Vol. 23, #5 - February 05, 2018 - Issue #1167

WServerNews: Some reflections on Meltdown/Spectre

Free Tool for Monitoring Exchange Server Status & Performance 

Image

SolarWinds® Exchange Monitor is a free tool that allows users to monitor Microsoft® Exchange™ Server 2013 and 2016. Get basic information about the server’s metrics, services, and database availability group (DAG) status. Add as many Exchange Servers as you wish. Simply click the “Add Server” button and fill IP address/domain name and credentials.

Download Free Tool


Editor's Corner

This week's newsletter continues from last week and includes reflections by some of my contacts in the global IT community about the Intel Spectre/Meltdown fiasco and how IT pros can deal with it. Plus we have all sorts of other stuff to keep you informed and entertained.

Speaking of melting down, what would you do if our global financial system melted down? How could you prepare for such an eventuality? Here's some advice from Dilbert:

http://www.wservernews.com/go/6clx2qed/

Hmm, maybe Alice has it right.

 

Ask Our Readers 

WServerNews now has over 400,000 subscribers worldwide! That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]

And now on to the main topic of this week's newsletter…


Reflections on Intel's Meltdown

I reached out to a number of my contacts in the global IT community asking them if they would share their thoughts, suggestions, or warnings concerning the Intel Spectre/Meltdown vulnerabilities. Several of them responded so I'm including their reflections here as they may help some of our newsletter readers devise strategies for dealing with these vulnerabilities. If you have any additional thoughts or suggestions you'd like to offer on this subject, you can email me at [email protected]

Thoughts from an Azure consultant

These first reflections are from Marnix Wolf, Senior Consultant and Azure evangelist at Didacticum Group in the Netherlands. Marnix is a senior consultant, with a strong focus on Azure (IaaS/PaaS), Microsoft Operations Management Suite (OMS) and the System Center stack, mainly Operations Manager (SCOM) and Configuration Manager (SCCM/ConfigMgr). Marnix also writes a blog about OMS, Azure and SCOM which you can read here:

http://www.wservernews.com/go/9jk7hyc8/

"My two cents on this topic are that whether or not to roll out the patches for Meltdown, depend on a per case basis. Servers hosting VDI or database related workloads are the ones who take the biggest performance hits, far over 30%. This could result in a direct degraded performance of the offered service, hitting business in pretty bad way. Many times, for workloads like that servers aren't easily added in order to make up for the performance loss. But this doesn't mean in cases like that the patches shouldn't rolled out. Because many times, security and privacy in environments like that are paramount. As a result, companies are rolling out the patches but in batches, monitoring the total impact because it's quite hard to make a sound prediction.

To make it more complex, the patches weren't properly tested, because the news leaked out too fast. As a result, the available patches were rolled out while lacking proper testing and their results. So companies like Microsoft found themselves in a split. Either to make the patches available and make them look bad because the patches themselves introduced new issues and challenges, or not to roll them out and make them look bad as well. So now the patches are available but do have warnings because there are potential risks attached to them. As a workaround - for the Microsoft patches - you can prevent the installation. But when you do that, future patches won't install either. Meaning, somewhere in time, the patches for Meltdown HAVE to be installed, because the alternative is even worse, making your systems vulnerable to other exploits as well for which are patches available but not installed...

Cloud providers are obliged to installed the patches, no matter what. Because most of them have their business model based on the principle of maximum usage. Meaning their server hardware is used to the max, 24/7. This can only be done when you rent out the same server hardware to multiple customers. As such they are required to roll out the patches, even though it affects directly the performance of those very same servers. As a downside, those very same servers will allow for less workloads (because of the performance degradation), which is a direct hit on their business model. And this is only the patching of Meltdown, because Spectre is too hard to patch, if it can be patched at all. Finally the cloud providers have to replace their servers much earlier then expected, because in order to address Meltdown and Spectre properly, a new CPU design is required.

Finally every business running servers of their own, whether physical or virtual have to roll out the patches. In some cases, like Microsoft Azure, recommend NOT to roll out the patches on certain types of Azure VMs because that would run the performance too much. These are the lowest type of Azure VMs, running slow CPU's and a low amount of memory. 

As you can see, there is not a simple answer. It not only depends per company, but also per workload, per agreed SLA and required security/privacy, whether by law, regulations of signed contracts with the customers, whether internal or external."

Other reflections on Meltdown/Spectre

Several other colleagues I contacted responded briefly with their thoughts as follows:

Hi Mitch, luckily all my biggest customers are awaiting the implementation of the fix. At the current stage I think monitoring is more important than fixing the problem hastily and risking new and unknown challenges. Such mayor changes deep down in the core will need extensive testing, and focusing on monitoring systems and outgoing network traffic to discover patterns of exploit are critical. --Olav Tvedt, Microsoft MVP (Cloud and Datacenter Management) and Principal at Lumagate AS in Bergen, Norway. 

