Storage slingers say: Don't sweat Spectre, Meltdown SANitation
Debate rages on software, HCI slowdown though
Posted in Storage, 15th January 2018 15:05 GMT
Analysis Several SAN suppliers have said their systems don't need patching against the Spectre and Meltdown bugs. We asked Dell and Pure Storage about the impact of fixes and whether their SANs and Dell's hyperconverged (HCI) systems needed patching.
El Reg: Do you agree that on-premises external SANs and filers that only run their supplier's code will be safe and won't need patching, and therefore will perform as before? Could you explain the reasoning behind your position?
Dell: We generally agree. Access to the platform OS to load external code is restricted (in some cases code cannot be altered whatsoever) and therefore the reported vulnerabilities do not introduce any additional security risk to a customer's environment – provided they follow recommended best practices to protect access of highly privileged accounts.
Should SANs be patched to fix the Spectre and Meltdown bugs? Er ... yes and noREAD MORE
Pure Storage: Current known exploits of Meltdown and Spectre require running crafted code on the CPU being attacked. Pure's systems run a fixed Purity Operating Environment, so we expect them to perform as before without patching.
El Reg: Is the situation different for storage software delivered and designed to run on commodity separately sourced hardware (meaning servers)? Will those servers have to be patched?
Dell: Yes, in most cases, most storage software on its own will be immune to these vulnerabilities but the host servers/appliances they operate on will still require patching. Virtual appliance installs of some software will require associated VMs and their hypervisors to be patched.
Pure Storage: Pure Storage does not offer a software-only solution, so this does not apply to Pure Storage solutions. FlashArray and FlashBlade platforms are appliance-based solutions with hardware and software tightly coupled and controlled by Pure.
El Reg: Is the situation different for hyperconverged systems?
Dell: HCI appliances may have more restrictive access rights than commodity servers; however, server components of a CI/HCI system require patching along with hypervisor and any guest OS components.
Pure Storage: This is not applicable to Pure.
El Reg: What are your intentions regarding patching your own shared, external storage system products?
Dell: Most of our external storage systems have zero or very limited risk exposure to the reported vulnerabilities.
Pure Storage: We don't intend to patch our storage system products. We'll continue to monitor this issue as we learn more.
El Reg: If you are patching these systems then what will the performance impact be?
Dell: We will conduct performance testing for any systems where patching is required, though we do not expect any performance impact on these storage systems.
El Reg: Will you be patching your HCI products?
Dell: Yes, we are remediating vulnerable components of these systems... We're currently testing to assess any potential performance impacts as a result of patching.
Storage software running in a patched hypervisor
On the other hand, non-appliance storage software will likely need patching, claimed Infinidat.
Infinidat CTO Brian Carmody claimed: "If you're 'software-defined storage' (SDS) running in a patched hypervisor, you're going to take a performance hit. If you're a storage appliance that allows third-party code to run, you're going to take a performance hit.
"The only architectures with the luxury of not implementing the kernel patch are those who already prevent third-party code from hitting the physical CPUs, e.g. appliances."
That means SANs and filers from Dell, HPE, Hitachi Vantara, Huawei, Kaminario, NetApp, Pure Storage, Tintri, etc.
If an array allows customer code to run in it, then the presumption is that it will need patching.
Carmody said he doubted any SDS that runs in a hypervisor would be unaffected. "If you run in a hypervisor, and patch the hypervisor, and make system calls, you're going to be slowed down like every other virtualised application," he claimed, referencing a Microsoft blog about this.
The blog states: "For Windows Server, administrators should ensure they have mitigations in place at the physical server level to ensure they can isolate virtualized workloads running on the server... Windows Server customers, running either on-premises or in the cloud, also need to evaluate whether to apply additional security mitigations within each of their Windows Server VM guest or physical instances. These mitigations are needed when you are running untrusted code within your Windows Server instances."
The performance impact on Windows servers comes from the Spectre Variant 2 Windows Change to eliminate branch speculation in risky situations along with a microcode update.
This implies software-only storage products from the object storage suppliers would be affected. We're checking with them too.
With Retpoline, we didn't need to disable speculative execution or other hardware features. Instead, this solution modifies programs to ensure that execution cannot be influenced by an attacker. With Retpoline, we could protect our infrastructure at compile-time, with no source-code modifications.
Furthermore, testing this feature, particularly when combined with optimisations such as software branch prediction hints, demonstrated that this protection came with almost no performance loss... Retpoline fully protects against Variant 2 without impacting customer performance on all of our platforms.
Google has provided all the details here. ®