There’s at least 4 problems related to the on-going Meltdown and Spectre serious CPU security bugs (AWS announcement) that impact the Database Administrator (DBA):
- in shared environments, like AWS or VMs, neighbour VMs can read your data on unpatched systems
- forthcoming patches might work, or might not work. Complex patches often don’t address the issue initially, so there could be a sequence of related patches (whack-a-mole, like Shellshock) that will affect database uptime and cache performance.
- the patches are reported to consume more memory and reduce system performance. If your database server is configured to use 90% of RAM, like with MySQL’s innodb_buffer_pool_size, you should consider 80% or 75%.
- in AWS, significant clock skew has been reported.
The above also applies to server consolidation and microservices in VMs.
Of course, if you’re an experienced production DBA, then you never trusted VMs anyway. Image may be NSFW.
Clik here to view.
I’ll leave it to others to pontificate on what it means when you can’t trust any desktop, server or mobile computer in an Internet-connected world. Or what HIPAA compliance means in the cloud where your server is a party-line telephone.
forums.aws.amazon.com: Degraded performance after forced reboot due to AWS instance maintenance , HN
ARM: Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism
Escaping Docker container using waitid() – CVE-2017-5123
