Thanks for this great summary Ed. I'm on board. [image1.GIF]
Sent from my iPhone On Jan 11, 2018, at 10:32 AM, Ed Leatherman <[email protected]<mailto:[email protected]>> wrote: >From what info I'm aware of, hypervisor fixes (at least vmware) are not >resulting in a perceptible performance degradation, however fixes at the guest >OS level are showing performance issues depending on the type of operation >involved. To completely mitigate the vulnerabilities, seems like in most cases it requires a multi-faceted effort, BIOS/firmware/CPU, Hypervisor (if present), and OS all must be updated to address all of the attack vectors. Right now the fixes at the OS layer don't see fully baked. I feel like if you're 100% appliance based VM's wrt Cisco UC apps and they are the only things running in the cluster, your risk is pretty low and letting details/patches get sussed out is logical before you go crazy patching things. If there are non-UC or non-appliance items running in the same cluster, then addressing at the hardware and hypervisor level is important, followed by guest OS fixes for those other VMs once you understand the impact on those. Just my current thinking anyway. I bet we don't see any UCOS patches that address this at the OS level until its fully baked or its just part of the linux kernel they use. On Tue, Jan 9, 2018 at 8:32 PM, Lelio Fulgenzi <[email protected]<mailto:[email protected]>> wrote: To be honest, I'm a little worried about the rumoured slowdown the fixes are gonna have. Will this impact the supported status of certain CPUs in collab suite? Sent from my iPhone -- Ed Leatherman
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
