back to article Storage slingers say: Don't sweat Spectre, Meltdown SANitation

Several SAN suppliers have said their systems don't need patching against the Spectre and Meltdown bugs. We asked Dell and Pure Storage about the impact of fixes and whether their SANs and Dell's hyperconverged (HCI) systems needed patching. El Reg: Do you agree that on-premises external SANs and filers that only run their …

  1. Anonymous Coward
    Anonymous Coward

    Pure /run

    We understand block based storage arrays are not affected by this however, no questions were asked about Pure's /run environment...and no answers were volunteered.

    1. Pascal Monett Silver badge
      Coat

      Well, if you didn't ask any question, it's not likely you'll get an answer.

  2. Anonymous Coward
    Anonymous Coward

    "SDS ... you're going to take a performance hit"

    Although this probably only matters if your system is CPU-bound rather than I/O-bound.

    1. Anonymous Coward
      Anonymous Coward

      Re: "SDS ... you're going to take a performance hit"

      And that only matters if you're running benchmark tests as opposed to what actually happens for I/O in the real world. Each individual I/O will be affected by this. Yes, overall throughput and IOPs will be unaffected if there is plenty of CPU overhead, but you're going to take a hit on latency. How relevant that is depends on the individual application and the effect that latency has on that application.

    2. Anonymous Coward
      Anonymous Coward

      Re: "SDS ... you're going to take a performance hit"

      Haha! Yes, if you're already slow because you're waiting on disk inertia, you probably won't notice if we make your CPU 30% slower.

  3. Anonymous Coward
    Anonymous Coward

    Third party code

    "Current known exploits of Meltdown and Spectre require running crafted code on the CPU being attacked"...."Virtual appliance installs of some software will require associated VMs and their hypervisors to be patched"

    Just curious but if this affects hypervisors running third party code, wouldn't that apply to features like "Purity Run" or is there some additional security in place to mitigate this ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Third party code

      I'm not an expert in Pure but it seems like it's a hypervisor and you can run your own code in a VM. So you will either need to patch the VM and lock down who can implement VMs, or you will need to patch the hypervisor kernel. If this is the same kernel that runs the Pure code then you will take a performance hit.

      Anyone from Pure care to counter this/explain?

    2. Anonymous Coward
      Anonymous Coward

      Re: Third party code

      This may be updated, but Pure's current standing is that "Purity Run allows customers to run applications provided by PureStorage on the FlashArray." Presumably these trusted applications do not include Spectre/Meltdown exploits.

      https://support.purestorage.com/Field_Bulletins/The_Meltdown_and_Spectre_CPU_Vulnerabilities

      "Pure is continuing to investigate the risk of any potential impact to FlashArrays using Purity Run. Purity Run allows customers to run applications provided by PureStorage on the FlashArray. Purity Run is a feature which can only be enabled with specific request from the customer to Pure Customer Support. Pure Customer Support will proactively reach out to every Pure customer using Purity Run. On FlashArrays with Purity Run enabled, the administrator should continue their usual practice of ensuring that only trusted code is executed in the Purity Run VM, and that access controls and patches are properly maintained."

  4. lansalot

    well thanks, Dell..

    Been waiting for last couple weeks now as to a statement for potential impact for EMCs ScaleIO product, which you resell.

    Being HyperConverged, in that the VMs and storage are all on the same boxes, we're expecting a significant performance hit.

    1. phord
      Devil

      Re: well thanks, Dell..

      Dell purchased EMC in 2017. They're not a reseller; they are the vendor.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020