[cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Lelio Fulgenzi lelio at uoguelph.ca
Thu Jan 11 10:46:35 EST 2018


Thanks for this great summary Ed. I'm on board.

[image1.GIF]

Sent from my iPhone

On Jan 11, 2018, at 10:32 AM, Ed Leatherman <ealeatherman at gmail.com<mailto:ealeatherman at gmail.com>> wrote:

>From what info I'm aware of, hypervisor fixes (at least vmware) are not resulting in a perceptible performance degradation, however fixes at the guest OS level are showing performance issues depending on the type of operation involved.

To completely mitigate the vulnerabilities, seems like in most cases it requires a multi-faceted effort, BIOS/firmware/CPU, Hypervisor (if present), and OS all must be updated to address all of the attack vectors. Right now the fixes at the OS layer don't see fully baked.

I feel like if you're 100% appliance based VM's wrt Cisco UC apps and they are the only things running in the cluster, your risk is pretty low and letting details/patches get sussed out is logical before you go crazy patching things.

If there are non-UC or non-appliance items running in the same cluster, then addressing at the hardware and hypervisor level is important, followed by guest OS fixes for those other VMs once you understand the impact on those. Just my current thinking anyway. I bet we don't see any UCOS patches that address this at the OS level until its fully baked or its just part of the linux kernel they use.



On Tue, Jan 9, 2018 at 8:32 PM, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

To be honest, I'm a little worried about the rumoured slowdown the fixes are gonna have. Will this impact the supported status of certain CPUs in collab suite?

Sent from my iPhone



--
Ed Leatherman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180111/ccafecd3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image1.GIF
Type: image/gif
Size: 28972 bytes
Desc: image1.GIF
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180111/ccafecd3/attachment.gif>


More information about the cisco-voip mailing list