Pure /run
We understand block based storage arrays are not affected by this however, no questions were asked about Pure's /run environment...and no answers were volunteered.
Several SAN suppliers have said their systems don't need patching against the Spectre and Meltdown bugs. We asked Dell and Pure Storage about the impact of fixes and whether their SANs and Dell's hyperconverged (HCI) systems needed patching. El Reg: Do you agree that on-premises external SANs and filers that only run their …
And that only matters if you're running benchmark tests as opposed to what actually happens for I/O in the real world. Each individual I/O will be affected by this. Yes, overall throughput and IOPs will be unaffected if there is plenty of CPU overhead, but you're going to take a hit on latency. How relevant that is depends on the individual application and the effect that latency has on that application.
"Current known exploits of Meltdown and Spectre require running crafted code on the CPU being attacked"...."Virtual appliance installs of some software will require associated VMs and their hypervisors to be patched"
Just curious but if this affects hypervisors running third party code, wouldn't that apply to features like "Purity Run" or is there some additional security in place to mitigate this ?
I'm not an expert in Pure but it seems like it's a hypervisor and you can run your own code in a VM. So you will either need to patch the VM and lock down who can implement VMs, or you will need to patch the hypervisor kernel. If this is the same kernel that runs the Pure code then you will take a performance hit.
Anyone from Pure care to counter this/explain?
This may be updated, but Pure's current standing is that "Purity Run allows customers to run applications provided by PureStorage on the FlashArray." Presumably these trusted applications do not include Spectre/Meltdown exploits.
https://support.purestorage.com/Field_Bulletins/The_Meltdown_and_Spectre_CPU_Vulnerabilities
"Pure is continuing to investigate the risk of any potential impact to FlashArrays using Purity Run. Purity Run allows customers to run applications provided by PureStorage on the FlashArray. Purity Run is a feature which can only be enabled with specific request from the customer to Pure Customer Support. Pure Customer Support will proactively reach out to every Pure customer using Purity Run. On FlashArrays with Purity Run enabled, the administrator should continue their usual practice of ensuring that only trusted code is executed in the Purity Run VM, and that access controls and patches are properly maintained."