For those of you who have already patched your ESXi hosts with the initial set of patches, please note that those patches are being recalled by VMware, and action is required. VMware has also updated their security advisory “VMware Security Adisories“ late in the week. There are many questions regarding performance impact of the corresponding OS patches on Veeam performance. For your information, it’s being evaluated in intern probably in R&D department. Veeam development team conducts performance analysis of the available patches on servers with installed Veeam products.
As of January 22, 2018, Intel does not recommend installing patches regarding reboot issues and unpredictable system behavior: “We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior“.
With the microcode included in the BIOS updates released to address Spectre (Variant 2), CVE-2017-5715. Dell is advising that all customers should not deploy the BIOS update for the Spectre (Variant 2) vulnerability at this time. They have removed the impacted BIOS updates from our support pages and are working with Intel on a new BIOS update that will include new microcode from Intel. If you have already deployed the BIOS update, in order to avoid unpredictable system behavior, you can revert back to a previous BIOS version (See the tables of BIOS updates for Dell PowerEdge Server Products). As a reminder, the Operating System patches are not impacted and still provide mitigation to Spectre (Variant 1) and Meltdown (Variant 3). The microcode update is only required for Spectre (Variant 2), CVE-2017-5715.
Preliminary tests in Veeam’s lab haven’t shown any significant performance degradation on Veeam components after applying the patches. However, the performance impact may be noticeable depending on the hardware configuration. Here’s a feedback from one of Veeam end users about the performance impact of Meltdown on Veeam environments: “In our small environment (2 hosts, 10 VM’s) I haven’t observed any notable impact since installing the patches but I think it’s also related to the fact that we’re not having a lot of IO’s.” (source: Veeam Forum). And while not specific to Veeam, here’s a good article with many such reports collected. Finally, if you have certain AMD processors and installed those critical Windows patches which Microsoft pushed to Windows Update, here’s the important Microsoft KB article that you won’t be able to read because your computer is unbootable.
Spectre & Meltdown: Patch Virtual Machine (Guest OS) too! here!
Security – Spectre and Meltdown overview here!
Ransomware – Protect your Backup Server Guide!
Veeam B&R 9.5 U3 – New protection feature here!