Wow, I almost don't see the point of having esxi/vmware cluster if you are using local datastores. No DRS or HA..... I'm guessing that means you don't have port redundancy. I know if you have a cheap people calling the shots, there is nothing you can do, but they do understand they are playing for fire right?
(we have a relatively decent EMC Unity 300 for the storage with massive raid arrays and two extra layers of backups where I work, took me over a year to get out of the local storage thing, but besides that)
They don't care. They literally told me more than once that "it'll work until it doesn't anymore and then we'll deal with it"
One thing I don't quite understand: on hypervisors the problem with meltdown/spectre is that VMs could potentially read data from one another, right?
In a cloud/datacenter environment with multiple customers on the same hardware that is a problem, but for in-house servers? Patch the VMs if necessary and wait with the hypervisor patching until you have time for the downtime...
Well ESXI lets us use multiple VM on 1 physical host at least
But yeah what i would like to do if possible is this
3 Hosts (like we have right now)
Maybe a 4th just for Veeam and have extra space to transfer VMif needed and a centralise NAS to put all the VM files, while the Vmware will only 'power on/off' the machines
And have ESXI installed on a USB stick on each ohysical host
That's a pretty valid reason to go virtual, we did (single host) ESXi for a few customers that were "big" enough to justify splitting the server roles between multiple VMs (no more SBS, hooray~). But multiple hosts without a cluster/central storage...
A former customer went all-out on virtualization. 3 hosts, each strong enough to hold all VMs alone (at least during the first year or so ), one usually off/sleeping. Central storage system with fiber connections to all hosts, and a physical backup machine with a huge local RAID and a tape changer attached.
Before that they had 7 or 8 physical servers. 2 years after the switch they had 20+ VMs xD
But... we're kinda derailing the thread ^^;
Anyway, Microsoft released a powershell script that can check if all currently available patches to counter meltdown/spectre are installed. See here.
Wasn't it a thing that the patch only gets offered when a "installed AV is compatible with it" registry key is existent? At least we got a newsletter from (I think) Trend Micro this week that their stuff is OK with it and you should set the key manually to allow patching.
They made a patch for the OfficeScan you can install that puts the key on the clients now (https://success.trendmicro.com/solut...curity-updates) I tried installing it, but I can't seem to have it verified beyond it saying it installed fine.
Ok so I just manually installed KB4056892 on my Windows 10 1709
And updated my bios to the latest one
Now I get this
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]
BTIHardwarePresent : True
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : True
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : True
What can i do for the last 2 false?
Uh... nothing, since everything is enabled as it should?
That block is just a summary of everything that gets checked, so not having a policy that blocks the BTI stuff is a good thing, and "no hardware support" would probably be bad.
https://www.theverge.com/2018/1/10/1...ow-down-issuesIntel needs to come clean about Meltdown and Spectre
Fuck me!Microsoft revealed some of the extent of the performance issues facing Windows PCs and server-based systems. Windows 7 and Windows 8 machines running Haswell or older processors are going to be impacted the most according to Microsoft, and “most [of those] users will notice a decrease in system performance."
Also:
Microsoft’s most troubling revelation is that Windows Server instances will have a “more significant performance impact,” especially if servers are I/O intensive. Microsoft is actually warning customers to consider not updating their server firmware if they don’t run untrusted code, to ensure performance isn’t impacted. Microsoft has performed a number of vague benchmarks across a variety of processors, but at least the company is trying to be transparent to its customers.
Fuck Lenovo doesn<t have bios update for the E570
Just an update. I have the patch and I haven't noticed any significant slowdown in Windows 7. I have an SSD drive and a performance hard drive for storage so maybe that has something to do with it. My motherboard maker still doesn't have a update either. I'm worried they will never release one cause it's one of their older models. But, jeez it's only two years old!
That's exactly why all the news sites should have stressed this more since the start: the performance loss for normal users is close to none. The only scenario where you (apparently) really notice a change is on big virtualization platforms.
Although it doesn't really effect me at home, the senior guys at work have been getting drilled with meetings with execs, hah.
Anyhoo, so glad I didn't bite the bullet to upgrade from my 3930K/7970 combo just yet. The ridiculous RAM and GPU prices have saved me from purchasing another Intel system. Back to fully team red it looks like.
Aye, team red for the next build sounds really tempting, just waiting on the Zen+ Ryzens. But... weren't it mostly AMD GPUs that exploded into price heaven thanks to etherium mining?
Late to the party :D (works been flying me around on business trips and all I do is watch movies on planes and hotels.)
I have an i7-4770 Haswell... do something about it? or keep watching movies?