Olav's also has blog called "The Magic Between Data and the Users" that you can erad here:

http://www.wservernews.com/go/e23wxcac/

Well first of all, with this kind of approach from Intel, it's quite hard to trust them on this matter but at the same time we have no choice but to wait. I feel like we're that their mercy as they are the verdor/chip providers which powers our servers. We just hope that the next patch for Meltdown/Spectre that Intel provides would be the permanent fix to prevent unnecessary extra work for our platform & server teams. --Jay-R Barrios, Microsoft MVP (Cloud and Datacenter Management) and Senior Systems Consultant for the NCS Group in Singapore. 

Jay-R also has a blog called "JDeployment" which can be found here:

http://www.wservernews.com/go/yol12l5i/

You are right about it being a fiasco, these last couple of weeks have been hectic to say the least. But luckily for me, we at the university have teams to deal with this type of scenario. I am not directly affected but I do deal with the teams that are affected and see the demand that is put on them. Having to patch every system on the network. --Jeremy Hodgson, Data Center Coordinator for the University of Manitoba and Winnipeg Technical College in Winnipeg, Canada.

Got thoughts or suggestions you'd like to share with our readers concerning Meltdown/Spectre? Email me at [email protected]

 

Send us your feedback

Got feedback about anything in this issue of WServerNews? Email us at [email protected]


Recommended for Learning

Free vSphere 6.5 Host Resources Deep Dive E-Book

By Frank Denneman and Niels Hagoort

http://www.wservernews.com/go/vrlri2y2/

 

Microsoft Virtual Academy

Hybrid Cloud Workload Protection with Azure Security Center

Looking to enhance your organization's security posture, especially these days, when threats seem to increase in volume and sophistication all the time? Azure Security Center can help, and Yuri Diogenes and Ty Balascio show you how. Join them for a look at workload protection, learn how the threat landscape differs for a cloud or hybrid environment versus on-premises, and explore threat detection and response. Start with an overview of Azure Security Center and how it can help to detect security incidents and alert you to them. Look at onboarding, implementing security policies, and just in time VM access. See how to deploy the service and keep it secure. Create custom alerts, explore incident response in the hybrid cloud, and use security playbooks. Finally, learn about troubleshooting, make an action plan, and hear about next steps. Get started today!

http://www.wservernews.com/go/snlht5jy/


Factoid of the Week

Last week's factoid was this:

A company in France has developed an airbag device that seniors can wear around their hips to prevent them from injuring or breaking their hip if they should suffer a fall. Older IT pros should definitely buy one of these when it becomes available, right? Seriously though, what technologies help prevent you from injuring yourself in your daily work or life activities?

This brought a couple of responses from our readers. First here is one response that I totally agree with:

Question: What technologies help prevent you from injuring yourself in your daily work or life activities?

Answer: Coffee

-- Doug, Systems Administrator for a Department of Corrections in the USA

Next here is a fascinating tidbit about a serious use for personal airbags:

Mitch, my sister is a competitive horseback rider who has been using an airbag vest for years now (and swears by them, despite some of the comments in the article):
https://www.wired.com/2016/08/olympic-equestrians-vests-double-airbags-airbags/
I'm not surprised to see this technology applied elsewhere, personal protection for seniors certainly sounds like a good idea to me.
P.S. I am a long-time reader WServerNews, thank you for producing one of my favorite weekly newsletters.

--Tim from San Diego

Now let's move on to this week's factoid:

Fact: A new study reportedly exposes the sugar industry's decades-old effort to stifle research linking the eating of lots of sugar to heart disease.

Sourcehttp://www.wservernews.com/go/676d6nve/

Question: How much sugar do you consume each day? And do you use any sugar substitutes? If so, which ones and why?

Email your answer to us at [email protected]

Until next week, 

Mitch Tulloch

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]

Display the IP address, OS version and other useful info in the desktop background using this handy free Sysinternals utility:

http://www.wservernews.com/go/f3yp54ap/


Sysmalogic Active Directory Report Builder is a simple to use multi-domain auditing tool for compliance requirements that provides AD reporting at a moment's notice:

http://www.wservernews.com/go/chhnfvzy/


Host Profiles CLI Fling (hostprofilescli) is a command-line utility that allows vSphere administrators to perform several operations with Host Profiles that are either not currently possible through existing user interfaces, or possible only through graphical interfaces:

http://www.wservernews.com/go/ffha7uuz/



This Week's Tips

Windows Update - Downloading individual udpates

JDeployment has a helpful tip that explains how you can download individual Windows updates from the Windows Update Catalog so you can test an update before patching your production systems with it:

http://www.wservernews.com/go/3eui3p0y/


Active Directory - Upgrade WS 2012 R2 to WS 2016

JDeployment also has a step-by-step walkthrough explaining how you can deploy a Window Server 2016 Active Directory to an existing Windows Server 2012 R2 Domain and upgrade to Windows Server 2016 Active Directory:

