Meltdown Prevention Program helps IT organizations restore both security and performance
For IT organizations evaluating the impact of Meltdown patches and the benefits of kernel bypass technology, Solarflare introduced the Meltdown Prevention Program designed to make the evaluation of Linux Meltdown patches simple and cost effective. Through the Meltdown Prevention Program, Solarflare is providing free XtremeScale 8522 NICs for evaluation, free ScaleOut Onload software for evaluation, and free patch test support. IT organizations can then purchase XtremeScale 8522 NICs with ScaleOut Onload for only $199. IT pros and channel partners are invited to request evaluation products and test support by emailing firstname.lastname@example.org.
“Our XtremeScale NICs with Onload kernel bypass software have a proven track record of accelerating Linux-based application performance by reducing kernel IO,” said Ahmet Houssein, Vice President of Marketing at Solarflare. “Now we stand alongside our Linux ecosystem partners, ready to assist the IT community in closing their vulnerability window to Meltdown attacks, with evaluation products and test support.”
Problem #1: Server Processors are Vulnerable to Meltdown Attacks
When executing user-space applications, Linux keeps its entire kernel memory mapped in page tables protected from access. The advantage is that when the application makes a system call into the kernel or an interrupt is received, kernel page tables are always present, so most context switching-related overhead such as TLB flush, and page-table swapping can be avoided. Recently it was found that both contents of memory mappings and kernel memory could be leaked with Intel x86 and Arm CPUs under a Meltdown attack. A major hit on server security.
Problem #2: Linux Patches for Meltdown Impact Performance
Kernel page-table isolation is a Linux kernel feature that mitigates the Meltdown security vulnerability by isolating user space and kernel space memory. However, it was reported by The Register the hit on performance ranged from 5% to 30% depending on the workload.
The Solution: Solarflare XtremeScale NICs + Onload Kernel Bypass Software
Solarflare Onload and ScaleOut kernel bypass software together with Solarflare XtremeScale adapters reduces kernel calls. Testing by Red Hat showed the impact of a patch deployed with Onload kernel bypass was less than 2%. IT pros can now deploy Meltdown patches and restore both the security and performance for their servers.
Solarflare is pioneering server connectivity for neural-class networks. From silicon to firmware to software, Solarflare provides a comprehensive, integrated set of technologies for distributed, ultra-scale, software-defined datacenters.
All product and company names herein may be trademarks of their registered owners.