Flaw Patches Significantly Degrade System Performance

By James D’Arezzo

CEO, Condusiv Technologies

In January, it was Spectre and Meltdown.  In August, it was Foreshadow/Foreshadow-NG.  Security flaws in Intel chips that require patches. The hidden news is that it’s not just a security issue, but a performance problem as well.  Firmware and software fixes inevitably impact performance, sometimes dramatically.   According to PC World, early versions of the Spectre and Meltdown fix were showing system performance losses that could range as high as 14%. The Register in the UK stated the performance loss could be as high as 30% on servers running heavy workloads.

The latest flaw is a weakness in chip design that could affect all Intel hardware released after 2015 and allow an attacker to access encrypted data being held in an isolated area of the chip.  With Foreshadow, the data in a supposedly secure enclave could, in theory, be copied elsewhere and then accessed. Foreshadow-NG might also be used to read information stored in other virtual machines running on the same third-party cloud, presenting a risk to cloud infrastructure.

Let’s face it, with the rising tide of data and the demands for faster performance from end users, the last thing IT needs are “fixes” that slow application performance. 

Looking back just a few months at Spectre and Meltdown highlights the problem.  By late January, according to Spiceworks, a professional network for people in the IT industry, 70% of businesses surveyed had begun patching against the flaws. Of those, 38% reported experiencing problems with the fixes, including performance degradation and computers crashing. The study also found that of the 29% of large companies who expected to spend more than 80 hours addressing the issue, 18% expected to spend more than $50,000 to fix them.

This is a classic case of cause and effect.  Therefore, IT professionals need to consider solutions to looming performance degradation. There are a number of alternatives. Performance can be enhanced at any one of the three basic layers of computing: processing, storage or communications. That is, increase the speed of processing data; increase the speed of accessing and reading or writing data to/from storage; or speeding up communications speeds via network bandwidth increases.

A wholesale increase in compute power is an extremely costly and time-consuming endeavor. Not only acquiring new hardware, but the provisioning, deployment, training and other aspects make this a daunting alternative.

Similarly, an increase in storage speed through all-flash arrays and hyperconvergence is equally expensive and time-consuming, although not quite as much as the alternative above.

Increasing network bandwidth is potentially the easiest alternative, but it also only slightly overcomes the performance problem, as the slowdown is really about processing application data rather than communicating it.

An alternative, and far simpler answer to any of the options listed above is a software-only solution that reduces I/O traffic. If read and write I/O is reduced by 50% or more, then performance leaps. More work gets processed much faster because less has to travel up and down the stack from storage to network to CPU and back. There is I/O reduction software available for Windows systems that does exactly this.

About the Author

Jim D’Arezzo has had a long and distinguished career in high technology. First serving on the IBM management team that introduced the IBM Personal Computer in the 1980s, he then joined start-up Compaq Computer as an original corporate officer and helped the company grow to over $3 billion as VP Corporate Marketing and later VP International Marketing. Seeing the technology trend toward networking, Jim joined Banyan Systems in the early 1990s as VP Marketing and helped that global networking software leader grow rapidly and eventually go public on NASDAQ. He then moved on to computer-aided design software leader Autodesk as VP Marketing and multiple Division GM for data management, data publishing and geographic information systems. D’Arezzo later served as President and COO for Radiant Logic, Inc., the world leader in virtual directory database solutions. Jim holds a BA from Johns Hopkins University and an MBA from Fordham University.