http://www.wservernews.com/go/ukwe6czh/


Group Policy - BgInfo on login

Olav Tvedt has a simple guide explaining how you can use Group Policy to deploy the useful BgInfo utility with a background to targeted computers:

http://www.wservernews.com/go/v0d89ny6/



Events Calendar


Microsoft Tech Summit on March 5-6, 2018 in Washington, D.C. USA

http://www.wservernews.com/go/0m7itxkw/

Microsoft Tech Summit on March 14-15, 2018 in Paris, France

http://www.wservernews.com/go/9nxkp7j8/

Microsoft Tech Summit on March 19-20, 2018 in San Francisco, California USA

http://www.wservernews.com/go/gm14cqd2/

Microsoft Tech Summit on March 28-29, 2018 in Amsterdam, Netherlands

http://www.wservernews.com/go/jeua5kvf/

Microsoft Ignite 2018 on September 24-28, 2018 in Orlando, Florida USA

http://www.wservernews.com/go/f6gtgfpp/


Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]


New on TechGenix.com

Getting a full-featured website up and running globally with AWS

It's easier than ever to get a full-featured website up and running using AWS. This tutorial will get you there quickly and painlessly.

http://www.wservernews.com/go/j5miz8wh/


Data security: Safeguarding the data you control - and don't control

If you are responsible for data security, you know how tough your job is. You are accountable for breaches in systems you supervise — and systems you don't.

http://www.wservernews.com/go/fgbr6tcm/


The importance of being earnest with software licensing

Software licensing often takes a back seat to other priorities, but the last thing your business wants is for the License Police to come knocking!

http://www.wservernews.com/go/g36rys1r/


Get your geek on: Building a VMware home lab

Setting up a VMware home lab for learning and testing doesn't need to be expensive or difficult. Here's how you can do it.

http://www.wservernews.com/go/com3bsj8/


5G - The fuel that will fire up the Internet of Things

5G is a five-times dose of gasoline that when poured over the flame called IoT will make it go boom! And this exciting technology may be available later this year.

http://www.wservernews.com/go/63o3phhu/

 

Tech Briefing - Networking

My favorite perfcounters

From the NDIS blog

http://www.wservernews.com/go/kdkhefyo/


Detecting port availability and blockage: Part 2, The Trace

From Lee Stevens Technical Blogs

http://www.wservernews.com/go/oeev41qp/


Simple PowerShell Network Capture Tool

From Ask PFE Platforms

http://www.wservernews.com/go/3kz1hl9e/


Parsing DNS server log to track active clients

From Security for the adventurous 

http://www.wservernews.com/go/g3gs11d7/

Advice on Numbering Policies in Networking

From Daniels Networking Blog

http://www.wservernews.com/go/n7flb030/

 

Other Articles of Interest

Do you UDP your Citrix traffic with HDX Adaptive Transport?

HDX Adaptive Transport picks up where Framehawk left off, and can be the silver bullet to improving the user experience. Find out why.

http://www.wservernews.com/go/isbk55qd/


Samsung profits dip as users hold onto smartphones longer

Changes in smartphone purchasing trends have hurt Samsung. Find out why here. 

http://www.wservernews.com/go/ev51ni7v/


Pros and cons of a Windows 10 clean install vs. upgrade

When migrating to Windows 10, IT must decide whether to perform an upgrade install or clean install. The benefits of one are the weaknesses of the other.

http://www.wservernews.com/go/0kufbps5/


Cloud-hosted apps catching on to meet user demand

With the ever-increasing popularity of cloud computing, organizations are also considering streaming their applications. Several cloud-hosted app services can help.

http://www.wservernews.com/go/ts12mpi2/

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Real Life Trick Shots - Part 2 - Dude Perfect

The guys from Dude Perfect, a Texas-based trick shot group, are back with another impressive round of trick shots involving household objects and everyday tasks:

http://www.wservernews.com/go/bjv3tayz/


Cycling Is Awesome

A compilation of some of the best cycling videos, from downhill mountain bike to street BMX, road bike tricks, street trials skills and more:

http://www.wservernews.com/go/m54w9uu7/


Snow Plowing Trains

An awesome compilation of powerful, speedy and fearless locomotives riding through the snow:

http://www.wservernews.com/go/7hmqe5xh/


French Bulldog And His Owner Perform Duet Of Rihanna's 'Diamonds'

Singing french bulldog and his human perform a duet of the Rihanna song 'Diamonds' in the car:

http://www.wservernews.com/go/fe3ru05o/

 

WServerNews - Product of the Week

Free Tool for Monitoring Exchange Server Status & Performance 

Image

SolarWinds® Exchange Monitor is a free tool that allows users to monitor Microsoft® Exchange™ Server 2013 and 2016. Get basic information about the server’s metrics, services, and database availability group (DAG) status. Add as many Exchange Servers as you wish. Simply click the “Add Server” button and fill IP address/domain name and credentials.

Download Free Tool

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his  outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.