Like many I have an r710 lab server laying around and on occasion I do semi-important things on it. Dell has a bios update for it that addresses intel processor vulnerabilities like spectre but I’ve seen people advice against this due to performance impact.
Has anyone done this and what is your experience, can it be disabled or reverted back once the system is patched?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
how important is it to you and is this box internet facing?
Could be important, not sure yet and at times it is likely to have VMs facing the internet.
You should do some digging on how the PoC works for some of those exploits and decide for yourself if its worth the performance hit. No one can decide that for you really. In all reality you SHOULD take the updates but in practice the security issues can be mitigated.
I’m not really asking for someone to decide for me but I’m asking for people who have made the upgrade about their experience and maybe some rational around their choice.
From what I remember after reading through the test and patch release reports at work the performance hits were most noticed on busy database servers with sizable queries and parallel execution.
On machines that were not usually busy there wasn’t anything noticeable.
The most at risk systems were ones that hosted multi-tenant workloads, e.g. if you control bare-metal and all workloads, and the server is not accessed externally the risks of not patching were lower. These servers got patched last.
This topic was automatically closed 273 days after the last reply. New replies are no longer allowed.