What is the performance impact of Meltdown and Spectre for end-user computing workloads like Amazon Workspaces, Citrix XenApp, VMWare Horizon, and Frame? Are there any performance differences using Windows Server 2012 R2, Windows 7, or Windows 10? Is there a huge difference when running end-user computing workloads in an on-prem or public cloud scenario? Spoiler alert: Yes! There are important differences to be aware of because this will drive strategic and tactical decisions in the future.
Skyfall in 2019, let’s change the status quo!
We will see new exploits with names like “Global Warm-up,” “From Russia with Love,” and “Skyfall” in 2019. Why? Because unfortunately, identity and data theft, security breaches, ransomware, zero day attacks, and new security vulnerabilities in both software and hardware are nothing new.
The first rule in security is to assume you’re already hacked. There is always a way to hack a system — even when it isn’t connected to the internet. It’s just a matter of resources and motivation for hackers.
Unless we change the status quo and do things differently, security challenges and their impact for individuals, communities, businesses, and governments will continue to get worse. Cyber hygiene should be as important as wearing a seat belt. We need to change processes and use different technologies such as blockchain, network virtualization, Identity as a Service (IDaaS), and public cloud services to change the security status quo. We have the ability to make the world and its millions of applications (including systems and infrastructure solutions) more secure if we start now.
Performance impact with Meltdown and Spectre
It’s important to stay up-to-date with new security risks and understand ways to mitigate the impact they could have on your environment — no rocket science here. Various articles have been written about the performance impact of some security updates — Meltdown and Spectre in particular. Finding the right balance between performance, agility, and security isn’t always easy. When you ask about the performance impact, it’s impossible to give a definite answer without knowing your specific use case and context.
The impact depends on a few different factors, such as:
- Which hardware and CPU type you or your cloud provider is using (e.g. xWell, xLake — Intel Xeon CPUs). You should update CPU microcode (BIOS/UEFI) and server firmware.
- The Hypervisor being used (e.g. VMware ESX, Citrix XenServer, Microsoft Hyper-V, or KVM-based solutions). If you’re running bare-metal, this factor obviously doesn’t apply.
- The Guest Operating system to run your end-user computing desktops and applications. VDI with Windows 7, 10, Server 2012 R2, Server 2016 or Terminal Services / multi-user systems using Windows Server 2012R2 and Server 2016.
- What applications you’re using and the resource impact of these applications to the system from a CPU, memory , GPU, and storage IO perspective.
So what about the performance impact for Windows 7, Windows 10, and multi-user environments like Citrix XenApp and Microsoft Terminal Services running on Server A and Hypervisor X? Here are a few articles worth reading for more information:
- Performance Impact of Meltdown and Spectre Patches on Terminal Server — and by Association, Citrix XenApp by Ben Murphy from Lakeside Software
- The impact of Meltdown and Spectre patches on Windows 10 and Win7 by LoginVSI
- Here’s how, and why, the Spectre and Meltdown patches will hurt performance by ArsTechnica
We have seen terminal services performance test results using Remote Desktop Services Session Host (RDSH) and Citrix XenApp. These multi-user test results show a performance impact of up to 25%. This means up to 25% more (virtual) hardware is needed to support these users. This impact is much higher compared to Virtual Desktop Infrastructure (VDI) using Windows 7 (10%), Windows 10 (3%) or even Server 2012 R2/2016 in single user mode scenarios. For these use-cases, the impact is much lower — most users likely won’t notice this impact.
Below the surface, multi-user systems are very different from single user (VDI) solutions. With a single user (VDI) scenario, every user is isolated and using their own resources. Performance is guaranteed since resources aren’t shared among other users within the virtual machine. With a multi-user remote desktop session host scenario, there are multiple users accessing the same virtual machine with the same OS, and sharing the same resources. This system is fully utilized and many context switches are happening in most use-cases so the CPU is typically the first bottleneck.
Basically, Meltdown and Spectre have a much bigger impact on organizations running RDSH, Citrix XenApp, or other flavors of terminal services (on-prem or in the public cloud) compared to VDI. Frame falls into the category of VDI, because each user’s session runs on its own virtual machine, whether the user is running just one app or a whole desktop. Our own tests have shown that the impact is in the low single digits, such that it is practically imperceptible to the user. As a result, upgrades to hardware and specs are not necessary on Frame….
Ruben Spruijt is Field Chief Technology Officer at Frame (www.fra.me), responsible for driving vision, technology evangelism and thought leadership with Frame customers, partners and communities. Mr. Spruijt is a well-regarded author, speaker, market analyst, technologist, and all-around geek. An established industry leader and luminary. He is a Microsoft Most Valuable Professional (MVP), NVIDIA GRID Community Advisor, VMware vExpert and was a key member in the Citrix CTP program from 2008-2017.
He has presented more than 250 sessions at national and international events such as BriForum, Citrix iForum Japan, Citrix Synergy, Gartner Catalyst, Microsoft Ignite, Microsoft TechEd, NVIDIA GTC, and VMworld. Mr. Spruijt founded several independent industry analysis bodies including Project Virtual Reality Check (VRC), Team Remote Graphics Experts (TeamRGE), AppVirtGURU written and co-authoring multiple disruptive ‘Smackdown’ research whitepapers. Ruben is an advisor for various start-ups in mobile, community Cloud industry and Remote User Experience Analytics.
He is based in the Netherlands where he lives with his wife and three kids.
If you have feedback or questions for Ruben, send him an email at firstname.lastname@example.org or follow him on Twitter @rspruijt