[cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

[Ed Leatherman]

>From what info I'm aware of, hypervisor fixes (at least vmware) are not
resulting in a perceptible performance degradation, however fixes at the
guest OS level are showing performance issues depending on the type of
operation involved.

To completely mitigate the vulnerabilities, seems like in most cases it
requires a multi-faceted effort, BIOS/firmware/CPU, Hypervisor (if
present), and OS all must be updated to address all of the attack vectors.
Right now the fixes at the OS layer don't see fully baked.

I feel like if you're 100% appliance based VM's wrt Cisco UC apps and they
are the only things running in the cluster, your risk is pretty low and
letting details/patches get sussed out is logical before you go crazy
patching things.

If there are non-UC or non-appliance items running in the same cluster,
then addressing at the hardware and hypervisor level is important, followed
by guest OS fixes for those other VMs once you understand the impact on
those. Just my current thinking anyway. I bet we don't see any UCOS patches
that address this at the OS level until its fully baked or its just part of
the linux kernel they use.



On Tue, Jan 9, 2018 at 8:32 PM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:

>
> To be honest, I'm a little worried about the rumoured slowdown the fixes
> are gonna have. Will this impact the supported status of certain CPUs in
> collab suite?
>
> Sent from my iPhone
>
>

-- 
Ed Leatherman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180111/a729b794/attachment.html>