPU usage go up from 2% to 4%. We recommend SysKit Insights - monitoring software designed specifically for SharePoint servers to track SharePoint-specific performance counters- for all SharePoint administrators.

SharePoint Performance Monitoring